back to article Inside Qualcomm's Snapdragon 845 for PCs, mobes: Cortex-A75s, fat caches, vector math, security stuff, and more

Qualcomm's flagship Snapdragon 845 system-on-chip will include an isolated security core for handling sensitive personal information, among other new features. The California chip designer showed off its upcoming 845 component at a tech summit in Hawaii on Wednesday, promising the silicon will power 2018's high-end Android …

  1. Voland's right hand Silver badge

    The more mystery there is surrounding its mechanisms, the less information is out there for hackers to exploit, is their thinking.

    Security through obscurity. Works fantastic you know, especially in a management component/trust zone anchor. Just look how well did it work for Intel vPro.

    1. kuiash

      Obscurity Optional (but fails)

      Check this guy - he pulls apart the x86 instruction set from the inside out. Really lovely technique, well thought out. Eventually he finds stuff that can kill a CPU stone dead. Nice! Well worth 45 minutes of time. Gotta say, my inner nerd is envious I didn't get to do this job!

      https://www.youtube.com/watch?v=KrksBdWcZgQ

      1. Anonymous Coward
        Anonymous Coward

        Re: Obscurity Optional (but fails)

        Dear oh Lor - that is one clever guy. I loved the page fault technique, that was *really* impressive thinking.

    2. Dr. Mouse

      I agree, security through obscurity is not security. It's like hiding your cash under the mattress.

      It is, however, a potential delaying tactic and can work well when paired with good security practices throughout. If few specifics are released, it could add a large time buffer between release and hackers finding an attack vector. If the underlying system is very secure, too, the system could well be past it's expected lifespan before an attack is formed.

      It's pretty much like having a hidden safe: Before anyone can even try to break in to it, they have to find it.

      That said, there's also the flip side. If details are released, white hats have a better chance of finding any holes before black hats do, which would allow Qually to fix them before an attack is available for use.

      1. Anonymous Coward
        Anonymous Coward

        "It's like hiding your cash under the mattress."

        Shirley you mean "hiding your cache under the mattress"...

      2. eldakka

        It's pretty much like having a hidden safe: Before anyone can even try to break in to it, they have to find it.

        Having a hidden safe and telling people you have a hidden safe filled with goodies inside your house defeats the point of having a hidden safe. The primary 'obfuscation' in this case is not letting people know you even have one.

        However letting people know you have a safe worth looking for, and a narrow search zone - your house - to find it in has just blown 80% of the security - obfuscation - you are depending on.

        Letting people know this secure processor exists is the same as letting people know you have a hidden safe. At this point you can no longer rely on obfuscation, you have to rely on the strength of the security - quality of the manufacture, strength of the walls, hinges, door, locking mechanism, unlocking mechanism. Therefore once the cat is out of the bag about the secure processor, there will be people actively trying to break it, therefore you now must rely on the strength of the security on the processor - no bugs in its firmware, no programmatic attack vectors from the main processors or I/O (can you access it via the USB port? If it's firmware is upgrade-able there must be some I/O channel that has access to it).

        As a poster above stated, look how well relying on obfuscation - once it was known such a thing existed - worked for Intel.

        1. Charles 9

          According to the article, the secure processor is a black box to the VPU and vice versa. They don't even use the same physical memory, talking only through a single interface. If you can pwn a secure processor through a single interface port, you can probably pwn ANYTHING.

      3. Missing Semicolon Silver badge
        FAIL

        Delay is bad

        ... so lets say it takes 2 years to crack the secure CPU.

        You now have millions of devices in the field, all vulnerable, and probably unpatchable. And we thought unpached landfill Android was bad....

    3. John H Woods Silver badge

      Security through obscurity

      Come on, Kerckhoff didn't get round to that principle until the late 19th century, you have to wait a while for these things to filter through to the latest technology

  2. James 51

    It's a nice problem to have but there is always something more powerful or cheaper just around the corner. When are the Snapdragon 855 powered phones and laptops coming?

