Masked ROM a solution for speed and security?
hinv
Posts: 1,255
I had a thought. I don't know if this is the right place for this, but I know there are quite a few smart people here that can answer my questions.
From what I understand masked ROM could solve a few problems I can think of.
1. Speed. I think masked ROM is quite a bit faster than SDRAM, or maybe even SRAM. If the operating system of a computer was put in directly addressed, masked ROM, I am guessing it could really increase the performance of a system, especially servers.
2. Security. With all of the security threats out there, including the NSA and other organizations of people that call themselves "government", having an unchangable operating system could eliminates some of these threats.
3. Durability. From what I understand, cells in SSD's wear out, many times even faster than old fashioned mechanical hard drives. Does masked ROM ever wear out?
My questions are these:
How dense can masked ROM be? Can it be as dense as those 2GB Package On Package SDRAMs that are on top of many arm processors out there?
How much does it cost to manufacture real masked ROMs?
How long does it take to turn around an order for masked ROM?
From what I understand masked ROM could solve a few problems I can think of.
1. Speed. I think masked ROM is quite a bit faster than SDRAM, or maybe even SRAM. If the operating system of a computer was put in directly addressed, masked ROM, I am guessing it could really increase the performance of a system, especially servers.
2. Security. With all of the security threats out there, including the NSA and other organizations of people that call themselves "government", having an unchangable operating system could eliminates some of these threats.
3. Durability. From what I understand, cells in SSD's wear out, many times even faster than old fashioned mechanical hard drives. Does masked ROM ever wear out?
My questions are these:
How dense can masked ROM be? Can it be as dense as those 2GB Package On Package SDRAMs that are on top of many arm processors out there?
How much does it cost to manufacture real masked ROMs?
How long does it take to turn around an order for masked ROM?
Comments
Also, it is a bit difficult to sort out what architectural context you are thinking -- microcomputers or microcontrollers.
Mircocomputers have long had solid-state hard disks that are very fast, can be partitioned with sections being read-only, and can apply Unix-like rights to partitions, directories and files. Seems as though most of what you are thinking about may already have a good solution... after all, a lot of intelligent people are very seriously working on good security.
I'm not sure this idea works from a security point of view.
Let's say my OS and all my commonly used executables are in a ROM.
That's nice. Nobody who breaks in and no rogue software I happen to run can mess with my installation.
BUT. Code is big and buggy. Security holes are just bugs after all. So, those holes that are in my OS are unfixable if the code is in ROM. I cannot close the vulnerabilities with updates.
As Loopy says one can always mount ones OS file system as read only. Then it cannot be hacked by random code but the owner can update it when he wants to.
Or, a preferred solution now a days is to run your system in a virtual machine.
What I am talking about is having ROM for the OS connected directly to the processor much like a DIMM of ram is. It should be faster than ram, lower power than either RAM or SSD, and not wear out like an SSD. You could also have an instant on operating system much like the old micros where you had a READY prompt before the monitor even warmed up.
I think this would be excellent in call phones, for instance (not on a DIMM in this case) because of low power requirements, fast boot times, and more security against hacking (assuming that the manufacture didn't put in back doors already).
Mounting as Read Only is not the same level of security as having a device that cannot be written to.
The FS could be unmounted, modified, and then remounted again.
Right now, if you want to know that your OS hasn't been hacked, you need to boot off of CDROM. This would be somewhat similar, except much faster and much lower power.
I forgot to mention that using masked rom for OS could lower part count also which might offset the cost of producing the chip.
You should not get so hung up on the technology of how this is might be implemented. At the end of the day my system can change stuff or not. Volatile vs non volatile. Mutable vs immutable. That can be done by using real diodes as storage elements. Or by having your OS file system image mounted as read only.
As a recent example, Linux systems were in the news because of the "shell shock" bug. Google it. If my Linux OS were in some PROM I would have a lot of trouble upgrading and closing that security hole. I would have to be physically changing chips in your scheme Luckily the solution was just an "apt-get update; apt-get upgrade" away.
