SUMMER 2018 VOLUME 16 | 2 EMBEDDED-COMPUTING.COM
IOT INSIDER My Top Embedded Innovator PG 5 MUSINGS OF A MAKERPRO Raspberry Pi and Cottage DIY Gaming PG 6
2018 Top Embedded Innovators pG 23
Jason Kridner Co-Founder BeagleBoard.org 2018
PRODUCT nominees START ON PG 26
INNOVATION AWARDS
Allison Clift-Jennings Co-Founder and CEO Filament
Dan Cauchy Executive Director Automotive Grade Linux
Development Kit Selector
www.embedded-computing.com/ designs/iot_dev_kits
AD LIST PAGE ADVERTISER 9
32
ACCES I/O Products, Inc. – PCI Express Mini Card and mPCIe Embedded I/O Solutions American Portwell Technology – Empowering the Connected World
EMBEDDED COMPUTING EDITORIAL DIRECTOR Curt Schwaderer cschwaderer@opensystemsmedia.com
1 Digikey – Development Kit Selector
15 Electronica – Meet the world, shape the future
21
Sealevel Systems, Inc. – Push the Edge
WinSystems, Inc. – Embed Success in Every Application
3
EMBEDDED COMPUTING BRAND DIRECTOR Rich Nass rnass@opensystemsmedia.com
TECHNOLOGY EDITOR Brandon Lewis blewis@opensystemsmedia.com CONTENT ASSISTANT Jamie Leland jleland@opensystemsmedia.com AUTOMOTIVE CONTRIBUTOR Majeed Ahmed CONTRIBUTING EDITOR Jeremy S. Cook DIRECTOR OF E-CAST LEAD GENERATION AND AUDIENCE ENGAGEMENT Joy Gilmore jgilmore@opensystemsmedia.com ONLINE EVENTS SPECIALIST Sam Vukobratovich svukobratovich@opensystemsmedia.com CREATIVE DIRECTOR Steph Sweet ssweet@opensystemsmedia.com SENIOR WEB DEVELOPER Aaron Ganschow aganschow@opensystemsmedia.com WEB DEVELOPER Paul Nelson pnelson@opensystemsmedia.com CONTRIBUTING DESIGNER Joann Toth jtoth@opensystemsmedia.com EMAIL MARKETING SPECIALIST Drew Kaufman dkaufman@opensystemsmedia.com
SALES/MARKETING
SOCIAL
Facebook.com/Embedded.Computing.Design
@Embedded_comp
LinkedIn.com/in/EmbeddedComputing
SALES MANAGER Tom Varcie tvarcie@opensystemsmedia.com (586) 415-6500
MARKETING MANAGER Eric Henry ehenry@opensystemsmedia.com (541) 760-5361 STRATEGIC ACCOUNT MANAGER Rebecca Barker rbarker@opensystemsmedia.com (281) 724-8021 STRATEGIC ACCOUNT MANAGER Bill Barron bbarron@opensystemsmedia.com (516) 376-9838 STRATEGIC ACCOUNT MANAGER Kathleen Wackowski kwackowski@opensystemsmedia.com (978) 888-7367 SOUTHERN CAL REGIONAL SALES MANAGER Len Pettek lpettek@opensystemsmedia.com (805) 231-9582 SOUTHWEST REGIONAL SALES MANAGER Barbara Quinlan bquinlan@opensystemsmedia.com (480) 236-8818 NORTHERN CAL STRATEGIC ACCOUNT MANAGER Sean Raman sraman@opensystemsmedia.com (510) 378-8288
ASIA-PACIFIC SALES ACCOUNT MANAGER Helen Lai helen@twoway-com.com
BUSINESS DEVELOPMENT EUROPE Rory Dear rdear@opensystemsmedia.com +44 (0)7921337498
Pinterest.com/Embedded_Design/
Instagram.com/Embedded Computing
WWW.OPENSYSTEMSMEDIA.COM
EXECUTIVE VICE PRESIDENT John McHale jmchale@opensystemsmedia.com
EXECUTIVE VICE PRESIDENT Rich Nass rnass@opensystemsmedia.com
youtube.com/user/VideoOpenSystems
EMBEDDED COMPUTING DESIGN ADVISORY BOARD Ian Ferguson, ARM Jack Ganssle, Ganssle Group Bill Gatliff, Independent Consultant Andrew Girson, Barr Group David Kleidermacher, BlackBerry Jean LaBrosse, Silicon Labs Scot Morrison, Mentor Graphics Rob Oshana, NXP Kamran Shah, Silicon Labs
2
PRESIDENT Patrick Hopper phopper@opensystemsmedia.com
CHIEF FINANCIAL OFFICER Rosemary Kristoff rkristoff@opensystemsmedia.com GROUP EDITORIAL DIRECTOR John McHale jmchale@opensystemsmedia.com VITA EDITORIAL DIRECTOR Jerry Gipper jgipper@opensystemsmedia.com TECHNOLOGY EDITOR Mariana Iriarte miriarte@opensystemsmedia.com ASSISTANT MANAGING EDITOR Lisa Daigle ldaigle@opensystemsmedia.com SENIOR EDITOR Sally Cole scole@opensystemsmedia.com
CREATIVE PROJECTS Chris Rassiccia crassiccia@opensystemsmedia.com
FINANCIAL ASSISTANT Emily Verhoeks everhoeks@opensystemsmedia.com
SUBSCRIPTION MANAGER subscriptions@opensystemsmedia.com CORPORATE OFFICE 1505 N. Hayden Rd. #105 • Scottsdale, AZ 85257 • Tel: (480) 967-5581
REPRINTS WRIGHT’S MEDIA REPRINT COORDINATOR Wyndell Hamilton whamilton@wrightsmedia.com (281) 419-5725
Embedded Computing Design | Summer 2018
www.embedded-computing.com
EMPOWERING IIOT
Embed Success in Every Application WinSystems’ embedded single board computers are designed to support a broad range of industry applications in challenging operational environments, from energy and transportation management, to industrial IoT and automation. Our industrial embedded computer solutions enable the collection, processing and transmission of real-time data requirements at the heart of your overall system. From standard components to full custom solutions, WinSystems delivers world-class engineering, quality and unrivaled technical support. Our full line of embedded computers, I/O cards, and accessories help you design smarter projects offering faster time to market, improved reliability, durability and longer product life cycles.
EBC-C413 EBX-compatible SBC with Latest Generation Intel® Atom™ E3800 Series Processor EPX-C414 Quad-Core Freescale i.MX 6Q Cortex A9 Industrial ARM® SBC
ENERGY
AUTOMATION
TRANSPORTATION
INDUSTRIAL IOT
TEST & MEASURE
MEDICAL
SCADA
Single Board Computers | COM Express Solutions | Power Supplies | I/O Modules | Panel PCs
817-274-7553 | www.winsystems.com ASK ABOUT OUR PRODUCT EVALUATION! 715 Stadium Drive, Arlington, Texas 76011
PX1-C415 PC/104 Form Factor SBC with PCIe/104™ OneBank™ expansion and latest generation Intel® Atom™ E3900 Series processor
QUALITY CERTIFIED
ISO 9001:2015
CONTENTS
Summer 2018 | Volume 16 | Number 2
opsy.st/ECDLinkedIn
FEATURES 8
COVER
12
RISC-V arrives By Ashley Little, DO Supply, Inc.
The 2018 Top Embedded Innovators demonstrate the reach, and impact, of embedded and IoT technology in today's world. From D.I.Y. electronics to blockchain security to software on wheels, more can be heard from this year's Innovators on pages 23-5.
10 Open-source RISC-V architecture is changing the game for IoT processors By Paddy McWilliams, CEVA
12 Open compute with RISC-V and memory fabrics By Dr. Zvonimir Bandic, Western Digital Corporation
16 A brief history of embedded
18
software development
By Colin Walls, Mentor Graphics, a Siemens Company
@embedded_comp
18 Have we forgotten what the ancients taught us in building defense systems?
2018 Top Embedded Innovator HONORABLE MENTIONS Anand Dabak Fellow and Kilby Labs Manager, Texas Instruments
By Wilfred Nilsen, Real Time Logic
22 Protecting routers and other network equipment
Hugo Fiennes Co-Founder and CEO, Electric Imp
By Seve Hanna, Trusted Computing Group
2018 Top Embedded InnovatorS 23 Jason Kridner, Co-Founder, BeagleBoard.org 24 Dan Cauchy, Executive Director, Automotive Grade Linux 25 Allison Clift-Jennings, Co-Founder and CEO, Filament 26 2018 Top INNOVATIVE PRODUCTS
Gene Frantz Co-Founder and CTO, Octavo Systems Venkat Matella Founder and CEO, Redpine Signals Robert Miller President, Technologic Systems Alessandro Piovaccari CTO and SVP of Engineering, Silicon Labs Jothy Rosenberg Co-Founder and CEO, Dover Microsystems David Smith CTO, MultiTech
COLUMNS 5
My Top Embedded Innovator
IOT INSIDER
7
By Brandon Lewis, Technology Editor
MUSINGS OF A MAKERPRO
6
Published by:
AUTOMOTIVE ANALYSIS
Automotive flash MCUs at smaller nodes boost OTA reliability By Majeed Ahmad, Automotive Contributor
Raspberry Pi helps create a cottage industry of DIY game systems By Jeremy S. Cook, Contributing Editor
2018 OpenSystems Media® © 2018 Embedded Computing Design All registered brands and trademarks within Embedded Computing Design magazine are the property of their respective owners. ISSN: Print 1542-6408 Online: 1542-6459 enviroink.indd 1
4
Embedded Computing Design | Summer 2018
10/1/08 10:44:38 AM
www.embedded-computing.com
IOT INSIDER
blewis@opensystemsmedia.com
My Top Embedded Innovator By Brandon Lewis, Technology Editor Next February I will have been working at OpenSystems Media (OSM) for eight years, and more than 25 percent of my life. It’s weird to think of life in those terms, especially when the average length of employment at a single company is 4.6 years. When I started at OSM back in 2011 the company was headquartered in Fountain Hills, AZ, just outside of Phoenix. It was in this town because two of the owners and co-founders lived there: Wayne and Rosemary Kristoff.
I was optimistic. He was on the mend. The office even pitched in on a chemotherapy care package labeled “You Got This.” Sometime over the next few weeks, Wayne suffered a setback.
Wayne was semi-retired by the time I arrived. He still kept most of the core business IT systems up and running, many of which he developed decades ago when OSM made its digital transition. Being the resident system administrator, Wayne would often drop into the office to provide tech support, monitors (somehow he always had an extra, better monitor than yours), miscellaneous foodstuffs, and catch up in general. He rode his Ducati through town so you could always hear him coming.
After the ceremony my wife and I made our way through the crowd to thank the Kristoffs for coming. Wayne said just one word, to my wife: “beautiful.” I don’t know how long he practiced saying that, or how difficult it was for him. I’ll never forget that. Ever.
Knowing me to be an avid Arizona State football fan, Wayne never missed a chance to remind me that legendary coach Frank Kush was from his native Pennsylvania. By some absurd measure he also kept up to date with high school football prospects in his home state, frequently asking if I’d heard of them. This type of chatter was common, not just with me but everyone in the office, and always tailored to the interests of others. I don’t know how he found the time for so many interests, but I think it was because Wayne was interested in people.
