Slashdot Mirror
Intel Announces Atom E3900 Series - Goldmont for the Internet of Things (anandtech.com)
Intel has announced the Atom E3900 series. Based upon the company's latest generation Goldmont Atom CPU core, the E3900 series will be Intel's most serious and dedicated project yet for the IoT market. AnandTech adds: So what does an IoT-centric Atom look like? By and large, it's Broxton and more. At its core we're looking at 2 or 4 Goldmont CPU cores, paired with 12 or 18 EU configurations of Intel's Gen9 iGPU. However this is where the similarities stop. Once we get past the CPU and GPU, Intel has added new features specifically for IoT in some areas, and in other areas they've gone and reworked the design entirely to meet specific physical and technical needs of the IoT market. The big changes here are focused on security, determinism, and networking. Security is self-evident: Intel's customers need to be able to build devices that will go out into the field and be hardened against attackers. Bits and pieces of this are inerieted from Intel's existing Trusted Execution Technology, while other pieces, such as boot time measuring, are new. The latter is particularly interesting, as Intel is measuring the boot time of a system as a canary for if it's been compromised. If the boot time suddenly and unexpectedly changes, then there's a good chance the firmware and/or OS has been replaced.
That's damn hungry for IoT...
Meanwhile, ARM announces Cortex M23 potentially capable on running purely on harvested energy alone apparently.
"I bless every day that I continue to live, for every day is pure profit."
Of course. There is also ways to create secure devices in the first place. Unfortunately neither is a selling point, manufacturers of those devices are not held responsible for the damage their insecure and impossible to secure devices cause so you won't get it.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Intel doesn't understand what businesses want: inexpensive parts.
Intel doesn't understand what hobbyists want: inexpensive parts that don't need NDAs.
Intel doesn't understand what the world doesn't need: more power hungry x86 platforms.
Intel doesn't understand that we don't need them.
Anons need not reply. Questions end with a question mark.
I wonder how useful having the time it takes to boot be a measurement if a ROM is compromised or not.
You mean system, not ROM. ROM cannot be compromised unless physically replaced, as it by definition is read-only.
And all this will do is make any startup commands for malware run detached with a delay. That's child's play.
But, as you allude to, it will likely lead to lots of false positives, as startup can depend on not only things like file system checks, but external factors like SSID broadcast frequency, DHCP response time, and various other factors.
s/ROM/firmware/g. In any case, a lot of malware remains in RAM. Yes, a reboot will fix it, but it can likely be added again, especially if compromised devices scan each other and re-compromise devices that were rebooted, but still vulnerable. Protecting the boot sequence does help, as firmware reflashes can be nasty and impossible to get rid of. However, what is needed is some thought is perhaps looking at a hypervisor and limiting what each machine/container has access to. For example, one container might do video encoding and may not need to have a connection to the NIC, other than what gets passed to a special firewall container.
Of course, the best thing is using Z-Wave or another protocol, having devices use a hardened hub (or hubs for redundancy's sake) and never be accessible to the Internet.