Skip navigation

In today’s world, computer security is becoming very important due the exponential increase in malware and ransomware attacks. Various studies have shown that a single malicious attack can cost companies millions of dollars and can require significant recovery time. With the growth of employees working remotely and connected to a network considered less secure than traditional corporate network, employee’s computer systems can be perceived as a weak security link and a risk to overall security of the company. Operating System (OS) and independent hardware vendors (IHV) are investing in security technologies which will make computers more resilient to cyberattacks.

 

Microsoft recently announced their Secured-core PC initiative which relies on a combined effort from OEM partners, silicon vendors and themselves to provide deeply integrated hardware, firmware and software for enhanced device security. As a leading silicon provider to the PC market, AMD will be a key partner in this effort with upcoming processors that are Secured-core PC compatible.

 

In a computer system, low level firmware and the boot loader are initially executed to configure the system. Then ownership of the system is handed over to the operating system whose responsibility is to manage the resources and to protect the integrity of the system.

 

In today’s world, cyberattacks are becoming increasingly sophisticated, with threats targeting low level firmware becoming more prominent. With this changing paradigm in security threats, there is strong need to provide end customers with an integrated hardware and software solution which offer comprehensive security to the system.

 

This is where the Microsoft Secured-core PC initiative comes into the picture. A Secured-core PC enables you to boot securely, protect your device from firmware vulnerabilities, shield the operating system from attacks and prevent unauthorized access to devices and data with advanced access controls and authentication systems.

 

AMD plays a vital role in enabling Secure-Core PC as AMD’s hardware security features and associated software helps safeguard low level firmware attacks. Before we explain how AMD is enabling Secured-Core PC in next gen AMD Ryzen products, let’s first explain some security features and capabilities of AMD products.

 

SKINIT: The SKINIT instruction helps create a “root of trust” starting with an initially untrusted operating mode. SKINIT reinitializes the processor to establish a secure execution environment for a software component called the secure loader (SL) and starts execution of the SL in a way to help prevent tampering SKINIT extends the hardware-based root of trust to the secure loader.

 

Secure Loader (SL): The AMD Secure Loader (SL) is responsible for validating the platform configuration by interrogating the hardware and requesting configuration information from the DRTM Service.

 

AMD Secure Processor (ASP): AMD Secure Processor is dedicated hardware available in each SOC which helps enable secure boot up from BIOS level into the Trusted Execution Environment (TEE). Trusted applications can leverage industry-standard APIs to take advantage of the TEE’s secure execution environment.

 

AMD-V with GMET: AMD-V is set of hardware extensions to enable virtualization on AMD platforms. Guest Mode Execute Trap (GMET) is a silicon performance acceleration feature added in next gen Ryzen which enables hypervisor to efficiently handle code integrity check and help protect against malware.

 

Now let’s understand the basic concept of firmware protection in a Secured-core PC. The firmware and bootloader can load freely with the assumption that these are unprotected code and knowing that shortly after launch the system will transition into a trusted state with the hardware forcing low level firmware down a well-known and measured code path. This means that the firmware component is authenticated & measured by the security block on AMD silicon and the measurement is securely stored in TPM for further usage by operating systems including verification and attestation. At any point of time after system has booted into OS, the operating system can request AMD security block to remeasure and compare with old values before executing with further operations. This way the OS can help ensure integrity of the system from boot to run time.

 

The firmware protection flow described above is handled by AMD Dynamic Root of Trust Measurement (DRTM) Service Block and is made up of SKINIT CPU instruction, ASP and the AMD Secure Loader (SL). This block is responsible for creating and maintain a chain of trust between components by performing the following functions:

  • Measure and authenticate firmware and bootloader
  • To gather the following system configuration for the OS which will in turn validate them against its security requirements and store information for future verification.
    • Physical memory map
    • PCI configuration space location
    • Local APIC configuration
    • I/O APIC configuration
    • IOMMU configuration / TMR Configuration
    • Power management configuration

 

Whilst the above methods help in safeguarding firmware, there is still an attack surface that needs to be protected, the System Management Mode (SMM). SMM is a special-purpose CPU mode in x86 microcontrollers that handles power management, hardware configuration, thermal monitoring, and anything else the manufacturer deems useful. Whenever one of these system operations is requested, an interrupt (SMI) is invoked at runtime which executes SMM code installed by the BIOS. SMM code executes in the highest privilege level and is invisible to the OS. Due to this, it becomes attractive target for malicious activity and can be potentially used access hypervisor memory and change the hypervisor.

