Computer security once meant annoying viruses on PCs. Then, the stakes increased. Hacking into business and government systems exposed personal and financial information to fraud, theft and embezzlement. Now though, the security of embedded systems—or, more accurately, the insecurity of embedded systems—poses a threat to very critical data.

Today, the world runs on data and every bit or byte should be considered a potential target of attack. At the same time, both software and hardware systems are becoming much more complex, connected and interdependent. And with complexity comes vulnerabilities. The billions or trillions of lines of code and the interrelated hardware modules, subsystems and partitions all crammed on tiny slices of silicon are a hacker’s delight.

Of course, hackers are not standing still. Reports of vulnerabilities in embedded systems go on and on: satellite communication systems, wireless base stations, laser printers in residences and businesses, the smart electrical grid, medical devices like defibrillators and many other systems are at risk. There has only been an increased need for security in multicore embedded systems-on-chips (SoCs) as the years have passed. Embedded devices like heart equipment, smartphones and automotive control units rely on multiple components including embedded SoCs to protect the control center.

First, lets introduce these elements that must be present to help secure an Arm®-based application processor with multiple cores in an embedded system. Second, the foundational layer of security for these processors, secure boot, is examined in greater detail because with secure boot the system is protected from “power on.” Without secure boot the system has a gap from “power on” to usage. With the ever-changing nature of threats, security will always be a moving target.

Protecting a system from hackers, those that would like to steal data or take over a system to use it differently than it was intended, is the goal of the security aspects of the system. This is different than the related concept of functional safety. Safety is more focused on making sure the system responds to a wide variety of situations in an organized fashion, failing gracefully if needed. The combination of these concepts implies the system will operate as intended out in the real world where things break and bad actors exist.

Security threats are always present and, with the rapid proliferation of the Internet of Things (IoT), those threats can come from anywhere, even inconspicuous and low-cost end-node devices. The basic security question is not whether a system will be attacked, but rather, when it will be. This leads to the conclusion that security is just as much about risk management as it is protection.

Given that the system may come under attack, how can system designers reduce the risk of a security breach to the absolute lowest level?