Qualcomm adds security to the Snapdragon 845 with a new core

Security Processing Unit is not what most think it is

Qualcomm Snapdragon logoOne thing many people don’t understand is the new SPU or Secure Processing Unit in Qualcomm’s Snapdragon 845 SoC. SemiAccurate has dug up a lot of info on this block but for obvious reasons, Qualcomm wouldn’t go into details about how many of the things were done.

Probably the most interesting addition to the Snapdragon 845 is the new Secure Processing Unit (SPU). We first have to point out that this is a co-processor for security, not an Intel ME like system controller like some suggest. The two units have nothing in common, the SPU is just there to do crypto, authentication, and related tasks, it controls nothing other than itself. The only way it can talk to the system is through a secure mailbox interface and does not have squid-like tendrils into the things you fear most. It is benign unless you are a hacker.

The SPU is a heavily modified ARM SC300 secure core. Part of those mods are the extra bits put into the CPUs to support security, you also need the security side to see them as well. Physically speaking the SPU is connected directly to three units with it’s own bus and own wires, nothing shared. Those links go to the modem, DSP, and Trustzone controller, and each one supports a use case enabled in the 845.

On the DSP side it is used for biometric authentication, the DSP crunches the picture or sensor reading and the result is likely sent directly to the SPU. This way the secure information never has to leave the SPU and all important data, probably the post-DSP hashes, only travels across a dedicated secure bus. The modem side is obvious too, think eSIM and related products that are pretty touchy about security standards. Over the next year this will be very important, really. Trustzone is a pretty obvious connection too, any user or system keys need to work through that, or should, and with the SPU the chances of key snooping are minimized if they never have to leave the block doing the authentication.

One nice thing about the SPU is that it has it’s own CPU, several in fact, plus memory and storage. It can generate keys, store keys, and run some algorithms like biometric identification and voice recognition. It isn’t a full blown A-class CPU, think more beefy microcontrollers, but it has enough power to get the job done. It won’t crunch a high-rez 3D face scan to a hash but will take said hash, compare it to the trained data, and pass a token back securely.

One nice feature is that it can generate keys in conjunction with an outside source, a critical feature in things like corporate VM provisioning and secure data use. Most users don’t care about this, corporations do and more importantly ecommerce vendors think it is critical. It won’t be long before payment processors mandate something like an SPU before they let you use their payment system, we are already seeing strong hints of that in Asia. One other note, having an SPU-like core isn’t the same as having one implemented right and the ecommerce ecosystem is more than savvy enough to differentiate between the two.

At the moment the SPU supports Gatekeeper and Keymaster is said to be coming soon. One day Microsoft’s bitlocker is gong to join the fray but that isn’t very near term from the sound of things, SemiAccurate code names this company Gozer. With the advent of the Snapdragon 835 based PCs, the SPU brings up an interesting point. Every OS out there bar one has layered security which the 845 and SPU support. If you get hacked you almost always end up with low user privileges thanks to this layered model. Microsoft OSes have one security layer, if you find a pinhole in say a .JPG decoder, chances are you own the box. How this will be integrated with Microsoft’s utter lack of security is an open question, glad I don’t have to implement it.

As you would expect the SPU has anti-replay features, a must for any modern security setup. SemiAccurate asked but Qualcomm would not go into detail here, just reiterating the generalized anti-replay methodologies. If you are unaware they include being on it’s own power island to prevent snooping, electrical glitch detection, sensors to detect decapping, and a whole lot of software watchdogs. In short it should be secure enough to make it not worth attacking a device under anything but extreme situations.

So in the end what Qualcomm added is a little block with some CPU power, memory, storage, and a whole lot of crypto accelerators. It has it’s own direct secure paths to the units it connects to and doesn’t need to send anything security related over the main bus. For some reason it also meets the needs of most upcoming ecommerce and corporate security wish lists. What it isn’t is an Intel ME-like squid, instead it just does one job and does it well.S|A

The following two tabs change content below.

Charlie Demerjian

Roving engine of chaos and snide remarks at SemiAccurate
Charlie Demerjian is the founder of Stone Arch Networking Services and SemiAccurate.com. SemiAccurate.com is a technology news site; addressing hardware design, software selection, customization, securing and maintenance, with over one million views per month. He is a technologist and analyst specializing in semiconductors, system and network architecture. As head writer of SemiAccurate.com, he regularly advises writers, analysts, and industry executives on technical matters and long lead industry trends. Charlie is also a council member with Gerson Lehman Group. FullyAccurate