ARM announced today a comprehensive suite of solutions for IoT support, from IP optimized for applications in this space all the way to cloud-based support to manage edge devices in the field. Their motivation is to provide a faster path to secure IoT, from the chip to the cloud. One especially interesting component of this solution is a cloud-based software-as-a-service (SaaS) to manage, provision and update edge devices through a common platform. Simply put, ARM’s offering is about how little you now have to build or integrate yourself to get an end-to-end secure IoT solution up and running.
Before we go to the cloud, let’s start with what ARM is doing for edge nodes. First, they have introduced two new microcontroller cores: Cortex-M33 and Cortex-M23. These cores build on the ARMv8-M architecture and are the first in the Cortex-M family with TrustZone built-in. The M33 provides a lot of flexibility, with DSP and FPU on board and with a co-processor interface, yet is 80% smaller than the Cortex-A5. ARM anticipates that this platform will become the mainstream MPU for secure embedded. The M23 is 75% smaller still and 50% more energy efficient. To give an idea how low power this can be, think about pulling an insulin pen out of a holder. Sufficient kinetic energy can be harvested from this action to support battery-free operation.
TrustZone architecture, now available in these new M-class cores, provides similar capabilities to those available in other families. A Corelink SIE-200 fabric connects the processor to peripherals, mediating secure-world versus normal-world access under control of the processor which itself transparently time-slices between the two worlds with no need for programmer intervention. You get secure operation without needing an extra security CPU.
Cryptocell-312 adds the security resources required to build a trusted execution environment (TEE), through faster and lower-power cryptography performance. It also offers symmetric and asymmetric ciphers, hashing and random number generation, lifecycle management and root-of-trust controls, along with many more features. And it’s configurable so you can dial area and power down to address just what you need in your solution.
Another very important aspect supported in this series is secure debug. Cryptocell allows you to define and control a debug policy allowing differing levels of debug access in manufacturing, to the OEM and (per OEM grants) to field-deployment and maintenance teams.
Then there’s the Cordio radio. The latest release supports both Bluetooth 5 and 802.15.4 for ZigBee and Thread, covering the most popular choices for IoT. You can get the radio as a hard macro in TSMC 40LP/ULP or 55LP/ULP processes or in UMC 55ULP, or you can use the link-layer controller RTL and stack with a 3[SUP]rd[/SUP]-party radio front-end and process of your choosing. You can also have both Bluetooth and 802.15.4 in one Cordio-C50 macro with a modest increase in area and you can dynamically switch between modes. ARM mentioned that it was also feasible to operate Cordio on harvested energy, where appropriate.
ARM also offers all of this together in the pre-packaged Corelink SSE-200 subsystem: an ARMv8-M core, CryptoCell 312, the Cordio radio, memories and peripherals, all tied together with the CoreLink fabric and built on top of the Artisan IoT physical IP optimized to a low-power IoT use-model and targeted to the TSMC 40nm ultra-low-power process. That subsystem gets you a fast, low-power, secure and low-risk solution ready-made, allowing you to focus on adding your own special sauce.
Which brings me finally to mbed Cloud. A high security edge device isn’t very useful unless you also secure cloud-based management of those devices. Now think about trying to integrate a mix and match solution between multiple providers of devices and cloud access. I have a hard time imagining how you could avoid deploying a solution with security holes and power-wasting communication bugs. Third-party applications still have a role, but sitting on top of a secure, low-power foundation managed by one provider. ARM’s extension to provide the cloud part of this foundation through a SaaS solution is a new departure of course, but it seems to me unavoidable given security demands.
mbed Cloud has four major objectives: to be multi-cloud capable, to cover any device (not just ARM-based systems), to be very energy-efficient in management of devices and to secure every transaction. ARM acknowledge they are going to have to fold into legacy networks – devices, OSes, gateways and more, so the management solution has to span all of these. For connectivity mbed Cloud will communicate through CoAP, also OMA LWM2M, for provisioning it will take care of injecting security assets into a device and will manage access rights through the device lifecycle. And it provides fail-safe and secure update through broadcast and mesh-friendly packages.
Together with Mbed OS 5.2, mbed Cloud 1.0 has been announced at ARM TechCon 2016. The solution is already open to a number of lead partners in smart factory, industrial IoT, asset tracking and healthcare applications. ARM expects the release to be more broadly available in Q1 of 2017. The business model for cloud support apparently will be similar to other SaaS models – an OEM subscribes to just the features they use. You can learn more about ARM IoT solutions HERE.