Wayne passed away last fall. Shortly after his passing, I visited Rosemary and their daughter, Corrie, at their home. As the night ended, Rosemary gave me a box from Wayne saying he wanted me to have it. It was his watch. I had to leave.
WAYNE KRISTOFF
To Wayne, the people at OSM were more important than the profit – an innovative thought from a small company making it in a climate of mergers, acquisitions, layoffs, and unemployment. Keep in mind that in 2011 the U.S. economy was still recovering from the Recession, which hit the publishing sector particularly hard. OSM, however, was hiring. Outside of work Wayne proved his office demeanor wasn’t put on. He had piercing blue eyes that grinned during conversation as if he knew something you didn’t. These accompanied an almost permanently cracked smile that, when hearing one of his incredible stories, made me think I was listening to a tall tale. The stories usually involved a younger Wayne, an exotic place, and some act of mischief that pushed boundaries. I still don’t know how many of them were true.
I was getting married in early May in Sedona, a town more than 100 miles north of Phoenix. While the Kristoffs had been invited, we didn’t expect them to attend. But on the day, they were there.
I keep Wayne’s watch at my desk. Every time I feel the stress tightening in my chest, I rub the metallic band, look at the time, and think back to one of my first exchanges with Wayne. When I got hired Wayne instant messaged me login credentials for some system. Being brand new, I thanked him for the password as well as the opportunity. He asked how things were going and I said, “Good. Sort of feels like home.”
In the spring of 2017 we found out Wayne had a brain tumor. The tumor impacted his motor skills, though these improved with physical therapy. It also affected the Broca’s Aphasia, part of the brain responsible for speech and articulation.
He said, “Sure does.” I immediately thought to myself what a stupid thing to say to an owner of the company. Of course it feels like home to him. It’s his company. But looking back almost eight years later, maybe Wayne, once again, knew something I didn’t.
A couple of weeks after hearing the news I visited the Kristoffs. Wayne was in good spirits, moving around and intently involved in conversation. The only inconsistency was in his response, limited to “yes” or “yeah.”
I hope that in 30 years I’m lucky enough to be a guy like Wayne. Frankly, I think we all should.
www.embedded-computing.com
Embedded Computing Design | Summer 2018
5
MUSINGS OF A MAKERPRO
www.youtube.com/c/jeremyscook
Raspberry Pi helps create a cottage industry of DIY game systems By Jeremy Cook, Engineering Consultant flavors of Game Boy or other, more exotic systems like the NeoGeo Pocket and Sinclair ZX Spectrum. If you grew up in the 80s or 90s, you were likely amazed when devices like the Nintendo Game Boy and Sega Game Gear came onto the scene, enabling you to play versions of Mario or Sonic in a nicely portable package – sometimes even in color! The idea that you could simply make one yourself didn’t even seem in the realm of possibility. Now, however, after 25 years or so since these systems’ heyday, you can build a close approximation to one using a powerful Raspberry Pi single-board computer or even its little cousin, the Pi Zero. Not only can you make these devices in whatever form factor you want, but also play games (ROMs) from a wide range of systems (Figure 1). Huge numbers of these can be stored on an SD card and allow users to experience games from the various
Nothing like this was available 30 years ago, though perhaps you heard rumors of a friend of a friend who got a cartridge with 100 games from an exchange student. Like those cartridges were of questionable legal integrity at best. The emulators and hardware that run them are not, however, and today there are homebrew games available for free if you want to keep everything entirely aboveboard. Some makers are actually selling Pi-based designs they’ve come up with. Portable examples include the Pi-based Game-O-Tron, which looks similar to a Game Gear, and the Pi Zero TinyPi, which isn’t much bigger than the Zero itself. Incidentally, the TinyPi started out as something of a joke, but has been so successful that it’s available as a crowdfunded project (Figure 2). Asnoted on the Crowd Supply page, the “TinyPi is not just limited to gaming,” and the flexibility of Raspberry Pi boards means you are only limited by your imagination. You can add your own screen, buttons, accessories, or even a 3D-printed case that you can use yourself or sell to others. So, whether or not you’re interested in wasting a several (dozen) hours working your way through all of the RPGs you couldn’t afford as a child, it’s a great illustration of just how versatile these little boards can be.
FIGURE 1 Raspberry Pi hardware for Nintendo, Genesis, NeoGeo, or Atari.
FIGURE 2 The TinyPi is a portable gaming system based on the Raspberry Pi Zero.
6
Embedded Computing Design | Summer 2018
www.embedded-computing.com
AUTOMOTIVE ANALYSIS
Automotive flash MCUs at smaller nodes boost OTA reliability By Majeed Ahmed, Automotive Contributor Flash MCUs have reached the 28 nm process, which will be instrumental in developing fuel-efficient engines and efficiently scaling electronic control units (ECUs) in next-generation green and autonomous vehicles. Flash MCUs facilitate programmable code storage, which reduces production costs and expands the scope of real-time adaptive control applications (Figure 1). Not surprisingly, therefore, automotive is the single largest user of flash MCUs – and the demand for built-in flash memory is growing due to the popularity of overthe-air (OTA) functions that wirelessly and automatically update ECU software. Renesas recently unveiled a 28 nm flash MCU, the RH850/E2x Series (Figure 2), which it claims delivers nearly three times the performance of 40 nm flash MCUs at the same power level. The new flash MCUs incorporate up to six 400 MHz CPU cores and 9,600 MIPS of processing power, while featuring up to 16 MB of built-in flash ROM. The Japanese chipmaker believes that the significant System 32 x sDMAC 128 x DTS Interrupt Controller Main OSC Internal Ring OSC PLL Clock Monitor Voltage Monitor Temperature Sensor Error Control Module (ECM) 3 x CRC 1 x Core ICU-M Nexus-JTAG LPD (4-pin) Aurora Interface
Analog
increase in processing power will boost the MCU’s control capabilities for precision automotive sensor interfaces, while the updatable ROM allows certain flash blocks to be reprogrammed during operation. The new flash MCU also offers improved serial interfaces, including up to 10 CAN FD channels and one Ethernet channel. To support safe and rapid OTA updates of ECU Software, the RH850/E2x Series boasts functional safety and other enhanced security measures. The devices incorporate a dual-core lock-step CPU structure, which guarantees calculation performed by two CPU cores are identical. This allows the flash MCUs to target ASIL-D designs, the highest level of ISO 26262 functional safety certification for automotive electronics systems. Renesas also revealed that Tier 1 supplier Denso is already using the RH850/E2x Series in automotive designs. The launch of 28 nm flash MCU shows how automotive applications are driving on-chip flash to more advanced technology nodes – and the key driver behind this move is the need for more reliable performance in extreme environments. E2 Emulator
E1 Emulator
SAR-ADC 4 x module DFE 20 channels
www.embedded-computing.com
Serial
Flash Programming Software
32-bit CPU RH850 G4MH
RH850 G4MH
RH850 G4MH
RH850 G4MH
RH850 G4MH
RH850 G4MH
400 MHz (Lock Step)
Interfaces 10 x RS-CAN FD (800 Msgs)
400 MHz (Lock Step)
8 x RLIN3 4 x RHSB
400 MHz
400 MHz
Memory 256 KB + 64KB
16 MB Code Flash
Data Flash
1664 KB CRAM
6 x 64 KB LRAM
16 KB 4-Way I-Cache
256bit x4 D-Cache
Emulation RAM
Trace RAM
(inc 128 KB Standby)
User System
Flash MCUs allow designers to select a memory area and reprogram it to modify and add features.
1 x Ethernet
400 MHz (Lock Step)
400 MHz (Lock Step)
8 x CSIH
FIGURE 2
4 x SCI3
Block diagram of Renesas’ 28 nm automotive flash MCU.
20 x RSENT 2 x FlexRay 1 x HS-SPI 1 x RHSIF
Timer
C-ADC 1 x module DS-ADC 10 x module
FIGURE 1
1 x PSI5
Advanced Timer Unit (ATU-V)
Generic Timer Module v3.1 (GTM)
2 x Encoder Timer
6 x WDT
7 x OS Timer
1 x Secure WDT
1 x PSI5-S External Bus
Embedded Computing Design | Summer 2018
7
SILICON: RISC-V
RISC-V arrives By Ashley Little, DO Supply, Inc.
Yunsup Lee, CTO at SiFive, is on a mission to disrupt chip design. “We’re trying to change the chip design experience into something like ordering pizza online,” he told the audience in his keynote presentation at the Embedded Linux Conference & Open IoT Summit last month in Portland, Oregon.
I
n SiFive’s pizzeria-esque vision, a customer visits a website and begins a template-driven process not unlike standing up a virtual environment in the cloud. First, select from a basic offering of processor cores, complete with standard peripherals already onboard. Next, stop at the marketplace and grab some third-party components. Finally, top it all off with your own value-added custom IP. Toss the whole thing in the oven, and, voila – a billion custom chips roll off the line. At the heart of this process are RISC-V processor cores. RISC-V, the open-source instruction set architecture (ISA) out of U.C. Berkeley, has been on something of a tear lately. The RISC-V Foundation roster has grown to more than 100 members, including major tech drivers like Google, NVIDIA, Qualcomm, and Samsung. RISC-V pioneer David Patterson (along with his colleague John Hennessy) was recently recognized by the Association for Computing Machinery with its prestigious A.M. Turing Award for his contributions to computer architecture design. The RISC-V project began in 2010, with its first public push coming at the 2014 HotChips Conference. However, 2017 was the year the fledgling ISA seems to have captured the tech world’s collective awareness. More than 500 people attended the November 2017 RISC-V Foundation Workshop, two days
8
of presentations and demos in Milpitas, California. Headlines for RISC-V initiatives have become standard fare, not only in trade pubs but in general business and news outlets as well. Among the larger Foundation members migrating to RISC-V are NVIDIA and Western Digital (WD). NVIDIA is basing its next-generation FALCON controllers on RISC-V. FALCONs are embedded in a range of NVIDIA chips as the control engine for its GPUs. After 10 years of deployments, the limitations of the FALCON legacy architecture began bumping up against increasingly complex use cases that demanded threading and large virtual memory spaces. After reportedly evaluating virtually every available solution, NVIDIA chose RISC-V as the path forward. Current-generation FALCONs are a proprietary RISC architecture. For its part, storage giant WD is planning to migrate its existing product line to the RISC-V ISA and will be leveraging it in all future products. The company will be using a mix of internally designed and third-party processors and plans to be shipping out more than a billion RISC-V cores per year. Like NVIDIA, WD’s use cases are becoming increasingly complex, and its HDD and SSD offerings need increasingly robust multi-core processors to handle general management, signal processing, and error correction. At the same time, the company is working to position itself as a provider of big data and fast data solutions. It wants to develop increasingly powerful products that move processing closer to where data resides so that analytics can be executed in real time. It’s no surprise that SiFive, which tags itself as “the first fabless provider of customized, open-source-enabled semiconductors,” figures prominently in the RISC-V movement. Its three founders, Krste Asanovic, Andrew Waterman, and Yunsup Lee were fundamental in the development of the instruction set. Asanovic is a professor at Berkeley and leads the RISC-V project there, while Waterman and Lee are credited as co-developers of the ISA. Since its formation in 2015, SiFive has been busily assembling a network of companies to offer low- or no-cost IP for proof of concept projects as part of its DesignShare ecosystem. Think Silicon, for example, makes its ultra-low power GPU technology available at a reduced cost. Other DesignShare offerings include USB solutions from Corgine and embedded non-volatile memory from eMemory. The startup has now received a $50 million funding injection to build out its cloud service design platform, and plans to be live later this year.
