Intel

August 2018: Spectre Returns, Freestanding C++, Technology Radar

Welcome to the August 2018 edition of the Embedded Artistry Newsletter! This is a monthly newsletter of curated and original content to help you build superior embedded systems. This newsletter is intended to supplement the website and covers topics not mentioned there.

This month we'll cover:

  • More Speculative Execution attacks: SpectreRSB and NetSpectre
  • The new version of the Freestanding C++ proposal
  • The Embedded Artistry Technology Radar
  • Interesting links from around the web
  • Embedded Artistry website updates and popular posts

Speculative Execution Attacks

Earlier this year we covered Spectre and Meltdown, two speculative execution vulnerabilities that affect a majority of the world's processors. In June, there was another announcement regarding an Intel speculative execution vulnerability dubbed lazy floating-point state restore.

The trend continues, and two more speculative execution attack vectors have come to light in the past few weeks:

  • SpectreRSB, which exploits speculative execution of the return stack buffer
  • NetSpectre, a remote attack which does not require attacker-controlled code to run on the victim's machine

Exploring these speculative execution vulnerabilities is a great way for embedded developers to learn the details about how processors work.

SpectreRSB

SpectreRSB is a speculative execution vulnerability which exploits the return stack buffer (RSB). The RSB is a structure similar to the branch predictor which is used to predict return addresses. When a call instruction is issued, the RSB pushes the return address onto an internal hardware stack.

SpectreRSB has six variants, but the basic flow is as follows:

  1. Context switch to the attacker:
    • The attacker flushes shared address entries (i.e. flush reload)
    • The attacker pollutes the RSB with the target address of a payload gadget in the victim’s address space
  2. The attacker yields the CPU back to the victim
  3. The victim eventually executes a return
    • Speculative execution occurs at the address which the attacker injected into RSB
  4. Control switches back to the attacker, data is leaked

The authors of the paper claim that the existing mitigations against Spectre variant 1 do not protect against SpectreRSB. Intel claims that SpectreRSB is related to branch target injections which have already been mitigated. On some processors, an RSB refilling patch is available that interferes with SpectreRSB’s attack mechanism.

Intel, AMD, and ARM processors are affected, as they all utilize RSBs to predict return addresses.

More on SpectreRSB:

NetSpectre

The NetSpectre vulnerability is related to Spectre variant 1 in that it uses speculative execution to perform bounds-check bypass. NetSpectre can be used to defeat address-space layout randomization on a remote system.

Unlike other Spectre variants, NetSpectre does not require a victim to download and run malicious code their machine. Instead NetSpectre only requires the victim to have an active network connection. NetSpectre variations are currently too slow to be valuable to attackers, with exfiltration speeds between 15 and 60 bits/hr. Even if the attack vector is not currently usable, it demonstrates that Spectre is not simply a local vulnerability.

It’s reported that all CPUs affected by the Spectre variant 1 are also affected by NetSpectre, therefore existing vendor mitigations should be enough to protect against it. These mitigations require firmware and OS updates, so unpatched devices remain vulnerable.

More on NetSpectre:

New Freestanding C++ Proposal

In the June 2018 Newsletter, we mentioned the C++ standards proposal to support a "Freestanding" C++ language subset which is suitable for use without an underlying operating system.

A new version of the Freestanding proposal has been released: P1105R0: Leaving no room for a lower-level language: A C++ Subset.

The primary goal of the proposal is to make core language features (such as exceptions, RTTI, and thread local storage) optional if they have an OS dependency or incur storage space overhead. This would better-enable C++ to support the embedded systems and kernel programming communities.

For more on Freestanding C++:

Embedded Artistry's Technology Radar

I was introduced to the Technology Radar concept while at Bredemeyer Consulting's Software Architecture Workshop. The Technology Radar concept was created by ThoughtWorks, and they regularly publish updates to their own radar.

I immediately latched onto the concept as a way to keep track of the technologies and techniques that we are investigating at Embedded Artistry. The technology radar also helps us document the solutions that we recommend others adopt.

We’ve identified four categories that we plan to explore as an embedded systems consulting firm:

  1. Tools
  2. Libraries and Frameworks
  3. Platforms (both hardware and RTOS)
  4. Techniques

We've released the first-draft of our technology radar and will update it on an ongoing basis.

You can find our Technology Radar on the website under the Resources menu.

For more on technology radars:

Around the Web

IT Hare has published another article on (Re)Actors: CAS (Re)Actor for Non-Blocking Multithreaded Primitives.

