Transmeta builds security features into Crusoe chips

Recognizing that security is not just a software problem anymore, Transmeta will build hardware security technology into the architecture of its flagship Crusoe processor that will store sensitive information and improve the performance of security algorithms.

The company has received samples of Crusoe processors with the new technology, and expects to ship those chips in volume in the second half of 2003, said Walter Sun, senior product manager at Transmeta.

The security technology adds new security features to Crusoe processors, which are designed to operate in low-power environments such as notebooks and Tablet PCs. Users will be able to store digital certificates and authentication keys in a tamper-proof section of the microprocessor invisible to hackers, and run popular encryption technologies faster than current processors allow, Sun said.

The Crusoe processor uses a very long instruction word (VLIW ) architecture to simplify the number of tasks executed by the chip, similar to proprietary server chips that use a RISC architecture. Other PC processors from companies such as Intel or Advanced Micro Devices are made with more complex architectures that use Intel’s x86 instruction set.

Since the underlying hardware is simplified, VLIW processors need to use code-morphing software to translate the x86 code in applications and operating systems developed for those chips into Transmeta’s native machine code. That software needs to be stored directly on the chip, separate from the BIOS software.

Transmeta created interfaces to that storage space so users can keep their most sensitive information directly on the processor, completely separate from a PC’s hard drive, operating system, or application, Sun said.

“Conventional x86 processors don’t tackle design with a software/hardware hybrid approach. The hybrid architecture inherently provides more security, because there is code and storage directly on the chip,” he said.

The other portion of the new technology involves hardware acceleration for encryption algorithms such as Data Encryption Standard, DES-X, and Triple-DES. A hardware accelerator is a dedicated piece of hardware that can perform tasks faster than software. It is used for critical applications that must have the increased computational ability of hardware, despite the higher cost.

The dedicated hardware for the DES algorithms will improve the performance of file and disk data encryption, as well as the common VPN encryption standard, IPSec, Sun said. Application developers will also be able to tap into the hardware accelerator to protect crucial data using Transmeta Security Extensions, which translate Transmeta’s proprietary hardware language to x86 instructions, he said.

Because Crusoe was developed with the hybrid approach, focusing on both hardware and software control, the processor will be more responsive to changes in security technologies, and Transmeta will be able to implement those newer technologies more quickly than its competition, Sun said.

Intel announced it is working on a similar hardware-based security technology at the Fall Intel Developer Forum last September. LaGrande Technology represents a total platform approach to security, said Daven Oswaldt, an Intel spokesman. It will combine hardware-based security for processors and chipsets with trusted platform modules from the Trusted Computing Platform Alliance (TCPA), of which Intel is a founding member. LT is still several years away from mainstream release, and specfic details have not been released, Oswaldt said.

An AMD spokesman could not be reached for comment.

While improved security is the main selling point of the new technology, it can also be used to enforce digital rights management (DRM) policies. Microsoft is working on software called Palladium that it will include in future versions of Windows to prohibit unauthorized duplication of copyright material.

While DRM technologies appear to protect the copyright holder, they can also be used to prohibit users from making copies of movies or music they purchase for their own use. For example, media companies could sell DVDs that only work on platforms certified by the TCPA and Palladium that don’t allow unauthorized copying.

The TCPA and Microsoft are working together to mesh the hardware and software DRM technologies, and Transmeta’s technology could be used for the same purposes, a Transmeta spokesman said.

“Transmeta’s security technology was not designed to specifically target DRM technologies. DRM applications can certainly utilize our secure, hidden storage facilities to protect the digital certificates that they use, but we also see broader application into embedded markets, especially as we work towards extending our secure storage mechanisms beyond mere data to provide protection of entire algorithms and other intellectual property that our customers may wish to hide from the user-visible x86 space,” the spokesman said.

The technology will be included in shipments of the Crusoe TM5800 processor and future Crusoe processors, Sun said. Transmeta is also working on a next-generation processor, code-named Astro. It will be available in the third quarter and represents a 30% to 40% performance improvement over the current TM5800 processor, Transmeta said.