Embedded Computing Design | Summer 2018
www.embedded-computing.com
DO Supply, Inc.
www.dosupply.com
@DoSupplyCompany
www.facebook.com/DoSupplyCompany
GOOGLE PLUS
https://plus.google.com/ 117887521563843548380
YOU TUBE
www.youtube.com/user/ DosupplyAllenBradley
SILICON: RISC-V
SiFive has also been pushing out actual proof of concept silicon. Its Freedom E310 microcontroller grabbed headlines in November 2016 as the first commercially available RISC-V processor. You can buy them in packs of five, or on an Arduino form factor development board called the HiFive1. Coming soon is the HiFive Unleashed development board, hosting the Freedom U540, a Linuxcapable, multi-core RISC-V processor.
designs for which they must do all the heavy lifting themselves. From embedded controllers to multi-core server processors, every successful RISC-V implementation strengthens that underlying value proposition. As vendors continue to face increasing complexity demands coupled with increasing design costs, it appears that an open ISA is an idea whose time has come. Ashley Little is from DO Supply, Inc., an industrial equipment supplier based in Cary, NC. She writes about robotics, machine learning, and the future of automation for industries.
Beyond the higher profile projects like those from NVIDIA, WD, and SiFive, RISC-V has been steadily entrenching itself across the design cycle. A growing list of IP vendors, including Andes Technology and Codasip, have RISC-V cores ready to be implemented in silicon, while Microsemi and others offer softcores that run on FPGAs. Multiple flavors of Linux are available, with RISC-V support for binutils, gcc, newlib, glibc and more. Lauterbach has implemented support for SiFive’s processors in its TRACE32 toolset. IAR Systems, citing “an increasing demand from our customers,” is targeting a 2019 release of RISC-V support through its IAR Embedded Workbench toolchain. A year or two ago it might have been easy to pass over RISC-V as an academic project with little real-world relevance, but this is no longer the case. While some industry analysts caution that there is still a long road with a lot of remaining work ahead, the question of the day is not whether RISC-V will take its place alongside the likes of ARM and x86, but rather how thoroughly the ISA will shake-up the processor market. There is good reason to believe that the shake-up will be fairly thorough. Core tenets of the RISC-V value proposition include the notions that (1) the art of instruction set design has matured, with diminishing returns from minor differentiation, and (2) industry players have more to gain leveraging a common ISA with proven implementations and robust tools than they do pursuing custom www.embedded-computing.com
Embedded Computing Design | Summer 2018
9
SILICON: RISC-V
Open-source RISC-V architecture is changing the game for IoT processors By Paddy McWilliams, CEVA
The Spectre and Meltdown vulnerabilities have caused a big wave in the electronics industry as of late. What’s interesting about this vulnerability is that it takes advantage of microprocessor behavior – not an OS software bug or back door. Both of these vulnerabilities involve exploiting processor instruction pipelining, which makes them particularly nasty.
O
ver the past decade, open source software has been one of the biggest catalysts in the tech world. Today, the power of open source, the freedom it enables, and the communities that it generates are gaining traction in the hardware world too. For these reasons, RISC-V is gaining huge popularity. Here is an introduction to RISC-V and the opportunities it opens. RISC-V is an open instruction set architecture (ISA) originally developed in the Computer Science Division at the University of California, Berkeley. It, in turn, is based on the popular reduced instruction set computing (RISC) principles, just like ARM and MIPS and other common commercial processor architectures. The project took form in 2010, but since then has grown into a massive global collaboration, spanning multiple
10
universities and industry. Coherency is provided by the non-profit RISC-V Foundation, which both guides the underlying ISA specification and acts as the marketing engine to promote the RISC-V approach. To be clear, the RISC-V ISA is just what it says, an architectural specification of instruction sets, i.e. not an actual processor design. From that open source ISA, numerous academic and industrial teams have created a multitude of different processor designs, all of which essentially talk the same language. A quick read of the RISC-V Foundation website illustrates the numerous processor implementations available, from full open source processor designs such as Rocket, Orca, and PULPino, and commercial processor cores from companies such as SiFive, Codasip, Andes, and Cortus. This wide suite of modern processor implementations, scaling from simple IoT processors right up Linux-executing application processors, all based on a common ISA, reflects the key strengths of the RISC-V approach compared to a closed commercial ISA – i.e., a freedom to differentiate and a freedom to choose & change processor supplier without suffering painful product re-architecture. It’s free so it must be RISCky, no? At this point, it is prudent to do a reality check and look at the factors that influence processor choice in a new product design. As with most design decisions, there are numerous technical and commercial factors, some based on hard criteria, others based on more difficult to quantify aspects.
Embedded Computing Design | Summer 2018
www.embedded-computing.com
CEVA, Inc.
www.ceva-dsp.com
@CEVA_IP
www.linkedin.com/company/ceva
www.facebook.com/CEVAIP
YOU TUBE
www.youtube.com/user/cevadsp
SILICON: RISC-V
The technical criteria is self-evident: does the processor have the required horse power, is it scalable for future generations, does it match the power envelope, does it provide the required level of security, is there a good (and familiar) software development / debug environment, can we leverage our legacy code base. The commercial criteria considers costs such as die area (both gate count and memory sizes), royalties, and, of course, overall license fees. It also considers other business aspects including vendor lock-in, warranties and indemnities, commercial reporting obligations, legal rights to modify, etc.
THERE IS A GROWING DESIRE FOR MORE COMMERCIAL FREEDOM, TO BREAK-AWAY FROM CLOSED ISA LOCK-IN, NOT ONLY IN TERMS OF LICENSE AND ROYALTY FEES BUT ALSO IN TERMS OF FREEDOM TO DIFFERENTIATE. Considering all these factors, most designers have tended to adopt a “safe” option, usually one of the proprietary commercial processors and often sticking with a family they have previously used. However, many companies, at the strategic level, are uncomfortable with the increasingly limited choice of robust commercial processor IP vendors. There is a growing desire for more commercial freedom, to break-away from closed ISA lock-in, not only in terms of license and royalty fees but also in terms of freedom to differentiate. www.embedded-computing.com
FIGURE 1 CEVA board running RISC-Vbased Wi-Fi platform.
This desire has given wind to RISC-V’s sails. The RISC-V open source ISA offers companies a realistic option to move beyond the common commercial options without taking excessive strategic risk, the same way Linux, FreeRTOS, and many other open source RTOS are today indisputable alternatives to commercial OS. This is especially true for the smaller embedded processors typically employed in consumers IoT devices. A number of notable tier one companies, including Western Digital and NVIDIA have already publicly declared their intent, or indeed are already in mass production, and many more companies are evaluating RISC-V, some with very advanced designs under wraps. CEVA’s experience with RISC-V Like these companies, CEVA has been intrigued by the potential of RISC-V, especially in regards to our RivieraWaves Wi-Fi and Bluetooth IPs (Figure 1). These communication technologies require a small processor to execute the protocol stacks and our aim was to create an integration-ready reference platform that offers our customers freedom in the choice of processor. In terms of requirements, the horse-power needs are modest, even for advanced Wi-Fi configurations, since the IPs have been architected for very low power operation. The brief calls for a low gate count, power efficient, mature processor, with a familiar, commercial-grade software development environment that can produce die-saving compact code. The design must be suitable for easy deployment (at full speed) in FPGA and in ASIC/ASSP and it must have a legal framework compatible with our business of licensing IP. The RISC-V core we selected hits the scales at 20K gates, punching at a respectable 2.44 Coremark/MHz, fitting the hardware checklist perfectly. Our internal bench-marking of performance and code compactness compared very favorably to best-in-class processors of similar size. Equally important, our experience shows that the effort to port a complete system to RISC-V is very low. Considering the more complex Wi-Fi platform as an example, it only took one week to integrate, simulate and build a new FPGA binary for our complete RivieraWaves Wi-Fi IP demo platform, with an embedded RISC-V processor replacing a commercial processor. Furthermore, the existing protocol software, which has been developed and deployed on multiple different commercial processors over the years, was ported over to the RISC-V platform within two weeks, with little to no fuss, thanks to the familiar GNU GCC/GDB and LLVM compiler/debugger environment. This effort included porting, testing, and system level validation. Overall, the project was a success and RISC-V truly delivered on its promise. Paddy McWilliams is the Director of Product Marketing for CEVA’s Connectivity Business Unit. Paddy brings over 30 years of experience in semiconductor wired and wireless communications, with a current focus on Bluetooth and Wi-Fi. Embedded Computing Design | Summer 2018
11
SILICON: RISC-V
Open compute with RISC-V and memory fabrics By Dr. Zvonimir Bandic, Western Digital Corporation
In the last few years, we have witnessed a massive change in how data is generated, processed, and further leveraged to garner additional value and intelligence, all influenced by the emergence of new computational models based on deep learning and neural network applications. This profound change started in the data center where deep learning techniques were used to offer insights into vast data volumes, mostly to classify and/or recognize images, enable natural language or speech processing, or understand, generate, or successfully learn how to play complex strategy games. The change has also brought a wave of more power-efficient compute devices (based on GPGPUs and FPGAs) created specifically for these classes of problems, and later included fully customized ASICs, further accelerating and increasing the compute capabilities of these deep learning-based systems.
Big data and fast data Big data applications use specialty GPGPU, FPGA, and ASIC processors to analyze large datasets with deep learning techniques, and unmask trends, patterns, and associations, enabling image recognition, speech recognition, among others. As such, big data is based on information largely from the past, or rested data that typically resides in a cloud. A frequent outcome of a big data analysis is a “trained” neural network capable of executing a specific task, such as recognizing and tagging all faces in an image or video sequence. Voice recognition also demonstrates the power of the neural network.
12
The task is best executed by specialized engines (or inference engines), which reside directly on the edge device and led by a “fast data” application (Figure 1). By processing data captured locally at the edge, fast data leverages algorithms derived from big data to provide real-time decisions and results. As big data provides insights derived from “what happened” to “what will likely happen” (predictive analysis), fast data delivers real-time actions that can improve business decisions, operations, and reduce inefficiencies, invariably affecting bottom line results. These methods may apply to a variety of edge and storage devices, such as cameras, smartphones, and SSDs. Compute on data The new workloads are based on two scenarios: (1) training the large neural network on a specific workload, such as image or voice recognition; and (2) applying the trained (or “fitted”) neural network on edge devices. Both workloads require massive parallel data processing that includes the multiplication and convolution of large matrices. Optimal implementations of these compute functions require vector instructions that operate on large vectors or data arrays. RISC-V is an architecture and ecosystem wellsuited for this type of application as it offers a standardization process supported
Embedded Computing Design | Summer 2018
www.embedded-computing.com
Western Digital Corporation www.wdc.com
@westerndigital
www.facebook.com/WD
www.instagram.com/wdcreators
YOU TUBE
www.youtube.com/c/westerndigital
SILICON: RISC-V
by open source software that enables developers complete freedom to adopt, modify, or even add proprietary vector instructions. Prominent RISC-V compute architecture opportunities are outlined in Figure 1.
cameras at the edge employ inference engines that are trained on big data, and recognize images in real time (fast data). In Figure 1c, the smart SSD device uses an inference engine for data recognition and classification, effectively utilizing the device’s bandwidth. As Figure 1 shows potential opportunities for RISC-V cores, it enables the freedom to add both proprietary and future standardized vector instructions that are instrumental in processing deep learning and inference techniques.