 

Since the SMI handler is typically provided by a developer different then the operating system and SMM handler code running at a higher privilege has access to OS/Hypervisor Memory & Resources. Exploitable vulnerabilities in SMM code leads to compromise of Windows OS/HV & Virtualization Based Security (VBS). To help isolate SMM, AMD introduces a security module called AMD SMM Supervisor that executes immediately before control is transferred to the SMI handler after an SMI has occurred. AMD SMM Supervisor resides in AMD DRTM service block and the purpose of AMD SMM Supervisor is to:

 

  • Block SMM from being able to modify Hypervisor or OS memory. An exception is a small coordinate communication buffer between the two.
  • Prevent SMM from introducing new SMM code at run time
  • Block SMM from accessing DMA, I/O, or registers that can compromise the Hypervisor or OS

 

To summarize, AMD will continue to innovate and push boundaries of security in hardware, whether it is DRTM service block to help protect integrity of the system, the use of Transparent Secure Memory Encryption (TSME) to help protect data or Control-flow Enforcement technology (CET) to help prevent against Return Oriented Programming (ROP) attacks. Microsoft is a key partner for AMD and as part of this relationship there is a joint commitment with the Secured-core PC initiative to improve security within software and hardware to offer a more comprehensive security solution to customers.

 

 

Akash Malhotra is Director of Security Product Management at AMD. His postings are his own opinions and may not represent AMD’s positions, strategies or opinions. Links to third party sites are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied.

At AMD, we are excited to celebrate Exascale Day along with Oak Ridge National Laboratory and Cray, a Hewlett Packard Enterprise Company, as our research and development teams are hard at work to change the world of computing with the groundbreaking Frontier supercomputer.

 

Frontier is expected to be the most powerful supercomputer of all time when it goes live, with an expected performance upwards of 1.5 exaFLOPS, or 1.5 billion, billion calculations per second. Powered by AMD EPYC™ CPUs, Radeon™ Instinct GPUs, Radeon Open eCosystem (ROCm) and EPYC open source software, Frontier targets more than five times faster performance than the world’s current reigning fastest supercomputer.

 

We are optimizing AMD Radeon Instinct GPUs and AMD EPYC CPUs in a 4:1 GPU to CPU configuration which will allow us to achieve high throughput of data. AMD’s Infinity Fabric will support high-speed connections between processors and allow Frontier to hit historic, sustained high-performance computation across the system.

 

As we approach and pass the barrier of exascale computing, the Frontier supercomputer opens up new possibilities for scientific research. Oak Ridge National Labs, Cray and AMD have created the Center for Accelerated Application Readiness (CAAR) program to develop applications designed for problems which only Frontier can help solve:

 

  •       Princeton University: to simulate future states of the Milky Way galaxy using massive amounts of satellite and telescope data in an astrophysical simulation code called Cholla.
  •       ORNL: to use a codebase known as Combinatorial Metrics (CoMet) to study the genetics of opioid addiction and toxicity, chronic pain, Alzheimer’s, and autism.
  •      Georgia Institute of Technology: to run GPUs for Extreme-Scale Turbulence Simulations (GESTS) to simulate turbulence with nearly 35 trillion grid points in order to better understand fluid turbulence as it relates to pollution, ocean currents and astrophysics.
  •      Virginia Polytechnic Institute and State University: to study the Lattice Boltzmann Methods of Porous Media (LBPM) code to understand the volumetric maps of mineral composition in order to train neural networks to predict future geometric configuration of fluids.
  •      ORNL: to run calculations of realistic condensed matters from first principles (FP) calculations, previously inaccessible before Frontier, through the Locally Self-Consistent Multiple Scattering (LSMS)
  •      University of Illinois at Urbana-Champaign: to use Frontier in conjunction with codebase Nanoscale Molecular Dynamics (NAMD) to understand viruses like Zika and pave the way for new drugs and vaccines to prevent future outbreaks.
  •      Michigan State University: to study complex-time dependent phenomena at the particle level such as nuclear reactions and fission through symmetry-projection techniques on a code called Nuclear Coupled-Cluster Oak Ridge (NuCCOR).
  •      University of Delaware: to develop advanced particle accelerators for radiation therapy of cancer, high energy physics, and photon science using code Particle-in-cell on Graphics Processing Units (PIConGPU).