An amusing RISC-V smear campaign by ARM has brought a lot of public attention to the RISC-V architecture. If you're unfamiliar with RISC-V, check out this IEEE article: RISC-V's Open-Source Architecture Shakes Up Chip Design. You can learn more on the RISC-V Foundation website.

Segger, who produces the J-Link and J-Trace tools, has announced their own C-based embedded OS called emPack. In addition to an operating system, Segger is also providing emPack plugins for GUI, File System, TCP/IP, USB-Device, USB-Host, and more.

Website Updates

We've launched a Store page, where we will be adding templates and informational products that embedded teams can leverage. Both free downloads and paid downloads are in the Store.

We've created a Support page which will stay updated with the ways you can support the website.

We updated the following blog posts this month:

Our Glossary is always expanding and has been updated with a plethora of new terms.

As mentioned we added a link to the Embedded Artistry Technology Radar under the Resources menu.

New Articles

These articles were published on our website in July:

These were our most popular articles in July:

  1. Circular Buffers in C/C++
  2. Jenkins: Configuring a Linux Slave Node
  3. Installing LLVM/Clang on OSX
  4. std::string vs C-strings
  5. Jenkins: Running Steps as sudo
  6. An Overview of C++ STL Containers
  7. Implementing an Asynchronous Dispatch Queue
  8. A Simple Consulting Services Agreement
  9. Creating and Enforcing a Code Formatting Standard with clang-format
  10. Demystifying ARM Floating-Point Compiler Options

Thanks for Reading!

Have any feedback, questions, suggestions, interesting articles, or resources to recommend to other developers? Simply reply to this email!

While you wait on the next edition, check out the website or follow us on Twitter.

Happy hacking!

-Phillip

September 2017

Welcome to the September 2017 edition of the Embedded Artistry Newsletter! This is a monthly newsletter of curated and original content to help you build better embedded systems. This newsletter is intended to supplement the website and covers topics not mentioned there.

This month we'll be covering:

  • Follow-up Bluetooth Mesh reading recommendations
  • A flexible 2.4GHz antenna suitable for metal surfaces
  • A selection of 2017 embedded market reports that are worth reviewing
  • The incredible engineering behind the Voyager spacecraft
  • How Intel's chip design advances have allowed them to keep Moore's Law alive
  • Building your own SMT reflow oven using a halogen lamp

Bluetooth Mesh Articles

In last month's newsletter, we reviewed two major additions to Bluetooth: Bluetooth 5 and Bluetooth Mesh. Since Bluetooth Mesh is fresh off the press, the Bluetooth SIG has been published some great articles to demystify the new standard.

Check out these recent posts:

A Flexible 2.4GHz Antenna for Metal Surfaces

I was surprised to see an announcement this month regarding an antenna designed for metal surfaces. Building connected devices can be quite a challenging experience. You need to give careful attention to antenna placement and tuning in order to optimize your product's performance. These challenges increase significantly if your product has integrated metal. Metal surfaces can wreak havoc on your antenna design, resulting in antenna detuning, efficiency losses, and reduced communication ranges.

Laird's new mFlexPIFA antenna looks like a promising solution for products with metal enclosures. The mFlexPIFA is about the size of a quarter and is built for 2.4GHz devices. The antenna is adhesive-backed and can be mounted directly onto metal surfaces without detuning the antenna. The design is also flexible, allowing you to mount your antenna to curved surfaces.

Consider this antenna solution in your next connected design, especially if it involves a metal enclosure

More on the FlexPIFA antenna:

2017 Embedded Systems Market Studies & Surveys

"Embedded systems" is a blanket term describing a vast array of devices with differing purposes, computational capabilities, and reliability levels. It's easy to forget the differences in embedded applications and devices, and I find that reviewing market surveys provides some great insight into how the field is developing. I want to share three market surveys with you today:

The Hax hardware accelerator's embedded market study focuses on general trends in hardware development, development directions in different sectors (e.g. consumer, health, industry), automation (which has taken off in China), and hardware funding models.

The AspenCore market survey is less focused on where the market is heading. Instead it dives into areas such as development practices, tools, project timelines, and processor selection.

The Barr Group's embedded systems safety and security survey provides some interesting and alarming insights. They conclude that even though there is increased risk of bodily injury, many automotive design teams are still not using best practices such as static analysis, regression testing, coding standards, and code reviews.