Move data The emergence of fast data and computations at the edge creates a factual consequence that moving all of the data back and forth to the cloud for computational analysis is not very efficient. First, it involves relatively large data latency transfers at long distances across the mobile network and Ethernet, which is not optimal for the image or speech recognition apps that must operate in real time. Second, computing at the edge allows for more scalable architectures, where image and speech processing or in-memory compute operations on SSDs can be executed in a scalable fashion. As such, each added edge device brings an incremental increase in the computational power required. Optimization on how and when the data moves is a key factor in the scalability of new architectures.
Another similar, and important trend in how data is moved and accessed exists on the big data side and in the cloud (Figure 2, page 14). The traditional computer architecture (Figure 2a) utilizes a slow peripheral bus that attaches to a number of other devices (e.g., dedicated machine learning accelerators, graphics cards, fast SSDs, smart networking controllers, etc.). The slow bus affects device utilization by limiting the communications capabilities between themselves; the main CPU; and main, potentially persistent memory. It is also not possible for this new class of computational devices to share memory amongst themselves, or with the main CPU, which results in wasteful and limited data movement across a slow bus.
In Figure 1a, cloud data center servers execute machine learning using deep learning neural network training on large big data sets. In Figure 1b, security
In Figure 2a, a traditional compute architecture has reached its limits due to a slow peripheral bus used for fast storage and compute acceleration devices. In Figure 2b, future compute architectures deploy open interfaces that provide uniform cachecoherent access of all compute resources in the platform to shared persistent memory
There are several important industry trends emerging on how to improve data movement between different compute devices, such as the CPU and compute and network accelerators, as well as how the data is accessed in memory or fast storage. These new trends are focused on open standardization efforts that deliver faster, lower latency serial fabrics and smarter logical protocols, enabling coherent access to shared memory. Next-generation data-centric computing Future architectures will need to deploy open interfaces to persistent memory and cache coherency-enabled fast busses (e.g., TileLink, RapidIO, OpenCAPI, and Gen-Z) that connect to compute accelerators, to not only improve performance substantially, but enable all devices to share memory and reduce unnecessary data movement.
FIGURE 1 Big data, fast data, and RISC-V opportunities
www.embedded-computing.com
Embedded Computing Design | Summer 2018
13
SILICON: RISC-V
(referred to as a data-centric architecture). In Figure 2c, the deployed devices are able to utilize the same shared memory, reducing unnecessary copying of data. The role of the CPU uncore and network interface controllers will grow as the key enablers for moving data. The CPU uncore component will have to support key memory and persistent memory interfaces (e.g., NVDIMM-P), as well as memory that resides close to the CPU. Smart and fast busses for compute accelerators, smart networking, and remote persistent memory will also need to be implemented. Any device on the bus (e.g., CPUs, general-purpose or purpose-built compute accelerators, network adapters, storage, or memory) can include their own compute resources with the ability to access shared memory (Figures 2b and 2c). To optimize data movement, RISC-V technology can be the key enabler as it will implement vector instructions for new machine learning workloads on all of the compute accelerator devices. It enables open source CPU technologies that support open memory and smart bus interfaces, and implements a new data-centric architecture with coherently shared memory.
Final thoughts To realize its value and possibilities, data needs to captured, preserved, accessed, and transformed to its full potential. Environments with big data and fast data applications have exceeded the processing capabilities of general-purpose compute architectures. The extreme data-centric applications of tomorrow require purpose-built processing that supports independent scaling of data resources in an open manner.
›› Scale compute resources for edge compute devices ›› Add new instructions, such as vector instructions for key machine learning workloads ›› Locate small compute cores very close to storage and memory media ›› Enable new compute paradigms and modular chip designs ›› Enable new data-centric architectures where all of the processing elements can coherently access shared persistent memory, optimizing data movement
Having a common open computer architecture centered on data stored in persistent memory, while allowing all devices to play a compute role, is a key enabler of these new scalable architectures driven by a new class of machine learning compute workloads. The next generation of applications across all cloud and edge segments will need this new class of low-energy processing as specialty compute acceleration processors focus on the task at hand, reducing wasted time moving data or performing excess computing that is not relevant to the data. People, communities, and our planet thrives through the power, potential, and possibilities of data.
RISC-V is developed by a membership of over 100 organizations and includes a collaborative community of software and hardware innovators who can adapt the ISA to a specific purpose or project. Anyone who joins the organization can design, manufacture, and/or sell RISC-V chips and software under a Berkeley Software Distribution (BSD) license.
Dr. Zvonimir Z. Bandi is a Research Staff Member and Senior Director of the Next Generation Platform Technologies Department at Western Digital Corporation.
Solving challenges with RISC-V Big data and fast data pose future data movement challenges, paving the way for the RISC-V instruction set architecture (ISA) and its open, modular approach, ideally suited to serve as the foundation for data-centric compute architectures. It provides the ability to:
FIGURE 2 Data movement and access in compute architectures
14
Embedded Computing Design | Summer 2018
www.embedded-computing.com
Connecting Global Competence
SOFTWARE: OPEN SOURCE SOFTWARE & OPERATING SYSTEMS
A brief history of embedded software development By Colin Walls, Mentor Graphics, a Siemens Company We’re approaching the 50th anniversary of the invention of the microprocessor, quite a milestone for a technology that touches everyone’s lives every day. We’ve come a long way in those 50 years.
I
n parallel with the development and progress of microprocessors and microcontrollers, the technology of embedded software development has similarly seen many changes. My career (albeit only 40 years) has been very much tied to embedded software development. So, I thought that it would be interesting to chronical the history. At the beginning, only the chip manufacturers provided software development tools, like assemblers and in-circuit emulators. Quite quickly, a number of independent companies (like HP and Tektronix) started to offer complete development solutions that addressed chips from multiple manufacturers. Other independent companies focused purely on software solutions. One example was Microtec Research, which was founded in the early 1970s; I joined the company in 1986. At that time, we had assembler packages for various devices and increasingly offered high-level language (Pascal, C, and PL/M) support. Although we also offered some simple instruction-set simulation tools, the first real debugger for embedded, XRAY, wasn’t released until the end of that year.
Mentor, a Siemens business www.mentor.com
16
@mentor_graphics
As the chips got more powerful, embedded applications became more complex and the requirements for development support expanded. More companies focused on software solutions. The use of real-time operating systems (RTOSs) began in the 1980s. One of the first was the VRTX family, developed by Hunter & Ready, later Ready Systems, who were acquired by Microtec in the early 1990s. This acquisition was typical of the trend towards offering a “complete” solution. This trend continued with Mentor Graphics’ acquisition of Microtec. The product line was enrichened later with the acquisition of Accelerated Technology and incorporation of the Nucleus RTOS. As the 21st century progressed, additional trends became apparent. First, the chip makers began to look at having a complete solution to lock in their customers and, hence, wanted to offer software. Intel’s acquisition of Wind River was an example (note that Intel recently sold Wind River). The other trend was the popularity of open-source software. Engineers are attracted to the idea of open source being “free,” although they still
www.linkedin.com/company/ mentor_graphics
Embedded Computing Design | Summer 2018
www.facebook.com/ MentorGraphicsCorp
seem to feel that they should be paid a salary for developing software and can’t see the disconnect. The reality is that open source software can be an excellent solution, for both tools and runtime. But the costs of using it must be considered. The market changed to accommodate this realization and another trend appeared. Many companies established businesses that provided packaging and support of open source products, adding value along the way. In the tools space, open source was an ideal place for chip vendors to provide a complete solution for their customers. In addition, many users were looking for packaged open source solutions, where they could have the benefits without the hassle. Of course, the market responded to these demands and various companies offered products and solutions. Mentor acquired CodeSourcery, which pioneered this type of business. I wonder how things will develop over the next 50 years. Colin Walls is an Embedded Software Technologist in Mentor Graphics’ Embedded Software Division.
GOOGLE PLUS
https://plus.google.com/ +mentorgraphics
YOU TUBE
www.youtube.com/channel/ UC6glMEaanKWD86NEjwbtgfg
www.embedded-computing.com
SOFTWARE: OPEN SOURCE SOFTWARE & OPERATING SYSTEMS
Flimsy security: Wi-Fi router firmware is putting consumers and the Internet at risk By Louis Creager, zvelo The security of Internet-connected devices relies, at least at this point, on the dedicated vigilance of their manufacturers. This proves especially true when it comes to routers managing web connectivity within most households and businesses – routers that include firmware that must be updated regularly to address newly discovered vulnerabilities and disallow exploits from attackers. An ongoing cat and mouse game exists with hackers for the vendors selling these devices.
A
2018 study from Insignary finds that most Wi-Fi router vendors aren’t holding up their end when it comes to ensuring that the firmware they provide effectively protects their devices from well known security threats. In many cases, the risks to these routers involve solved issues. Where OEM router firmware utilizes open source code supported by communities that actively maintain and address such issues, fixes to known problems were made available years ago. And yet the current firmware still leaves devices inexcusably vulnerable. Vendors have a responsibility to continue protecting the devices they sell to keep customers and the Internet itself safe. Sensitive personal or business data that travels through a compromised router can and does end up falling into the wrong hands. Compromised devices are also progressively enlisted in massive botnets, where they have their bandwidth exploited as fodder in distributed denial of services (DDoS) attacks. These attacks, which target sites or Internet infrastructure to interrupt their functionality, are becoming more powerful and dangerous threats as device security concerns go unaddressed. At the
same time, vulnerable routers can lead consumers or businesses to have their IP addresses added to lists of known botnet traffic. In reality, the path to securing routers is multi-staged, and requires active participation and knowhow from all parties involved. First, the manufacturer must address firmware vulnerabilities. Then, it’s up to end users to download and install that firmware onto their devices. Unfortunately, though, this process is challenging and unlikely; it requires users to know about the importance of updates, where to find them, and how to upload them. Realistically, that isn’t going to happen in most cases. It also becomes impossible when vendors are no longer supporting their devices with new firmware releases, which is often the case. Standardized security measures would go a long way toward alleviating these issues. With a standardized security framework, manufacturers gain the advantage of mutual community support for technological advancements and best practices. However, there are currently no commonly adopted standards for the security provided by Wi-Fi router firmware.
zvelo
www.zvelo.com
www.embedded-computing.com
TWITTER @zvelo
In the meantime, end users ready to take on firmware security issues on their router devices do have some methods for addressing these needs themselves. Free, open source firmware such as DDWRT and OpenWRT can be entered into a router’s flash memory to add security and simplify updates. While these options won’t be perfectly issuefree, they do come with the power of a dedicated community behind them, providing enhanced security where OEMs can’t or don’t. As the ranks of malicious botnets continue to swell with compromised routers, and as the consequences of ineffective firmware security become more dire, the moment when the industry will be forced to address its practices draws near. Expect consumers and businesses troubled by insecure products to take matters into their own hands, either by implementing security by another means or by making security features a critical component in their purchasing decisions. Louis Creager is IoT Security Analyst at zvelo, a provider of cybersecurity solutions for web content, traffic, and devices.
www.linkedin.com/company/zvelo-inc-
www.facebook.com/zvelo
Embedded Computing Design | Summer 2018
17
STRATEGIES: CYBER SECURITY
Have we forgotten what the ancients taught us in building defense systems? By Wilfred Nilsen, Real Time Logic Fort Dún Aonghasa is a Bronze Age structure with several rungs of defenses. Its architecture provides a good analogy for how connected systems should be secured today.