 

This list inspires the work we do every day, as it takes the millions of hours of work that has gone into the latest AMD processors and brings it to life in tangible ways that will truly change the future. AMD is proud to be at the forefront of innovation and discovery through our collaboration with Cray and Oak Ridge National Laboratory. Working together with these exceptional technology partners and the researchers Frontier aims to empower, we can redefine the future of high-performance data centers and  have a profound effect on advancing science and technology.  

 

Cautionary Statement

This blog contains forward-looking statements concerning Advanced Micro Devices, Inc. (AMD) including, but not limited to, the expectations and benefits of the Frontier supercomputer, which are made pursuant to the Safe Harbor provisions of the Private Securities Litigation Reform Act of 1995. Forward-looking statements are commonly identified by words such as "would," "may," "expects," "believes," "plans," "intends," "projects" and other terms with similar meaning. Investors are cautioned that the forward-looking statements in this blog are based on current beliefs, assumptions and expectations, speak only as of the date of this blog and involve risks and uncertainties that could cause actual results to differ materially from current expectations. Such statements are subject to certain known and unknown risks and uncertainties, many of which are difficult to predict and generally beyond AMD's control, that could cause actual results and other future events to differ materially from those expressed in, or implied or projected by, the forward-looking information and statements. Investors are urged to review in detail the risks and uncertainties in AMD's Securities and Exchange Commission filings, including but not limited to AMD's Quarterly Report on Form 10-Q for the quarter ended June 29, 2019.

The AMD Embedded business provides SoCs and discrete GPUs that enable casino gaming companies to create immersive and beautiful graphics for the latest in casino gaming platforms, which are adopting the same high-quality motion graphics and experiences seen in modern consumer gaming devices.

 

AMD Embedded provides casino and gaming customers a breadth of solutions to drive virtually any gaming system. The AMD Ryzen Embedded V1000 SoC brings CPU and GPU technology together in one package, providing the capability to run up to four 4K displays from one system. The AMD Ryzen Embedded R1000 SoC is a power efficient option while providing up to 4X better CPU and graphics performance per dollar than the competition[i].

 

Bringing New Embedded GPU Options to Customers

Beyond SoCs, AMD also offers embedded GPUs to enable stunning, immersive visual experiences while supporting efficient thermal design power (TDP) profiles. AMD delivers three discrete GPU classes to customers with the AMD Embedded Radeon ultra-high-performance embedded GPUs, the AMD Embedded Radeon high-performance embedded GPUs and the AMD Embedded Radeon power-efficient embedded GPUs. These three classes enable a wide range of performance and power consumption, but most importantly offer features that the embedded industry demands including planned longevity, enhanced support and support for embedded operating systems.  

 

Continuing to provide our customers with more choice, high performance and better power efficiency, we are launching two new versions of the AMD Embedded Radeon GPUs, the E9560 and the E9390. These two new cards are in the PCIe form factor, use 8GB of GDDR5 memory and support 4K high-speed video, 3D visualizations and other compute-intensive graphics applications seen in the casino and arcade gaming.

 

For customers that need the superior performance with an Embedded GPU, the E9560 delivers up to 11%[ii] more performance compared to the existing E9550. It does this with 36 compute units, a TDP of 130W or less and up to 5.7 theoretical TFLOPS of performance.

 

For the customer that is looking for better power efficiency, the E9390 has a TDP of 75W or less with 28 compute units and provides up to 3.9 theoretical TFLOPS of performance.

 

Beyond more choice, we’ve heard from our customers about an area of concern when it comes to graphics processors. The memory used by graphics cards, GDDR5, is being phased out across the industry for an updated standard, GDDR6. To help our customers manage this transition, the E9560 and E9390, as well as our existing ‘Polaris’ architecture E-Series GPUs will have planned availability until 2022.