In reading these surveys, I noticed the following general trends:

  • C is still dominating in the embedded space
  • More and more projects are using multiple processors
  • Industrial sensing and automation is rising
  • Devices are becoming increasingly "connected"
  • In many cases best practices are being overlooked

The Voyager Mission Celebration Series

All About Circuits has been celebrating the 40th anniversary of the Voyager I and II spacecraft by dedicating a series of articles to them. The articles dive into the electronics and engineering behind these incredible systems. I have an intense level of respect for the engineers who built such reliable systems without the bountiful computational and technological capabilities that we have today. It would be amazing if any of my devices are still operating 40 years from now, even on the comfortable confines of Earth!

Ten excellent articles have been published in the Voyager spacecraft series:

  1. Voyager Mission Anniversary Celebration Series: Introduction
  2. Powering the Voyager Spacecraft with Radiation: The RTG (Radioisotope Thermoelectric Generator)
  3. Communicating Over Billions of Miles: Long Distance Communications in the Voyager Spacecraft
  4. The Brains of the Voyager Spacecraft: Command, Data, and Attitude Control Computers
  5. Exploring the Solar System with the Voyager Spacecraft’s Cameras, Polarimeters, and Magnetometers
  6. The Infrared Interferometer, Spectrometer, and Radio Astronomy of the Voyager Spacecraft
  7. How the Voyager Missions’ Plasma Science Investigations Teach Us About Solar Winds
  8. The Low Energy Particle Instruments on the Voyager Spacecraft
  9. The Voyager Mission: Insight into Our Solar System
  10. Voyager Anniversary Celebration: 40 Years in Space

The New York Times has recently published "The Loyal Engineers Steering NASA’s Voyager Probes Across the Universe" which takes a look at the human side of the Voyager missions.

While not part of the Voyager series, there was another recent article describing how the space race gave us GPS. If you're interested in the history and theory behind GPS, take a look at "How the Space Race Gave Us GPS Technology".

Intel's New Processor Designs Keeping Moore's Law Alive

This article was published earlier in the year, but I still think its an illuminating read. Back in 2002, Intel announced a breakthrough with their new field effect transistor ("FinFET") design, dubbed the "tri-gate transistor". In 2011, Intel finally announced their first chips built with tri-gate transistors and that the new transistor was the official future of Intel's processing lines. The 2011 announcement involved a 22nm process, and Intel followed that up in 2014 with a 14nm process. Intel is continuing to maintain their 14nm process and finally coming out with a 10nm process this year.

At a time when keeping up with Moore's Law seems like an impossible task, Intel has managed to keep the law alive: both their 14nm and 10nm processes have more than doubled in transistor density. Intel credits their "hyperscaling" techniques, such as reducing the number of dummy gates required to isolate logic cells and stacking metal contacts above gates. These hyperscaling techniques give Intel a transistor density advantage over their competitors at the same process size. For example, Samsung's 10nm process is comparable in transistor density to Intel's 14nm process.

While I don't think I'll be writing firmware for Intel-powered embedded devices in the near future, I'm excited to see the pressure that Intel's 10nm process puts on other chipmakers. Size is a major concern in the embedded world, so I'm certain we will see some of these hyperscaling techniques applied to other chip families in the future.

More on Intel's new architecture, Transistors, and Moore's Law:

Build Your Own SMT Reflow Oven With a Halogen Lamp

I've been slowly building an electronics lab over the years, and I'm lucky enough to possess an oscilloscope, a bench-top DMM, and a logic analyzer. One project I've had in mind is building an SMT reflow oven. Being able to reflow boards would increase assembly and repair capabilities. I was thrilled to find a blog post about building an SMT reflow oven using a halogen lamp. The author was able to build his own SMT reflow oven for ~$30 by using a halogen lamp, an AC dimmer, and a reflow oven controller.

I discovered the SMT reflow project through Dangerous Prototypes. Check out their website if you're looking for electronics projects to tackle in the future.

Website Updates

I've made a few updates to the website:

  • Updated the Development Kits page to have a much nicer presentation style. Each development kit has its own dedicated blog post, allowing me to provide more detailed information for each kit.
  • Added more terms to the Glossary

These were the most popular articles over the past month:

  1. An Overview of C++ STL Containers
  2. Installing LLVM/Clang on OSX
  3. Choosing the Right STL Container: General Rules of Thumb
  4. C++11 Fixed Point Arithmetic Library
  5. Circular Buffers in C/C++

Happy hacking!

-Phillip