I find the multilayered defense system built into many ancient forts fascinating. Fort Dún Aonghasa in Ireland is a great example of how a multilayered defense system was used to increase security by making it very difficult for an attacker to gain access to the “inner circle” (above). The attacker would have to overcome several barriers, including first having to climb up a cliff, then penetrate huge boulders while being shot at with arrows, and then climb over three walls.
J
ust as many of the old forts like Fort Dún Aonghasa used a multilayered defense system, so can a modern IoT solution. However, the reality is that many modern IoT solutions completely lack any type of defense system against hacking. The lack of defense systems or the limited set of defenses found in modern IoT devices and solutions, in many cases, stems from engineers and designers lacking awareness of the vulnerabilities
18
that may exist in certain IoT protocols. We will explore some of the typical weaknesses found in IoT devices/solutions and how IoT devices and the IoT infrastructure can be designed to be more resilient by deploying a multilayered defense system. Hacked and enslaved IoT (server) devices operating in a botnet Some time ago we received the following email from our hosting provider: “Event Summary: A software anomaly was corrected that caused excessive outbound routing announcements to be withdrawn in response to a Denial of Service attack.” Distributed Denial of Service (DDoS) attacks are on the rise, and the origin of these attacks is increasingly hacked IoT devices. KrebsOnSecurity.com was recently hit with a record DDoS attack, and analysis of the attack traffic suggested that the assault
Embedded Computing Design | Summer 2018
www.embedded-computing.com
Real Time Logic
www.realtimelogic.com
info@realtimelogic.com
STRATEGIES: CYBER SECURITY
KEEPING SECRETS IN IOT DEVICES SUCH AS HEADLESS EDGE NODES IS PROBLEMATIC, FOR THESE DEVICES ARE USUALLY OUT IN THE WILD, THUS ENABLING A HACKER TO POTENTIALLY EXTRACT THE HARDCODED CREDENTIALS FROM THE DEVICE. thermostat can control the thermostat via a web interface provided by the online server.
was around 620 Gbps of traffic. The attack originated from a botnet of thousands of hacked and enslaved IoT devices such as IP cameras and DVRs from all over the world. These hacked IoT devices have one thing in common: they all operate as servers by providing services such as web server, telnet server, and/or SSH server. Unfortunately, publicly accessible servers can easily be found by port scanners such as Shodan. A hacker can create automated tools that scan and probe for weaknesses such as easy-to-guess passwords, default product passwords, or simply performing brute force password attacks. Hackers then upload code to the compromised devices, thus enslaving them by integrating these devices into their botnet. For this reason, IoT devices that include services are much more vulnerable than IoT devices that provide no form of publicly available service. First line of defense: IoT devices should operate as clients, not servers Devices operating as network clients, as opposed to operating as network servers, cannot be found by port scanners. In addition, when devices operate as clients, it is impossible for an outsider to directly connect to the devices. However, devices that operate as clients need an online server that enables the users to control their devices via the online service. When all devices and human machine interfaces operate as clients, an online server is required for proxying the traffic between the users and the devices. The online server operates as a service/server to the human machine interfaces (HMIs) and to the connected devices. For example, a home owner with a cloud-enabled www.embedded-computing.com
Although a proxy server can be designed by, for example, using the WebSocket protocol and by designing server-side code for routing (proxying) the messages between users and their devices, an easier solution may be to use one of the many IoT protocols designed for this purpose. Publish/subscribe (pub/sub) protocols, such as AMQP, XMPP, and MQTT, are popular choices. An online proxy server is typically referred to as a broker when using pub/ sub protocols. The broker is in charge of routing messages between publishers and subscribers. IoT pub/sub protocols and the hidden pinholes Pub/sub protocols are great choices for controlling devices indirectly via an online server. Pub/sub protocols make it possible for any connected client to subscribe to topics. Some IoT protocols, such as MQTT, also enable what is known as wildcard subscriptions. A wildcard subscription lets a client subscribe
Embedded Computing Design | Summer 2018
19
STRATEGIES: CYBER SECURITY
to topics without knowing the exact topic name, thus a potential pinhole. It is in fact possible to subscribe to any topic in MQTT, making the protocol inherently insecure since an attacker that has gained access to a broker can eavesdrop on all messages sent from other devices. The attacker can then learn the details of all messages used by the IoT solution and use this information to indirectly compromise all connected devices by publishing specially crafted messages. A DEFCON MQTT paper was recently released by a white hat hacker. The paper reveals how one can find and access MQTT brokers on the Internet and perform actions such as opening prison doors, changing radiation levels, and so on. The online brokers that the hacker refers to do not require the MQTT clients to authenticate. The hacker went on to create a script that subscribes to all messages handled by the brokers by using wildcard subscriptions. Needless to say, a protocol such as MQTT cannot be used without client authentication. However, since MQTT sends passwords from the client to the broker in clear text, the communication must also be protected by TLS to protect from eavesdropping. Note that using client authentication may not be as secure as you may think. We will explore the authentication security issues in the next two sections. Second line of defense: Authentication IoT devices operating as clients should use the TLS protocol for authenticating the server at connection time. When the client connects, the online server’s X.509 certificate provides assurance that the device is in fact connecting to the correct server and not to a spoofed system. As mentioned previously, pub/sub protocols such as MQTT should not be used without client authentication since this would compromise the IoT solution. Clientside authentication in combination with server-side authentication is known as mutual authentication. Server authentication is normally provided by the TLS protocol and the server’s certificate. However, a client can authenticate itself by using anything from a plain text password to an X.509 certificate. All forms of authentication mechanisms are based on keeping a secret. Keeping secrets in IoT devices such as headless edge nodes (a device that lacks a graphical user interface) is problematic, for these devices are usually out in the wild, thus enabling a hacker to potentially extract hardcoded credentials from the device. For example, a cloud-enabled thermostat that is designed to connect to an online cloud server can be purchased by a hacker, who may then extract the credentials (password or X.509 certificate) from the device, thereby gaining access to the thermostat’s online ecosystem. This is particularly concerning for IoT solutions based on pub/sub protocols that enable wildcard subscriptions. Authentication shortcomings When using a pub/sub protocol such as MQTT, a hacker that manages to extract the credentials (password or X.509 certificate/private key pair) from a device can use the credentials for either eavesdropping on the IoT solution’s communication or performing a direct exploit by publishing specially crafted messages. Unique credentials per device makes it possible to disable the exploited device, including use of the device’s credentials; however, this requires that the IoT solution can detect the exploit and remove the exploited credentials from the solution. A solution that uses an X.509 certificate/private key pair for client authentication is even more complicated since compromised X.509 certificates must be managed by using a certificate revocation list (CRL). The complexity in extracting the credentials from a device greatly depends on the device type and the components used in the device. A device based on a high-level operating system where the credentials are stored on a file system in an external flash
20
Embedded Computing Design | Summer 2018
memory module makes it much easier for a hacker to extract than the credentials for a device using internal microcontroller flash memory and where the JTAG fuse is blown. Having said that, even the most hardened device can be exploited and the credentials can be extracted. For this reason, designing an IoT solution that only relies on using credentials as the one-and-only defense mechanism is going to be much more vulnerable than an IoT solution based on a multilayered defense protection system. Third line of defense: Authorization Authorization protects the IoT solution against compromised devices when the credentials have been extracted and used by a hacker and for IoT solutions designed to be used without password protection. Authorization can also be used to detect abnormalities in the communication pattern and report such incidents to an operator. Authorization is particularly important for protocols such as pub/sub that provide the one-to-many message model. Authorization is even more important for pub/sub protocols that enable wildcard subscriptions. Authorization is product-specific and can come in many flavors such as providing a method for controlling an access control list (ACL). IoT solutions based on pub/ sub protocols that enable programmatic authorization on the server side, by for example providing a plugin system where you can use your own computer code for analyzing the traffic, can be made more secure than a broker solution that only enables authorization via configuration files. Summary The ancients taught us that a multilayered defense system improves overall security. If one defense fails, another takes over. We should take this as a history lesson and apply it to modern-day IoT and network design. First, devices should operate in stealth mode, making them invisible for automated hacker bots searching for devices. A device operating as a network client has stealth mode properties. As an added security feature, an IoT solution www.embedded-computing.com
that also operates the online server in stealth mode is more secure because an attacker would have a hard time finding the online service. The WebSocket protocol has this property, for it is difficult to differentiate a WebSocket server from a regular web server, especially if the entry URL for the WebSocket server is nonpublic since a non-public URL cannot be found by an automated port scanner. Protocols that only provide one type of service and that listen on a specific port number do not have stealth mode properties. Second, IoT servers should use X.509 certificate authentication to prevent man-in-the-middle attacks. In addition, some IoT protocols should not be used without client-side authentication since they include features such as wildcard subscriptions that may jeopardize the security of the entire solution.
of the messages include additional security that makes it possible to provide finegrained authorization and detection of non-conforming messages. To enable developers to easily design multilayered defense systems, we developed SMQ, a lightweight IoT pub/sub protocol like MQTT. In addition, the SMQ protocol behaves similarly to WebSockets, with the initial HTTP and HTTPS connection upgraded to a persistent SMQ connection, making the broker difficult to detect, essentially operating in stealth mode. The SMQ clients can use salted password hashing, making it possible to securely authenticate clients using a non-secure (non TLS) connection. Secure connections are initiated over HTTPS, enabling clients to Âconnect out to the Internet and bypass any firewall/proxy. For security reasons, the protocol does not allow wildcard subscriptions, thus an attacker that has gained access to the broker cannot easily subscribe to and detect the message flow. The SMQ broker includes a plugin system that enables the developers to programmatically analyze all traffic managed by the broker (authorization). The secure SMQ client, called SharkMQ, is suitable even for the tiniest microcontroller. Our tests indicate that the complete protocol overhead, including TLS, TCP/IP stack, and drivers, can be as small as 38 Kb ROM and 13 Kb RAM. Whatever protocol you choose, a good understanding of the protocol will help you design a better defense system for your IoT ecosystem. Many protocols include a wealth of features, however these features, used or not, may lead to pinholes that can be used by attackers attempting to compromise your solution. A recommendation is to choose a protocol with the right set of features designed with security in mind rather than a protocol supporting everything that is more attack-prone.
