Arm has launched its first new architecture in a decade, Armv9, which address security through a new confidential compute architecture (CCA) and the ever-increasing artificial intelligence (AI) workloads with new scalable vector extension (SVE) technology.
Armv9-A is a set of extensions to the Armv8-A architecture, and part of a rolling program of substantial enhancements to the architecture to be deployed over the next few years.
The new architecture features a roadmap that introduces the Arm confidential compute architecture (CCA), developed in close collaboration with Microsoft. Confidential computing shields portions of code and data from access or modification while in-use, even from privileged software, by performing computation in a hardware-based secure environment. It is based on a concept of dynamically created Realms, useable by all applications, in a region that is separate from both the secure and non-secure worlds.
For example, in business applications, Realms can protect commercially sensitive data and code from the rest of the system while it is in-use, at rest, and in transit. In a recent Pulse survey of enterprise executives, more than 90% of the respondents believe that if confidential computing were available, the cost of security could come down enabling them to dramatically increase their investment in engineering innovation.
Microsoft’s Henry Sanders explained the context, “The increasing complexity of use cases from edge to cloud cannot be addressed with a one-size-fits-all solution.” Sanders, who is corporate vice president and chief technology officer, for Azure Edge and platforms, added, “As a result, heterogeneous compute is becoming more ubiquitous, requiring greater synergy among hardware and software developers. A good example of this synergy between hardware and software are the ArmV9 confidential compute features which were developed in close collaboration with Microsoft. Arm is in a unique position to accelerate heterogeneous computing at the heart of an ecosystem, fostering open innovation on an architecture powering billions of devices.”
The Arm CCA builds on the foundations of Arm TrustZone, which provides system-wide hardware isolation for trusted software. Confidential compute is important for client devices, but it also has universal value as it keeps data encrypted while in transit, at rest, and isolated by the hardware while in use. In the cloud that can also mean protecting physical CPUs as well as virtualized processors running next to third party code.
Another aspect of security in the new architecture is the Arm memory tagging extension (MTE), which will be an integral part of the first generation Armv9-A based processors. Memory corruption is a major tool in a hacker’s inventory – many well-publicized data security breaches of the past 30 years have resulted from exploiting vulnerabilities in how computers store and recall data from memory. If a hacker knows the location of an important string of data, they can overwrite it with malicious code.
MTE enables developers to lock strings of data using a ‘tag’. That data can then only be accessed with the right key, held by the ‘pointer’—the code that is tasked with calling data from memory. Arm said implementing lock-and-key access is a huge step in securing not only the code but the data it processes.
SVE technology evolves from work with Fujitsu
The other key aspect of the new architecture is the need to address more and more AI workloads everywhere. For example, according to research from Statista, it is estimated there will be more than eight billion AI-enabled voice-assisted devices in use by the mid-2020s, and 90 percent or more of on-device applications will contain AI elements along with AI-based interfaces like vision or voice.
To address this need, Arm partnered with Fujitsu to create the scalable vector extension (SVE) technology, which is at the heart of Fugaku, the world’s fastest supercomputer. Building on that work, Arm has developed SVE2 for Armv9 to enable enhanced machine learning (ML) and digital signal processing (DSP) capabilities across a wider range of applications.
Vectors, which are one-dimensional arrays of data, have been fundamental to high performance, energy-efficient computing. The more vectors a computer can handle in parallel, and the longer those vectors are, the more powerful the computer will be. In Armv8-A, as standard, vectors are 128 bits in length. With Armv9’s SVE2 upgrade, chip designers can choose a vector length in multiples of 128, up to 2048 bits – providing significant parallel compute capability. While SVE was initially developed for the high performance computing (HPC) space, SVE2 in Armv9 extends SVE support for a range of specialized DSP and XR (augmented and virtual reality) workloads, from genomics to computer vision.
SVE2 enhances the processing ability of 5G systems, virtual and augmented reality, and ML workloads running locally on CPUs, such as image processing and smart home applications. Over the next few years, Arm will further extend the AI capabilities of its technology with substantial enhancements in matrix multiplication within the CPU, in addition to ongoing AI innovations in its Mali GPUs and Ethos NPUs.
Arm’s chief executive officer, Simon Segars, said, “As Armv9 evolves, v9-M profiles will become available, and they will enable a new wave of applications. Meanwhile, we’re getting the developer world ready by providing advanced tool support and a model-based development platform so there’s no lag between v9-based devices coming available and the ability of software developers to take advantage.”
This includes the launch of virtual prototypes supporting SVE2 on its developer platform this year, and the upstreaming of compiler support for SVE2 for GCC and LLVM. Arm is also providing a variety of C++ compiler support for intrinsics and auto-vectorization. These tools will enable the fast and easy porting of workloads to get them working on virtual v9-based targets.
Arm’s Richard Grisenthwaite, an SVP, chief architect and fellow at the company, said, “Addressing the demand for more complex AI-based workloads is driving the need for more secure and specialized processing, which will be the key to unlocking new markets and opportunities. Armv9 will enable developers to build and program the trusted compute platforms of tomorrow by bridging critical gaps between hardware and software, while enabling the standardization to help our partners balance faster time-to-market and cost control alongside the ability to create their own unique solutions.”
Arm rolled out many supporting partner quotes for the new architecture.
Cadence said the Armv9 is well-positioned to deliver the ever-increasing levels of performance, security and specialization required by tomorrow’s products, and its optimized digital flows have demonstrated early successes, showcasing the power and performance benefits of the Armv9 architecture. Google talked about exploring MTE to mitigate memory-related vulnerabilities, which the company said is hugely important for improving security across a wide range of connected devices.
Samsung Electronics said the new architecture offers a substantial improvement in security and machine learning, the two areas that will be further emphasized in tomorrow’s mobile communications devices. The company added that it expects to see the new architecture usher in a wider range of innovations to the next generation of Samsung’s Exynos mobile processors.
Synopsys said the architecture opens up many new possibilities across a range of markets as it consider next generation challenges including 3D IC design, machine learning and smart process, voltage and temperature monitoring.
VMware considered how the Armv9 architecture would help improve security and performance even further across the hybrid cloud. Its customers are adopting Arm-based SmartNICs to make their infrastructure more efficient and more secure. It announced support for SmartNICs with VMware Project Monterey, which is designed to optimize performance, introduce a zero-trust security model, make distributed firewalls practical, and extend VMware management value to bare-metal environments.