 

New Platforms Based on AMD Embedded Processors

Our ability to provide customers with high-performance CPUs and GPUs that can power the video and graphics demanded by modern gaming is evident in the companies bringing new systems to the market:

  • Casino Technology, a casino gaming company based in Europe, just announced its support for the AMD Ryzen Embedded V1000 SoC, bringing discrete-GPU caliber graphics and multimedia processing to their slot machine customers.
  • Quixant announced a new generation of gaming controllers, the QXi-7000 LITE, are using the AMD Ryzen Embedded R1000 SoC, enabling game design to be pushed to the limit.

 

Come by the AMD booth #3814 at the G2E Casino Gaming convention and you can see how AMD embedded solutions provide the eye-catching graphics and enable the rewarding experiences of next-gen gaming, from touch screens to 3D graphics and more. As well, the booth will have numerous solutions and systems from other casino and gaming companies using AMD embedded products including Advantech, Axiomtech, iBase Gaming, IGT, Scientific Games, Sapphire and TUL

 

Stephen Turnbull is the director of product management and business development, Embedded Solutions, AMD. His postings are his own opinions and may not represent AMD’s positions, strategies or opinions. Links to third party sites are provided for convenience and unless explicitly stated, AMD is not responsible for the contents of such linked sites and no endorsement is implied.  GD-5

 

[i] Testing done at AMD Embedded Software Engineering Lab on 3/13/2019.  The AMD R1505G Embedded scored 360 running CineBench R15 Multi-core and 1,988 running 3DMark11 benchmarks. The Intel Core i3-7100U (Kaby Lake) scored 254 running CineBench R15 Multi-core and 1,444 when running 3DMark11 benchmark which measures Graphics performance.  Recommended Customer price for Intel Core i3-7100U is $261 as of 4/1/2019 (check https://ark.intel.com/content/www/us/en/ark/products/95442/intel-core-i3-7100u-processor-3m-cache-2-40-ghz.html). DBB price for R1505G is $80. System Configurations: AMD Embedded R1505G used an AMD R1505G Platform, with a 2x8GB DDR4-2400 RAM, 250GB SSD Drive (non-rotating), TDP 15W, STAPM Enabled and ECC Disabled, Graphics Driver 18.50_190207a-339028E-AES, BIOS RBB1190B, Microsoft Windows 10 Pro. The Intel Core i3-7100u used an HP 15inch Notebook with i3-7100u with Intel HD Graphics 620, 1x8GB DDR4-2133 RAM, 1 TB 5400 rpm SATA, Microsoft Windows 10 Pro, Graphics Driver 21.20.16.4627, BIOS F.07.  EMB-159

[ii] Testing conducted by AMD Performance Labs as of 10/09/2019 on the AMD Radeon Embedded E9550 PCIe module and AMD Radeon Embedded E9560 PCIe module on an AMD Dibbler Embedded reference platform using 3DMark 11. Results may vary. EMB-163

Introducing the AMD Ryzen 5 and AMD Ryzen 7 Microsoft Surface Edition Processors: A New Level of Responsiveness and Speed in an Ultra-Slim Design

We are thrilled to announce the new AMD Ryzen Surface Edition processors built exclusively for Microsoft Surface Laptop 3. This is the first-ever 15” Surface laptop from Microsoft, with AMD computing and graphics technology under the hood.

The new Microsoft Surface Laptop 3 extends the long-standing collaboration between Microsoft and AMD from the world of Xbox console gaming to the PC. Just as we have done with our Xbox collaboration, AMD and Microsoft set out several years ago with a shared vision to bring the best of both companies together to revolutionize the laptop. Thanks to the tens of thousands of hours of co-development work to combine the fastest AMD mobile processor for ultrathin laptops with significant software and system optimizations from Microsoft, the Microsoft Surface Laptop 3 delivers the best user experience in an ultra-slim laptop. The co-engineering behind the Surface simultaneously provides unprecedented performance and all-day battery life in a sleek, lightweight design at only 3.4 lbs. Like an expertly crafted and finely tuned racecar, Microsoft Surface Laptop 3 offers a unique user experience through several key performance features.