As a third line of defense, the server/ broker should include authorization to protect the IoT solution. Servers that Wilfred Nilsen, Founder and CTO of Real Time Logic, has 27 years of experience enable custom and programmatic analysis designing SEA-18026 - IoT Design.pdf 1 3/20/18 9:50 AMembedded network software.
www.embedded-computing.com
Embedded Computing Design | Summer 2018
21
STRATEGIES: CYBER SECURITY
Protecting routers and other network equipment By Steve Hanna, Trusted Computing Group While attacks and threats on PCs and servers have been well documented and addressed by a variety of solutions for many years, only recently have vulnerabilities of other parts of Internet of Things (IoT) systems been recognized – and exploited.
P
rotecting IoT devices, routers, and other networked systems against compromise is a serious challenge for service providers, enterprises, consumers, and others. Historically, attacks have been very difficult to mitigate. Fortunately, significant improvements are now being made. The hacks just keep coming Before considering the latest news, let’s look at the last two years:
›› 2016 – The Mirai malware targeted online consumer devices, including home routers and IP cameras running Linux, and converted them into remotelycontrolled bots as part of a botnet. This botnet was used to mount distributed denial of service (DDoS) attacks of record-breaking proportion. Popular services like Netflix and Twitter were affected. ›› 2017 – Wikileaks revealed the details of CherryBlossom, a remotely-controllable, firmware-based implant for wireless networking devices. Using a man-in-themiddle (MITM) approach, the malware exploits router and other wireless access point (AP) vulnerabilities to gain unauthorized entry. It then replaces existing firmware with hacker-installed CherryBlossom firmware to monitor, control, and manipulate the Internet traffic of connected users. The impact of these attacks is substantial, not only for those whose devices are hacked, but for the targets of DDoS attacks and device manufacturers whose reputation may be tainted, as well. Addressing the issue Adding to its extensive list of standards designed to protect computing and other network elements, the Trusted Computing Group (TCG) has developed a new guidance document that specifically addresses the security of connected equipment. In this and other TCG efforts, TCG’s Trusted Platform Module (TPM) provides a hardware-based foundation for security improvements. For example, the TPM can establish device identity using a difficult-to-steal private key stored inside the tamper-resistant TPM.
By applying the processes explained in “TCG Guidance for Securing Network Equipment,” developed by TCG experts, network equipment suppliers have begun to demonstrate how common weaknesses in network equipment can be prevented. TCG members have recently demonstrated products showing how the TPM can be used to ensure that router configuration cannot be modified without detection. Don’t snooze The network equipment security problem has key attributes that should put it at or near the top of the list of enterprise issues that must be addressed. It is compelling, relatable, relevant, extremely timely, and increasingly preventable. With the Trusted Computing Group’s network equipment specification, products have been introduced that demonstrate a best practice use of TPMs in securing network equipment. Routers, firewalls, and other network equipment are starting to implement this guidance to resist increasingly sophisticated attacks and provide the security that all enterprises deserve
This cryptographic device identity has several applications in networking equipment, including:
More information on the network equipment specifications is found at trustedcomputinggroup.org/ work-groups/network-equipment.
›› ›› ›› ›› ››
Steve Hanna is Chair of the Embedded Systems Working Group at the Trusted Computing Group, and Senior Principal at Infineon Technologies.
Access control OEM device identity and counterfeit protection Secure autoconfiguration Remote device management Network security now
Trusted Computing Group
www.trustedcomputinggroup.org
22
T@rustedComputin
Embedded Computing Design | Summer 2018
www.linkedin.com/groups/4555624/profile
YOU TUBE
www.youtube.com/user/TCGadmin
www.embedded-computing.com
INNOVATIVE
PERSON
JASON Kridner
Co-Founder, BeagleBoard.org DIY electronics has emerged as one of the most effective means of educating young engineers. Jason Kridner, Co-Founder of BeagleBoard.org and a 2018 Top Embedded Innovator, explains how “Making” is making this happen. As co-founder of BeagleBoard.org, how do you see Maker tech evolving?
component documentation, and do with them as you choose is critical to going commercial.
KRIDNER: One area evolving rapidly is the increased interaction between Makers, both online and off. Today the methods that provide access to chatting with one another, showing their projects and sharing their experiences is exploding. What used to be swap meets, amateur radio, and text-based chat have become Makerspaces, longrange meshed networks, and video hangouts. This creates a speed for learning that is really encouraging, especially to a new user. These increased interactions aren’t just happening between individual makers, but between entirely different communities of Makers. Lessons are learned on a project in one community and that skill is taken to a project on different platforms. Support of BeagleBone via create.arduino.cc is an example. This cross-pollination of approaches helps ensure Makers’ skill development doesn’t become stagnant.
The second area is open source software. Linux provides a foundation whereby many people and projects participate. The road to commercialization is faster with this large and supportive community, which even includes professional consultants to help productize your prototypes.
Schools and colleges are embracing Maker spaces to encourage hands-on projects in and out of the classroom. Gaps in education are filled through understanding the relationships between theory and application. Guided instruction to inspired students should provide support to keep the Maker community strong. What advice can you offer technologists using open source technology in the creation of a commercial product? KRIDNER: There are three key areas that enable Makers to take their ideas to commercialization. The first is open source hardware. BeagleBoard.org supports completely open hardware, enabling any developer to create and recreate designs with all the devices on it available for purchase at quantity one to any quantity desired. The freedom to get full design and www.embedded-computing.com
Which leads to the third area, community itself. The Maker community provides ever-expanding networking opportunities and support to ramp new projects to commercialization. A growing and supportive network is critical for the development of software, hardware support for rapid prototyping, and maintaining a commercial software base. What can be done to ensure a consistent pipeline of young engineers? KRIDNER: I’m constantly trying to figure out what kids think today. Kids are experiencing technology today in a totally different way. They are digital natives born with embedded computers in their cribs. We need to continue to champion the tools and activities that inspire youth, but never stop being critical of those tools and activities as well. Continually challenge youth to tell us how their tools can be made better. If they cannot create the technology themselves, they will not be prepared for when it doesn’t work. Educational robotics is a compelling and effective way to reverse that trend. Lower-cost, easier-to-use, and inherently collaborative platforms can help ensure these programs expose all participants to programming and electronics. BeagleBoard.org Embedded Computing Design | Summer 2018
23
INNOVATIVE
PERSON
allison Clift-Jennings Co-Founder and CEO, Filament
Blockchain, an inalterable distributed ledger technology that enables secure transactions across peer-to-peer (P2P) networks, will be key to IoT automation. One of Embedded Computing Design’s Top Embedded Innovators for 2018, Allison Clift-Jennings, CEO of blockchain company Filament gives her views on the technology’s evoloution.
Why is Blockchain a critical technology for the IoT? CLIFT-JENNINGS: Originally Filament was focused on IoT asset tracking and connecting infrastructure. However, we soon recognized that IoT connectivity was rapidly becoming table stakes for achieving the real value of the machine economy. After working with customers who were eager to move past interaction and onto the next level of transaction, we tapped into our strength in protocol development and shifted our focus to address the economic aspect of connected machines. IoT blockchain technology allows legacy machines to go beyond connectivity and transact value with each other. The Blocklet Chip is a native semiconductor that brings blockchain technology to industrial equipment. This is important because in order for machines to become economic in nature and enforce their own contractual agreements, trust must be created. Filament has productized the trust factor in its silicon chip that includes the secure elements necessary for machines to perform transactions against a blockchain. Customers can embed this technology within their products or onto their machinery so that IoT devices can have economic capability. What is needed to advance blockchain in the IoT industry? CLIFT-JENNINGS: 2018 is the year that blockchain and the machine economy becomes real. We are already seeing it in several high-profile supply chain projects and deployments. That said, blockchain is still in its infancy and has enormous untapped potential ahead of it. We talk with many companies that are excited about its possibilities but don’t know where to start. While the
24
Embedded Computing Design | Summer 2018
enthusiasm is undoubtedly there, what is most needed is education, technical skills, and support. And as companies are working to figure it out, so are the legislators. We’ve been involved in helping guide legislation in Nevada and Colorado so that laws around the technology back businesses and organizations that want to gain the benefits of blockchain and distributed ledger technology. What can be done to ensure a consistent pipeline of young engineers? CLIFT-JENNINGS: Our world is becoming more digitally connected every day and because of this, STEM education is more critical than ever. I serve on the Computer Science and Engineering advisory board at the University of Nevada, Reno where the school is proactively addressing the need for developing a sustainable STEM workforce and has a commitment to diversity and inclusion. Programs are being launched to foster a new generation of engineers and I am optimistic that many schools and universities across the country, despite the challenges, are also actively supporting STEM and engaging in programs that cater to the needs of our digital future. Collaboration and guidance also helps younger engineers and entrepreneurs get the instruction and inspiration they need to keep pushing forward. I’m encouraged by the growing number of women and minorities pursuing technical careers, and hope that the education and resources become increasingly available to cultivate a strong workforce in the future. Filament filament.com www.embedded-computing.com
INNOVATIVE
PERSON
dan Cauchy
EXecutive Director Automotive Grade Linux Vehicles are increasingly software-defined networks on wheels. Dan Cauchy, a Top Embedded Innovator and Executive Director of Automotive Grade Linux (AGL), offers insight on trends in open source software and the automotive market. Today, Linux is everywhere, including cars. What can you tell us about your vision for AGL? CAUCHY: AGL is built from the ground up including the Linux kernel and hardware board support package, middleware, application framework and APIs, SDK, and reference applications. It is a complete system but offers the flexibility of being fully customizable. AGL was launched to build a single software platform to eliminate the fragmentation that has plagued the automotive industry. Our goal is to drive rapid innovation by developing an open, shared platform that can serve as the de facto industry standard. We are enabling software reuse and reducing fragmentation across the industry through the growth of an AGL ecosystem and supply chain that all use the same code base. Developers and suppliers can build a product once and have it work for multiple OEMs instead of having to build different versions for each manufacturer and vehicle model.
application framework security with role-based access control. This can be used to isolate applications from critical components and can also limit the devices that applications are allowed to access in the vehicle. We have hundreds of engineers from over a hundred different companies working on the same code base, and when a security issue or bug is found, the fix is contributed back to AGL and made available to everyone. This results in a massive economy of scale that simply cannot be reproduced inside a single company. That is the power of open source. And this inherently results in higher quality and more secure code. We believe that collaboration and information sharing will make the entire industry more secure. Automakers can learn from each other’s experiences on a much wider scale to quickly mitigate risks and threats and rapidly patch vulnerabilities. What can industry do to ensure a consistent pipeline of young engineers?
Our primary focus to date has been on infotainment, since that has been the biggest pain point for automotive manufacturers. But this summer we are planning to release solutions for telematics, heads-up display (HUD), and instrument cluster, and our roadmap includes functional safety, advanced driver assistance systems (ADAS), and autonomous driving. Once AGL achieves the applicable functional safety certifications, there are really no limits to the type of applications where it can be used in the vehicle.
CAUCHY: I grew up in Ontario, Canada and I started coding professionally at the age of 15. I worked for my local school system under a summer student program and created various software to automate school system operations. This experience is what propelled my career into the technology field. The education system should encourage more computer science work at a younger age, either via curriculums or summer student programs or more programs like Google Summer of Code.
How is AGL upping the ante for security in connected vehicles?
Open source is a great way to get young people and students involved in technology.