    1. Dave 126 Silver badge

      For sure, there's always something faster around the corner. However, the processing requirements of user's evolving tasks over time isn't necessarily linear.

      1. James 51

        No, but the processing requirements for the OS and many programs seem to expand exponentially.

        A bit of a segway but it does put Samsung getting full fat linux running on the S8 and Note8 into perspective. Maybe the S9 and Note9 with the 845 will boot into Android, Windows or Linux.

        1. Dave 126 Silver badge

          The issue is in part binary blob drivers from Qualcomm and other device manufacturers meeting the open source community's ethos.

  3. Christian Berger

    Yay, yet another "secret" processor...

    ... running code from the people you trust the least, the CPU-vendor and the hardware vendor.

    What could possibly go wrong? :)

    1. Anonymous Coward
      Anonymous Coward

      Re: Yay, yet another "secret" processor...

      Advantage Apple in a way I suppose then - the CPU vendor, hardware and OS vendor are all the same company so you only have to trust (or stay awake at night worrying about) one instead of three!

  4. Anonymous Coward
    Anonymous Coward

    I'm just not interested in CPUs/GPUs/chipsets that have MEs or "security features" that we have no access to. Patents and copy right exist to protect manufacturers ideas. They don't have to open source this software/firmware, although that would be great, but the software/firmware that makes it work should be available to the purchaser of said equipment to download, review, and compile if necessary.

  5. Christian Berger

    Maybe it's time for a kickstarter campain...

    ... to design and build a simple SoC without any of the crap everyone hates.

    Probably a RISC V architecture/instruction set, as that is free, then add a simple GPU, perhaps with some limited CPU cores to do accelerated graphics.

    It wouldn't be the fastest SoC out there, but it could easily be the most secure one by miles.

    1. Dave 126 Silver badge

      Re: Maybe it's time for a kickstarter campain...

      It likely wouldn't be very cheap or power-efficient, either. The development costs would be non-trivial, shared amongst a not-massive customer base. You would still want to audit the results - again, not a casual undertaking - so you might be better off with an existing SoC and auditing that. Also, your target market might ask themselves if they really need good graphics in their secure comms gadget. In the above steps, there is scope for human OpSec to be compromised or deliberately infiltrated - formal verification is possible for code but not human groups.

      Organisations wanting security seem to be happy enough with Blackberry software running on iPhones.

    2. Anonymous Coward
      Anonymous Coward

      Re: Maybe it's time for a kickstarter campain...

      There was a crowdfunding campaign last year for an ATX motherboard for IBM POWER8 processors.

      On the other side of the spectrum are Chrombooks with ARM processors and a GPU which potentially can have Free software drivers, such as the Mali-T, and the reverse engineering efforts that could go into that. See: ASUS C201.

    3. Martin an gof Silver badge

      Re: Maybe it's time for a kickstarter campain...

      ... to design and build a simple SoC without any of the crap everyone hates.

      Isn't that the sort of thing you could do on an FPGA these days? Might make development easier, though it won't do anything for the speed :-)

      M.

      1. Charles 9

        Re: Maybe it's time for a kickstarter campain...

        Not to mention power efficiency, which is a make-or-break issue with portable applications.

  6. Chz

    A75 sounds nice and all...

    ...but I'm really interested to see how A55 pans out. It's the first update to the "slow" cores in quite a long while. Given that cheaper devices will undoubtedly be using all-A55 SoCs, the performance will set a new standard for what to expect.

  7. Charlie Clark Silver badge

    Impressive package

    The 845's Spectra 280 image signal processor can capture Ultra HD Premium video: 4K resolution video at 60 frames per second, with 10bit-per-RGB-color and the Rec.2020 color gamut.

    And that's just the GPU of a tiny chip that runs without a fan.

    1. Dave 126 Silver badge

      Re: Impressive package

      Yeah, a possible bottleneck is actually NAND storage - it's far faster in some devices than in others.

    2. Anonymous Coward
      Anonymous Coward

      Re: Impressive package

      "And that's just the GPU of a tiny chip that runs without a fan."

