Arm starts pulling security extensions into processor cores

Months after launching the first version of a core aimed at mobile devices, Arm has built a version aimed at larger tablets and laptops that incorporate one of the security extensions, among others, the company is rolling into its upcoming generation of higher-end processors.

Stefan Rosinger, director of CPU product management at Arm, said at the Linley Fall Processor Conference: "We've introduced the Cortex-A78C to specifically address new needs such as large screen compute as well as other on-the-go-device form factors. We are now seeing target markets where more big cores are needed."

The Cortex-A78C has been given a larger level three cache of up to 8Mbyte in addition to a boosted Dynamiq Shared Unit (DSU), which manages the memory interface, that can handle eight of the cores in a homogeneous array. Previously, the Cortex-A78 was designed for big-little configurations with the A55 that could support up to four of the A78s.

Pointer checks

The other architectural change is support for pointer authentication, which based on the v8.3A specification and has been found so far in the A12 processor designed by Apple for its phones and tablets. The version of pointer authentication used in the A78C makes some changes to the original form that were in the v8.6A architectural specification.

The idea behind pointer authentication is to reduce the ability of hackers to divert program execution through exploits such as buffer overflows. One common attack is return-oriented programming (ROP) where the overflow overwrites data on the stack and, in doing so, changes the return address used by a victim process's function call. This diverts to code planted by the hacker. Jump-oriented programming (JOP) is an extended form developed to avoid protections that some operating systems and libraries employ.

"Pointer authentication notifies the CPU as soon as there is a change of a pointer within the system," said Rosinger. "It can reduce attack likelihood by 60 per cent for ROP and 40 per cent JOP attacks."

Pointer authentication works by creating a hashed value in unused bits of system keys and the address used if the pointer is first assigned using an instruction defined for the purpose. The technique takes advantage of the 64bit length of the registers in the A78C. If the pointer address changes, the processor will detect the mismatch when one of the instructions defined in specifications are used to check it. One of the main changes made with v8.6 was to have a fault generated as soon as the check fails rather than have the address tagged so that the fault is triggered when the address is used in a load or store instruction.

Memory tags

In the forthcoming Matterhorn and Makalu processors, which follow the Cortex-X1, the high-end core that is coupled to the A78 when the latter is used as a “little” in a heterogeneous configuration, Arm will add further extensions for memory protection.

Speaking at the Arm DevSummit earlier in October, general manager of the client business unit Paul Williamson said: "We can only succeed with continued progress in security. Memory-tagging extensions will tighten the security vulnerabilities that occur in memory subsystems and make the detection of memory-safety violations easier and more effective."

Arm has already worked with compiler writers and operating system designers to work with MTE. Williamson said the work is, for example, aligned with the tagged pointers announced in Android 11. Going beyond the authentication used on the A78C, the extensions add tags to a wider range of pointers that allow checks on memory that is used after it has supposed to have been freed or which has not been initialized correctly. Although the tags are just 4bit wide, they should improve the ability of programmers to identify potential vulnerabilities in their code.