Microsoft Surface Design Team

Photo: With Brett Ostrum, CVP, Microsoft Surface and Microsoft Surface Design Team

Key performance features to unlock while “driving” Microsoft Surface Laptop 3:

  • Go from idle to full boost in the blink of an eye: We challenged ourselves to improve Smart Performance Shift with enhanced highly tuned predictive algorithms that adapt to the end-user workload on-demand, delivering a perfect balance of battery life and peak performance under virtually any situation. This re-engineered approach provides a hybrid-turbo-like capacity for bursts up to 4 GHz of “Zen+” CPU performance or take what is already the world’s fastest performing graphics for ultrathin laptops to new heights when needed. 
  • Effortless acceleration when needed: The specifically customized AMD Ryzen Microsoft Surface Edition processor inherits from the graphics core architecture of Xbox One and includes one additional compute unit more than any other AMD Ryzen mobile processor for an extra boost of graphics horsepower. Complex content creation and machine learning workloads seamlessly offload to the massive parallel-processing GPU engine through AMD Radeon  OpenCL and WinML drivers. Microsoft Surface Laptop 3 harnesses the power of its compute and graphics resources to drive demanding content creation and gaming workloads in an ultrathin laptop.
  • Crystal clear, vivid display: Connected to a world-class GPU engine with AMD FreeSynctechnology controlling a high resolution (200 DPI) display. Lean back and enjoy movies or games smoothly on-the-go, building upon the same leadership Radeon GPU technology found in the Xbox One X. AMD’s wide color gamut and display color calibration enable vivid on-screen colors in games and videos that better match real life.
  • Dynamic responsiveness: A fully optimized pen interface delivers unparalleled precision through the revolutionary on-die pen controller. The fully optimized pen software stack takes up to 200 measurements per second. Paired with the optimized Bluetooth stack, Windows scheduling priority, and foreground application boost – the pen has never been more powerful.
  • Roadside assistance: Re-architected system software from firmware capsule storage to recovery of critical system functions gives peace of mind that the system is stable, robust, and protected from failures.  
  • Be heard even in a crowded arena: Next-level voice detection optimized to perform even in noisy or echo-filled environments powered by a superior DSP algorithm – the Microsoft Surface Laptop 3 voice assistant is always on, always ready for the next spoken request.
  • A quick start is everything: Fast storage access delivers the highest performance from the internal SSD, dramatically reducing application start, system boot, and file copy times. 
  • No need for pit-stops: The system constantly monitors vital processor and skin temperatures to deliver the highest performance possible while keeping Microsoft Surface Laptop 3 cool to the touch.  A new Windows system management framework enables the processor to directly negotiate the power policy with the OS.  Microsoft added specific optimizations for the first time in the Windows OS to ensure that all the applications have the best environment to shine.
  • Always connected: Power and performance-optimized WiFi stack with Modern Standby delivers super-fast transfer speeds when needed most and always stays connected on-the-go.
  • Stay cool while in the driver’s seat: Microsoft Surface Laptop 3 is performance-modeled for maximum thermal management headroom through thousands of hours of thermal simulations. The ultimate combination of processor thermal calibration and containment, and system thermal dissipation sustains those demanding content creation and gaming workloads.

 

This is just the beginning of an exciting relationship and co-engineering with the Surface team, and we look forward to continued collaboration that pushes the boundaries of what is possible in technology and gaming.

We can’t wait for users to take Microsoft Surface Laptop 3 for a spin. This amazing new, ultra-slim laptop will truly satisfy their need for speed.

Paven Davuluri (Microsoft), Panos Panay (Microsoft), Lisa Su (AMD), Jack Huynh (AMD), Sebastien Nussbaum (AMD)

Photo: Pavan Davuluri, Distinguished Engineer, Microsoft Surface; Panos Panay, Chief Product Officer, Microsoft Surface; Lisa Su, AMD CEO; Jack Huynh, CVP & GM, Semi-Custom, AMD; Sebastien Nussbaum, CVP, Engineering, Semi-Custom, AMD

                                                                                                                                                                                           

Jack Huynh is Corporate Vice President and General Manager for AMD's Semi-Custom Group.