      What I would like to see with these things is a year number - the year in which the world's fastest supercomputer had about the same processing power.

      Made difficult because nowadays these things have enormous numbers of CPUs, but a rough estimate in teraflops might be interesting.

  8. Tom 7

    RaspberryPi 4?

    with as much cream as you want! And custard too.

    And if Eben doesnt I hope someone else will - this would make a great maker device - RT music effects and everything!

    1. Dave 126 Silver badge

      Re: RaspberryPi 4?

      The Raspberry Pi's went with a SoC vendor who was happy to provide them with open source drivers, IIRC.

      1. Charlie Clark Silver badge

        Re: RaspberryPi 4?

        who was happy to provide them with open source drivers, IIRC.

        Doesn't sound like Broadcom (and that was before Silver Lake got involved). I thought that you had to register to download some of the codecs?

        1. HmmmYes

          Re: RaspberryPi 4?

          They didnt.

          Broadcom drivers were a binary blob.

        2. Charles 9

          Re: RaspberryPi 4?

          That's due to MPEG-LA who hold MPEG-related patents.

          1. LaeMing

            Re: RaspberryPi 4?

            When the SOC for the Pi was chosen, it was all binary blobs on the GPU side. Broadcom later opened everything up under user pressure and full kudos to them for doing so.

      2. Martin an gof Silver badge

        Re: RaspberryPi 4?

        The Raspberry Pi's went with a SoC vendor who was happy to provide them with open source drivers, IIRC.

        No, they went with a SoC vendor with whom they already had a "good relationship" (Eben and Pete Lomas(?) worked for Broadcom) and who was willing to supply them with 10,000 of last-year's devices at pretty much bare-bones costs.

        M.

  9. mark l 2 Silver badge

    Without details on what prices we can expect devices containing this chip will retail at compared to a similar specification ones with Intel or AMD CPUs so it hard to judge if i would want one yet.

    If the prices are significantly lower and the battery life much better then i would sacrifice some performance when running X86 code for the price/power consumption benefits. Well as long as i can install Linux on it and dual boot.

    1. Dave 126 Silver badge

      It's hard to tell without knowing your workload. My background is in mechanical CAD which once would have required quite a bit of grunt, but a lot of that functionality is available through a browser these days - and some jobs being far faster (rent a lot of cloud cores for a few minutes for a render job. Done locally, it'll take a while, slow my PC and drain the battery). If these ARM machines take off, then there'll be more incentive for 3rd party software Devs to create ARM compatible applications.

      1. Anonymous Coward
        Anonymous Coward

        Doesn't that also involve a lot of bandwidth, though, plus the matter of trust that no one will snoop on potential trade secrets?

  10. Anonymous Coward
    Windows

    Nice

    I foresee a Windows 10 device using an 845 in my shopping basket sometime in 2018 after Windows 2016 has been compiled for native ARM.

  11. Anonymous Coward
    Anonymous Coward

    Qualcomm Snapdragons for PCs?

    If using ARM instead of good old Intel/AMD chips entails getting locked to a walled garden (Windows 10S and the Microsoft Store), then I want no part of it.

    If the OS vendor becomes the sole distributor and gatekeeper of what you can install, it really isn't a PC anymore, is it?

  12. This post has been deleted by its author

  13. Missing Semicolon Silver badge
    Unhappy

    What a shame

    We should rejoice that perhaps the arm-lock that Intel has on the PC market might actually be loosened. However, it's Qualcomm.

    Oh.

    1. Charles 9

      Re: What a shame

      Call me when it can run Crysis at 1080p @ 60fps. THEN we can say it's caught up properly.

  14. the Jim bloke

    Specialist processor for fingerprint and facial security

    .. something that gets left all over fridges, desks, glasses, or posted onto facebook etc...

    its the old "10 inch steel bank vault door on the front of a soggy cardboard box" security strategy. Again.

    1. Charles 9

      Re: Specialist processor for fingerprint and facial security

      AGAIN, do you have any better ideas for people who can't remember a safe combination to save their lives?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like