CAUCHY: The AGL platform was designed with security in mind and includes baseline security features like www.embedded-computing.com
Automotive Grade Linux (AGL) www.automotivelinux.org Embedded Computing Design | Summer 2018
25
INNOVATIVE PRODUCT
This year, the sixth installment of Embedded Computing Design’s annual
NOMINEES
Innovation Issue, includes a highly competitive spread of product submissions from every area of the embedded/Internet
Embedded Computing Design editors Rich Nass,
of Things (IoT) development space. As
Curt Schwaderer, Brandon Lewis, and Jamie Leland will
in years past, each submission will be
score the following products against a detailed rubric to
judged based on a rubric that considers performance, features, and, most
select the Top Innovative Products of 2018. One from
importantly, how disruptive the solution is
each category of Silicon, Software, and Systems will be
in the market.
judged a Top Innovative Product, and featured on the cover of Embedded Computing Design's 2018 Resource Guide this fall.
SILICON PAGES 26-28
SOFTWARE PAGES 28-29
SYSTEMS PAGES 30-31
AMS
AdaCore Technologies
Avnet Integrated, Inc.
Datasound Laboratories Ltd
Linux Foundation
CEVA, Inc.
Imagination Technologies
Mentor Graphics Corporation
Data I/O
Microchip Technology, Inc.
Renesas Electronics Corporation
Lattice Semiconductor Corporation
Microsemi
SparkCognition
Microchip Technology, Inc.
Redpine Signals
Texas Instruments
Nordic Semiconductor
Renesas Electronics Corporation
Western Digital Corporation
Technologic Systems
Wind River Systems, Inc.
Techway
zvelo, Inc.
SILICON
ams
AS7265x
AS7265x includes electronic shutter capabilities with 3 independent 100mA LED drive controls, enabling designers to accurately control multiple light sources and enhance spectral sensing functions without added componentry. AS7265x incorporates 3 chips to deliver an 18-channel multi-spectral sensing array covering wavelengths from 410nm to 940nm, each with 20nm FWHM and two integrated LED drivers for electronic shutter applications. AS7265x’s small size, low power and nano-optical interference filters directly on the CMOS silicon die enable measurement equipment OEMs to develop new product types and use cases leveraging these unique attributes. http://ams.com/eng/Products/Spectral-Sensing/Multi-spectral-Sensing/AS7265x www.embedded-computing.com/p374623
SILICON
Datasound Laboratories Ltd
Virtual SoM
Enables a fast-track, low-risk route to IoT custom design realisation by pre-designing and pre-proving the heart and popular functionality of a client design. Time-to-market is critical. Meet the solution. Combining ARM A-series and M-series Virtual SoM platforms frees the primary processor of managing low level I/O. IoT designs are besieged with issues surrounding the implementation of new technologies and inefficient attempts to combine COTS components with wasted expense. Get exactly what you want and quickly with the Virtual SoM. VIDEO: https://vimeo.com/247148070 http://www.dsl-ltd.co.uk/product/virtual-som
26
Embedded Computing Design | Summer 2018
www.embedded-computing.com/p374622
www.embedded-computing.com
TOP INNOVATIVE PRODUCT NOMINEES Imagination Technologies
INNOVATIVE PRODUCT
PowerVR Series2NX Neural Network Accelerator (NNA)
www.imgtec.com/powervr-2nx-neural-network-accelerator
Microchip Technology Inc.
SILICON
With flexible bit-depth support on a per-layer basis for weights and data, 2NX can maintain high inference accuracy while drastically reducing bandwidth/power requirements. 2NX is the only solution supporting bitdepths from 16-bit (required for automotive), to 4-bit, resulting in higher performance at lower bandwidth and power. 2NX provides an 8x performance density improvement versus DSP-only solutions, and has class-leading raw performance. With the highest inferences/milliwatt and highest inferences/mm2, it’s the only IP that meets requirements for deploying neural networks within mobile/embedded power/performance envelopes. www.embedded-computing.com/p374621
SAMA5D2 SOM
SILICON
The K83 8-bit MCU family combines a CAN bus with Core Independent Peripherals (CIPs) in a single IC. CIPs increase system capabilities while making it easier for designers to create CAN-based apps without added software. The K83’s array of CIPs enable greater system functionality, reduce software complexity and deliver faster response times at lower clock speeds while using less power. The devices contain 15 CIPs across broad categories. The K83 introduced a simpler and more cost-effective way to design with CAN. It’s much easier to configure a hardware-based peripheral, as opposed to writing and validating an entire software routine, to accomplish a task. http://www.microchip.com/promo/pic18f-k83
Microsemi
www.embedded-computing.com/p374620
PolarFire FPGAs
SILICON
The PolarFire FPGAs feature a crypto graphic processor which encrypts and decrypts data coming in or out of the device. This family also has built in DPA countermeasures so it is extremely secure in protecting your design IP. The PolarFire FPGAs are cost optimized, lowest power mid-range densities. The security features are class leading. Engineers have to use high end, expensive FPGAs to obtain fewer security features that PolarFire offers. This is the first purpose built, cost optimized mid-range density FPGA. Customers enjoy up to 50% lower power, package sizes as small as 11x11 mm and transceivers up to 12.7 Gbps. All this and class leading security. VIDEO: https://www.microsemi.com/videos/polarfire/Microsemi_PolarFire_Intro_1920x1080_final.mp4 http://www.microsemi.com/polarfire www.embedded-computing.com/p374619
Redpine Signals
Ultra-Low Power RS14100 Wireless MCU
http://bit.ly/RedpineRS14100
www.embedded-computing.com/p374618
Renesas Electronics Corporation
Renesas autonomy R-Car V3M/V3H
SILICON
Redpine Signals RS14100 WiSeMCU family of SoCs and modules are the industry’s first Wireless Secure MCU family with a comprehensive multi-protocol wireless sub-system. The RS14100 has an integrated ARM Cortex-M4F ultra-low-power microcontroller, a built-in wireless subsystem, advanced security, high performance mixed-signal peripherals, and integrated power-management. Highlights include industry’s lowest Wi-Fi standby associated power, smallest integrated module, and highest level of throughput in a secure device. Redpine’s RS14100 has been designed based on these critical IoT market requirements to provide an optimal solution for batteryoperated devices.
VIDEO: https://www.youtube.com/watch?v=aVDwcdh84_E www.renesas.com/en-us/solutions/automotive/adas.html
www.embedded-computing.com
SILICON
With an automotive-grade scalable hardware and IP lineup built for high performance and low power, and a robust partner ecosystem, the Renesas autonomy platform lets developers decide what their future of driving looks like. Renesas autonomy R-Car V3M/V3H offers a power conscious and cost-effective hardware solution to meet the growing need for NCAP front camera. R-Car V3H does this by its utilization of dedicated hardware accelerators and IP’s. One challenge for NCAP front camera is heat since it’s mounted next to the windshield. Therefore, the power dissipation by the components needs to be minimized. R-Car V3M/V3H have been designed to overcome this challenge. www.embedded-computing.com/p374617
Embedded Computing Design | Summer 2018
27
INNOVATIVE PRODUCT
TOP INNOVATIVE PRODUCT NOMINEES
SILICON
Texas Instruments
mmWave radar sensors
Engineers are not hindered by environmental factors. Enhanced integration means a smaller size, allowing more flexibility in the types and locations of deployment. 3x more accurate, 0.5 time lower power, 3x smaller, 4 cm range resolution, 1 deg angular resolution, range of 350m+. By enabling a small, cost-effective radar, new ADAS and IoT applications are possible, including safety applications, such as driver monitoring, and detecting children/pets, and building automation. VIDEO: https://www.youtube.com/watch?v=w6f1nwU_GkY&list=PLISmVLHAZbTSi8d3wpDH2SJR_FmsGKyzwww.ti.com/mmwave www.embedded-computing.com/p374616
SILICON
Texas Instruments
MSP430FR6047 microcontrollers for ultrasonic sensing
MSP430FR6047 MCU integrates ultrasonic sensing module with high precision & accuracy for a range of flow rates. The ADC-based technology allows the use of low voltage 3V drivers compared to >20V drivers in current solutions. New MCUs add intelligence to flow meters with a complete waveform capture feature & ADC-based signal processing. This enables more accurate measurement than competitive devices with precision of 25 ps at flow rates <1 liter per hr. ADC-based approach fundamentally changes the way measure flow rate vs. the traditional zero cross detection technique & advanced DSP algorithms help achieve much higher accuracy & adds robustness for the lifetime of the product. VIDEO: https://www.youtube.com/watch?v=5XXFAnr05uE http://www.ti.com/product/MSP430FR6047
SILICON
Western Digital Corporation
SanDisk-branded iNAND 7250A Embedded Flash Drive
The iNAND 7250A embedded flash drive is purpose built with enhanced enterprise class flash memory and controller to meet the evolving data demands of ADAS, cutting-edge infotainment, V2I and other connected technologies. The iNAND 7250A is ISO26262 compliant, built for the extreme reliability and performance critical to automotive, with smart features for enhanced power failure protection, memory health status monitoring and diagnostics. The automotive-grade EFD delivers reliable, fast and responsive performance even in extreme temperatures for connected systems from 3D mapping to diagnostics systems continuously processing analytics to autonomous systems. https://www.sandisk.com/oem-design/automotive/inand
SOFTWARE
AdaCore Technologies
www.embedded-computing.com/p374614
GNAT Pro Assurance
GNAT Pro Assurance is a complete development environment for Ada, C, and/or C++, especially attuned to the needs of long-lived embedded applications. It includes the innovative Sustained Branch service, which allows the user to continue with a specific technology version while receiving updates tailored to that version, such as code generation bug corrections, along with an impact analysis. With Sustained Branch support the user can handle problems arising long after initial deployment where no practical workaround exists, with minimal transition/ reverification costs. Sustained Branches are especially valuable for systems requiring certification under standards such as DO-178B/C for avionics. http://adacore.com/gnatpro/assurance
Automotive Grade Linux
SOFTWARE
www.embedded-computing.com/p374615
www.embedded-computing.com/p374624
AGL Unified Code Base (UCB)
The AGL Unified Code Base (UCB) is an open source software distribution for automotive applications that enables developers to build once and have a product work for multiple OEMs, reducing fragmentation across the industry. The UCB was built by the technical community with a â&#x20AC;&#x153;code firstâ&#x20AC;? approach. Unlike other consortiums, OEMs and suppliers start production programs with the same software base, reducing fragmentation and maximizing code reuse. AGL has united 120+ companies around a shared vision to transform the way automakers build software. Its rapid growth is pushing the industry towards adopting open source methodologies and more agile development processes. VIDEO: https://www.automotivelinux.org/videos https://www.automotivelinux.org/software/unified-code-base
28
Embedded Computing Design | Summer 2018
www.embedded-computing.com/p374625
www.embedded-computing.com
TOP INNOVATIVE PRODUCT NOMINEES Mentor, A Siemens Business
INNOVATIVE PRODUCT
Mentor Embedded IoT Framework
