Armv9 architecture to focus on AI, security, and “specialized compute”

Armv9

Armv8 was announced in October 2011 as the first 64-bit architecture from Arm. while keeping compatibility with 32-bit Armv7 code. Since then we’ve seen plenty of Armv8 cores from the energy-efficient Cortex-A35 to the powerful Cortex-X1 core, as long as some custom cores from Arm partners. But Arm has now announced the first new architecture in nearly ten years with Armv9 which builds upon Armv8 but adds blocks for artificial intelligence, security, and “specialized compute” which are basically hardware accelerators or instructions optimized for specific tasks. Armv9 still supports Aarch32 and Aarch64 instructions, NEON, Crypto Extensions, Trustzone, etc…, and is more an evolution of Armv8 rather than a completely new architecture. Some of the new features brought about by Armv9-A include: Scalable Vector Extension v2 (SVE2) is a superset of the Armv8-A SVE found in some Arm supercomputer core with the addition of fixed-point arithmetic support, vector length in multiples of 128, up to 2048 bits. Useful for specialized DSP […]

USB2IO high-speed interface explorer tool combines Intel Cyclone 10 FPGA and STM32H7 MCU

USB2IO interface explorer

In the second part of 2020, we’ve seen a fair amount of USB debugging tools for electronics designers and hardware hackers including the Glasgow Interface explorer with an ICE40 FPGA. But if you need even more flexibility or higher I/O speeds (up to 300 MHz), DAB Embedded USB2IO interface explorer should help thanks to the combination of an STMicro STM32H7 MCU and an Intel Cyclone 10 FPGA. USB2IO interface explorer hardware specifications: MCU – STMicro STM32H743 Arm Cortex-M7 @ 480MHz CPU clock An external 64MB QSPI flash for extra FPGA code storage; FPGA  – Intel Cyclone 10LP (10CL040) with 40k logic elements, 1,134 Mbit embedded memory, 126 DSP blocks External memory – 32MB SDRAM for MCU and FPGA (64MB in total) Storage – 64MB QSPI for connected to MCU for FPGA code storage I/Os via 20-pin external header/connector 16 x GPIO mode (single-ended), 8x LVDS pair mode or a mix of 2 modes depending on firmware configuration Supported logic levels […]

Protocol Droid is a USB bridge board to I2C, CAN Bus, RS485, UART, SPI, etc. (Crowdfunding)

Protocol Droid

We’ve seen some interesting USB hardware hacking/debugging boards in the last two months with Tigard, Ollie, and Glasgow Interface Explorer each with their own price point and features, but with the goal of replacing multiple other programming or debug boards you may need for your projects. Protocol Droid is another one of such USB boards for electronics designers and hardware hackers. It offers I/O connectivity via terminal blocks for I2C, CAN Bus, RS485, UART, SPI, and other interfaces. Protocol Droid key features and specifications: MCU – Unnamed STMicro microcontroller Host interface – Micro USB port Core Interfaces: I²C controller & peripheral modes SPI controller & peripheral modes RS485 controller & peripheral modes CAN Bus UART 2x PWM 2x ADC 2x DAC Debugging / programming interfaces – 7-pin JTAG/SWD unpopulated header Power Sources – 3V & 5V DC with limited current via 2-pin terminal blocks All interfaces are available simultaneously through the USB port., and the developer provides a program to […]

Glasgow Interface Explorer is an iCE40 FPGA based hardware debugging tool (crowdfunding)

Glasgow Interface Explorer

We’ve seen some pretty interesting boards for hardware hackers and reverse engineers in recent months with the likes of Ollie and Tigard USB debug boards that allow interfacing various hardware interfaces and/or flashing firmware to different types of target boards. Here’s another one: Glasgow Interface Explorer. Based on Lattice Semi iCE40 FPGA, the board is described as being “designed for hardware designers, reverse engineers, digital archivists, electronics hobbyists, and anyone else who wants to communicate with a wide selection of digital devices with minimum hassle”. Glasgow Interface Explorer specifications: FPGA – Lattice Semiconductor iCE40HX8K FPGA USB – 1x USB-C port connected to FX2 high-speed USB interface capable of 480 Mbps throughput I/O headers 2x 8-channel I/O banks with 16 highly flexible I/O Each I/O bank comes with A dedicated programmable linear voltage regulator, configurable from 1.8 V to 5 V and providing up to 150 mA of power A dedicated sense ADC capable of monitoring the I/O bank voltage and […]