At the end of the day a system is booted and running from RAM. No matter if the code it booted from is mutable or not. That running system is vulnerable if the code it booted from has bugs and holes.
If you want to use Linux, you have to deal with whatever others are interested in achieving.
Nonetheless, Linux has done a lot of this and Heater and I both have worked with something similar in OpenWrt loading a Linux OS into router boards. Part of the file system is read-only and requires a reload of firmware to modify; another part pretty much works as a small file system for convienient transfers of files and to add on applications. It is not a ROM set up, but since all is in SRAM, it is extremely fast. The early EEEpcs had a similar setup.
Locking a whole OS into silicon is a road to financial ruin. Parallax includes log tables, sine tables, characters, and a boot loader -- which are useful and less likely to have a bug discovered.
It is not that this can't be done. It is that the industry has found what they feel is a saner way of achieving the same goals. You might enjoy hacking a WR703 or MR3020 to see what has been acheived.
This is already done, but only as far as software stability permits.
Even many Microcontrollers now have sizable ROMs, that include the Bootloader, and numerous common stable libraries - so large portions of software resource can be in ROM.
( I saw that the recent Atmel SAM-A5, has 160K of ROM)
A full OS in ROM has problems with size and updates to that OS, so usually systems stop short of trying to do that.
Some flash memory can be made OTP-like, via the WP pin, so if you really want to secure an OS (but still allow physical-access level updates), you can do that.
That's the best of both worlds, safe from external attack, but not as rigid as true ROM.
Thanks for the mention of Shellshock. It was quite scary considering how many devices I have that were affected...still have some updating to do...
You made a good point, and the fact that I was affected drove your example home. I don't know how I am going to get some of my computers(devices) with bash updated. It makes my initial question of cost of even greater importance, and can solve some issues for some non-tech people easier (even some tech types that don't want to learn every platform they have). If it is cheap enough, and easy enough, some would like to just pop out a chip and pop it in again. This would seem hard to do with what I had in mind, mainly execute in place ROM which would require a lot of connections(ie. pins). So that leads us back to the first questions. How much does it cost to produce masked ROM chips with your own code on them?
It is one thing to put a boot loader in rom, but that only get's used once every boot. To actually have a fully functioning OS on masked ROM which would get executed in place would be used possibly a million times a second, not once per boot could lead to huge performance gains. When I see DDR3 wait times of 9-9-9-24, I think of all of the time that is wasted fetching memory. I know caches illeviate much of this, but not all.
I think using masked ROM for the os is better suited to cell phones that get thrown out every few years anyways. Lower power and faster execution could go a long way in this market, though longer time to market developing the ROM would not be a welcome change in this industry segment.
Loopy thanks for the mention. I will look into the wr703n.
I'm not sure it is any safer.
Consider, the entire operating system I am using now could have been started up from a read only device. Along with all the applications I have running.
Fine, I can be confident that no matter what I try to do. I cannot damage those files. Further, I can be confident that if somebody manages to gain control of my machine via some security hole, perhaps a bug in some code. Perhaps a wrong configuration or permissions setting, then the intruder cannot damage any of those files either.
That's all well and good but see what happened here? I have an OS safe and sound in a ROM but I'm owned whist I'm running!
That ROM did not save me.
It is true that if I know I have been hacked I can be confident everything is in good condition on the next reboot. But one can achieve that effect in a normal disk/SSD whatever system by mounting it as read only.
ROM for Full-OS just has too many production logistics issues, and even true-rom is rare in parts that also have Flash.
Instead, they tend to use a OTP bit, or a WP pin, to 'emulate' ROM.
Another trend is Execute in Place (XIP), where they try to make Serial Flash Memory (small and cheap) fast enough that code does not need to be first copied into DRAM before being run.
XIP has real merit also on mid-sized Microcontrollers where the pin-cost of a full parallel memory can be too high, but often you want decent Code/Font type read rates.
Hopefully, the coming 64io P2 will have some support for XIP.