The Mentor Embedded IoT Framework is a multi-cloud solution enabling secure IoT architectures by reducing complexity and costs associated with device porting, scaling, and backend integration supporting multi-OSes of choice. The only comparable competitor is Wind (Intel), who announced their platform in Oct. 2017. Mentor briefed industry analysts who concur that our solution is superior, supporting any processor architecture, and is web-agnostic. VDC Research awarded its 2018 EMBEDDY for best software product to Mentor due to its differentiation and business impact, as the industry’s first secure, comprehensive, cloud vendor-agnostic embedded software framework. VIDEO: https://www.mentor.com/embedded-software/multimedia/overview/iot-frameworkdemonstration-18f10b43-1991-4344-9e8c-1eeec3deb170 www.mentor.com/embedded-software/iot-framework www.embedded-computing.com/p374626
Renesas Electronics
Renesas Synergy™ AE-CLOUD1 Kit with Enterprise Cloud Toolbox v1.1
The Renesas Synergy AE-CLOUD1 kit offers the hardware, connectivity, and software developers need to quickly connect applications securely to Microsoft Azure, Amazon Web Services, Google Cloud Platform, and other clouds. Used with Synergy Enterprise Cloud Toolbox software, the kit simplifies chip-to-cloud IoT connectivity. Unlike other kits, the software can be cut/paste into real projects, enabling code reuse to accelerate development. The kit enables Synergy users to quickly/easily connect their applications to enterprise cloud vendors and evaluate wireless connectivity without cumbersome licensing fees, saving engineers weeks/months on their build time. ™
SparkCognition
SOFTWARE
VIDEO: https://www.youtube.com/watch?v=izgXy7yiJrQ http://bit.ly/RenesasAECLOUD
www.embedded-computing.com/p374627
Darwin™
SOFTWARE
Darwin™ is a machine learning platform that automates the complete data science process enabling embedded/IoT engineers with a workbench to design and deploy models faster with no additional expertise or programming required. Darwin automatically selects the most optimal data science techniques and model architectures to solve a particular problem and quickly iterates through thousands of solutions to reach highly accurate results in less time. Darwin uses a patented approach that blends evolution and backpropagation optimizations to replicate the mind of data scientist and make AI explainable by adding more context within generated solutions and predictions. https://www.sparkcognition.com/darwin/
Wind River
www.embedded-computing.com/p374628
Wind River Titanium Control
SOFTWARE
Titanium Control is an IIoT software platform based on open source components. Its 3-layer decoupling model reduces the risk of vendor lock-in and enables engineers to focus on core competency vs. supporting infrastructure. Accelerated virtual switch enables more high-availability virtual services to run w/ fewer cores (lower hardware costs). We deliver deterministic interrupt latency of average 3µs for time-critical industrial applications. Product delivered as a single pre-integrated image and provides a reliable easy to deploy platform which lowers overhead for installation, operations, maintenance. Feature upgrades keep systems up-to-date/no service downtime. VIDEO: https://www.youtube.com/watch?v=t3rRQORvKOg http://www.windriver.com/products/titanium-control/
zvelo
www.embedded-computing.com/p374629
zvelo IoT Security Platform
SOFTWARE
zvelo IoT Security Platform’s zENSOR can be integrated into embedded designs and gateways, enabling IoT device discovery, profiling & threat detection. This module enables agentless discovery of IoT devices and monitoring. zvelo’s hardware-agnostic software sensor observes unique behavioral fingerprints (MAC, OS, user-agents) and traffic patterns (DNS queries, API calls, etc.) for all network-connected devices. The zvelo IoT Security Platform solves the industry challenge of securing myriad IoT devices that otherwise lack effective built-in security. It does so through (highly scalable) agentless device discovery and monitoring. https://zvelo.com/solutions/iot-security/
www.embedded-computing.com
www.embedded-computing.com/p374630
Embedded Computing Design | Summer 2018
29
INNOVATIVE PRODUCT
TOP INNOVATIVE PRODUCT NOMINEES
SYSTEMS
Avnet Integrated, Inc.
MSC C6B-CFLH COM Express Type 6 Module
The MSC C6B-CFLH is a COM Express Type 6 module based on four- and six-core 8th generation Intel Core processors, providing the highest compute and graphics performance available in a COM Express basic form factor. Supporting triple independent displays at 4K x 2K resolution, DisplayPort 1.2/4, HDMI 1.4, DVI, and up to four USB 3.1/2.0 interfaces, the C6B-CFLH also provides fast DDR4 memory with optional error-correcting code (ECC) and hardware-based security features. http://www.Avnet.com/MSC-C6B-CFLH
SYSTEMS
Avnet Integrated, Inc.
MSC C7B-DV COM Express Type 7 Module
The MSC C7B-DV equips four- to sixteen-core Intel C3000 series processors in a COM Express Type 7 module. The modules support up to five Ethernet interfaces (4x 10 GbE) and up to 22 PCIe lanes, with as much as 48 GB DDR4 ECC memory. A matching ATX carrier board with a board management controller (BMC) brings out Ethernet, PCIe, SATA, and other interfaces for rapid evaluation. http://www.Avnet.com/MSC-C7B-DV
Avnet Integrated, Inc.
SYSTEMS
www.embedded-computing.com/p374631
www.embedded-computing.com/p374632
MSC SM2S-IMX8M SMARC 2.0 Module
The SMARC 2.0-compiant MSC SM2S-IMX8M features NXPâ&#x20AC;&#x2122;s i.MX8M processor with two or four Arm Cortex-A53 cores, an Arm Cortex-M4 real-time processor, and Vivante GC7000Lite 3D graphics GPU. Integrated LPDDR4 memory, 64 GB of eMMC Flash, Gigabit Ethernet, PCIe, USB 3.0, and an onboard wireless module make the SM2S-IMX8M well suited for power-sensitive voice, video, and audio processing applications in the smart home and IoT. http://www.Avnet.com/MSC-SM2S-IMX8M
SYSTEMS
CEVA, Inc.
NeuPro AI Processor Family
NeuPro reduces the high barriers-to-entry into the AI space in terms of both architecture and software. It offers an optimized and cost-effective standard AI platform for a multitude of neural network workloads & applications Being a dedicated AI processor architecture, it offers a significant step up in performance versus existing DSP, CPU or GPU based architectures for implementing neural network applications in edge devices. NeuPro addresses the need for a new processor-type to solve the challenges of AI at the edge. It is a specialized parallel processing architecture, agnostic to any AI workload and supports more than 120 neural networks today. https://www.ceva-dsp.com/product/ceva-neupro/
Data I/O Corporation
SYSTEMS
www.embedded-computing.com/p374633
www.embedded-computing.com/p374634
SentriX Security Provisioning and Data Programming Platform
The SentriX Platform enables h/w RoT provisioning of cryptographic functions including device identity/ authenticity, public/private key pairing, certificate signing, f/w encryption/decryption, secure execution/boot in mfg. SentriX is designed to integrate & simplify the design and manufacture of secure IoT devices. SentriX provisions >2000+ parts per hour in mfg with an integrated multi-tenancy HSM enabling OEMs to support multiple products. The SentriX Platform democratizes security enabling OEMs of all sizes to cost-effectively deliver secured products for OEMs of all size and volumes (1 unit to millions) for 1% to 2% the cost of the product. VIDEO: https://youtu.be/drV3CV68uWk www.dataio.com/sentrix
30
Embedded Computing Design | Summer 2018
www.embedded-computing.com/p374635
www.embedded-computing.com
TOP INNOVATIVE PRODUCT NOMINEES Lattice Semiconductor
INNOVATIVE PRODUCT
Embedded Vision Development Kit
SYSTEMS
The Embedded Vision Development Kit is a modular solution that accelerates development of intelligent, visionenabled devices. It combines the CrossLink video bridging FPGA, low power ECP5 FPGA, and high resolution HDMI ASSP. The development kit is a first-of-its-kind platform that offers Lattice’s FPGAs and HDMI ASSP products in a single solution, enabling low-power image processing in mobile-influenced system designs faster and at a low-cost. The Embedded Vision Development Kit accelerates the adoption of mobile-influenced technology for machine vision, smart surveillance cameras, robotics, AR/VR, drones and Advanced Driver Assistance Systems (ADAS) applications. VIDEO: https://www.youtube.com/watch?v=C9cIy0hrAdc www.embedded-computing.com/p374636 http://www.latticesemi.com/Products/DevelopmentBoardsAndKits/EmbeddedVisionDevelopmentKit.aspx
Microchip Technology Inc.
SAMA5D2 SOM
SYSTEMS
Creating an industrial-grade MPU-based system running a Linux operating system requires vast design efforts. The SOM integrates power management, non-volatile boot memory and Ethernet PHY on a small PCB, simplifying design. Customers can use the Arm Cortex-A5-based SOM for volume production without sacrificing quality. Development code is mainlined in the Linux communities, so you can connect external devices with minimal software development. In addition to stable supply and long-term production, the SOM reduces design efforts, shortens time to market, reduces project risk and replaces the supply of 169 components with a single device. http://www.microchip.com/SAMA5D2SOM
Nordic Semiconductor
www.embedded-computing.com/p374637
Nordic Thingy:52 IoT Sensor Kit
SYSTEMS
The Thingy:52 is a compact, multisensor kit for simplifying IoT design. It is a high-performance wireless product, yet its ease-of-use allows simple IoT prototyping via a smartphone without the need to design hardware or code. At $39, Thingy:52 is a flexible and powerful IoT development tool. Its performance is superior to competitors because it’s based on Nordic’s commercial ARM M4F nRF52840 Bluetooth 5 SoC and advanced Bluetooth LE stack. Thingy:52 offers a new approach to IoT design because it’s used to create prototypes without the need to write code. That opens up the IoT to a new cohort of developers and encourages the design of thousands of new products. VIDEO: https://youtu.be/itXVj17HxJg?list=PLx_tBuQ_KSqGxPYolUpfTB6tx2X6TlAaU www.nordicsemi.com/eng/Products/Nordic-Thingy-52 www.embedded-computing.com/p374638
Technologic Systems
TS-7553-V2
SYSTEMS
The TS-7553-V2 is a low power, Internet-of-Things (IoT) capable, and ready-to-deploy OEM board. The TS-7553-V2 offers the ability to communicate seamlessly with several different networks simultaneously. With onboard peripherals the system can connect to Ethernet, WiFi, Bluetooth and other networks. Built in module interfaces allow expansion to Cellular, DigiMesh, ZigBee, Lora, and other proprietary or industry specific networks. The TS-7553-V2 allows you to talk to anything from one board. It’s versatility and utility will allow more dynamic development in the IIoT space. The guaranteed 10+ year lifecycle ensures a long-term deployment in the field. https://www.embeddedarm.com/products/TS-7553-V2
TECHWAY
www.embedded-computing.com/p374639
WildcatFMC – High-speed optical FMC for harsh environments
SYSTEMS
The WildcatFMC provides unique high-density, high-speed optical communications in a rugged format to address the requisites of embedded computers. It features the cutting-edge D-Lightsys® optical technology from RADIALL. The WildcatFMC range achieves up to 24 channels @ 12 Gbps, organized in 24 TX or 24 RX or 12RX+12TX. These rugged optical communications boards draw on the FMC 57.1 and the new 57.4 VITA standards. WildcatFMC is dedicated to high-bandwidth data communication in harsh environments. WildcatFMC is the perfect solution to implement new paradigms in embedded computers such as direct optical ADC/JESD interfaces or backplanes. http://www.techway.fr/fiche-detaillee?id_categorie=1&id_sous_categorie=25&id_produit=185 www.embedded-computing.com/p374640
www.embedded-computing.com
Embedded Computing Design | Summer 2018
31