Bootterm – a developer-friendly serial terminal program

There are plenty of terminal programs to access the serial console from minicom or screen to Putty. But Willy Tarreau was not quite happy with those tools, so he decided to write his own: Bootterm. I was terribly fed up with the current state of serial terminals, which either don’t cope well with errors, or take ages to start, making you lose the first characters, or don’t support non-standard speeds etc. I finally wrote mine to address all that at once, plus support for automatic port detection (the last registered one is the good one by default), waiting for the port to be ready, and also support fixed or timed captures. And a few environment variables make it possible not to type any argument at all yet have the expected behavior. If that’s something of interest to you, you can check it there: https://github.com/wtarreau/bootterm It’s still young (no support for automatic speed switching nor macros yet) but pretty usable, and […]

Ollie USB board exposes isolated UART, CAN, USB, RS485 & RS232 interfaces (crowdfunding)

Ollie USB board

Just like months, we wrote about Tigard open-source USB FT2232H board for hardware hacking with easy access to OpenOCD, JTAG, Cortex, flashrom interfaces used to debug/flash boards, extra I/Os with UART, SPI, and I2C, as well as a header to connect a logic analyzer and observe signals. If the board does not exactly match your requirements, Ollie USB board might, also it may not serve exactly the same purpose(s). The board acts as a USB bridge to isolated UART (x2), CAN, USB, RS485, and RS232 interfaces. Ollie specifications: MCU – STMicro STM32F042 Arm Cortex-M0 microcontroller with CAN interface Host interface – Micro USB port Isolated interfaces (all with ESD protection) 2x UART ports up to 12 Mbps with 1.8/3.3/5 V voltage levels (set by slide switch) CAN bus based on CANable/CANtact open hardware, flashed with dual firmware CANtact and Candlelight (switch selectable) and equipped with termination resistor switch Downstream USB – USB Type-A connector up to 12 Mbps; current limited […]

Tigard is an open-source FT2232H board for hardware hacking (Crowdfunding)

Tigard FT2232H board hardware hacking

There is plenty of cheap 5V or 3.3V USB to TTL debug boards used to access the serial console and/or program boards, but FTDI FT2232H based Tigard open-source hardware board does much more than that as it supports multiple protocols, multiple voltages for hardware hacking & debugging. The developer explains Tigard can be used as a drop-in replacement for dozens of other hardware tools based on FTDI chips and includes native support OpenOCD, FlashROM, and more. Tigard board specifications: Main chip – FTDI FT2232HQ dual high-speed USB to multi-purpose UART/FIFO IC Primary port dedicated to UART including access to all flow control signals Secondary port shared among dedicated headers for SWD, JTAG, SPI, and I²C USB – USB 2.0 Type-C (480 Mbps) port I/Os 9-pin UART header Qwiic I2C connector 8-pin SPI & I2C header 8-pin JTAG header 10-pin Cortex debug header 14-pin logic analyzer (LA) header to observe device-level signals Directional level-shifters for 1.8 to 5.5 V operation Misc […]

Nordic Semi nRF52 WiSoCs are Susceptible to Debug Resurrection using APProtect Bypass

nRF52 APProtect

Nordic Semi nRF52 are popular wireless Cortex-M4 SoCs with Bluetooth 5.0 and 802.15.4 radios. APProtect (Access Port Protection) is a new security feature of nRF52 MCUs designed to enable readback protection and disable the debug interface. This is supposed to prevent an attacker to obtain a copy of the firmware that would allow him/her to start the reverse engineering process or access some sensitive data such as keys and passwords. It’s all good, except “LimitedResults” managed to bypass APProtect and permanently resurrect the debug interface on nRF52840-DK and a Bluetooth mouse. This requires physical access to the hardware and relies on a fault injection technique. The APProtect background and hacking technique are all explained in detail on LimitedResults blog post, but basically he first had to remove some capacitors and use a low-cost homemade voltage glitching system combines with an oscilloscope to try to locate a particular pattern into the power consumption. The goal was to find when the User […]