In recent years, incidents of supply chain disruptions have become frequent. Although the recent two incidents are not directly related to our country, they inevitably evoke a sense of loss and concern.
First, ARM’s cancellation of the instruction set architecture license to Qualcomm indicates that commercial reputation is worthless in the face of economic interests. Second, the removal of 11 Russian developers’ contributions from the Linux kernel shows that the spirit of open source is difficult to maintain in the face of political disputes.
Both incidents occurred abroad, but domestic ARM CPU manufacturers should also be vigilant and learn from history, using past experiences as a guide for future actions.
ARM Architecture is Insecure
Security is a system engineering challenge. The so-called security classification levels of L1, L2, L3, and L4 are essentially self-deception. True security can only be achieved when the CPU instruction set, IP core design, chip production, and packaging are completely independent, and when the operating system and application software are fully controllable.
Currently, domestic ARM chips based on ARM instruction set architecture or IP core licensing find it difficult to achieve true security. For example, domestic ARM mobile chip manufacturers have purchased ARM Cortex A9, A7, A15, A53, A57, A72, A73, A76, A77 CPU cores over the past decade, which reflects a pattern of introducing one generation while falling behind another, repeatedly relying on ARM for better CPU cores and TSMC for superior processes. This model, where design and manufacturing are both external, carries significant risks; any change in the international environment could lead to a shock.
Moreover, the inability to freely extend the purchased instruction set architecture or IP core results in many inherent vulnerabilities and backdoors carried by ARM that cannot be repaired, making the CPU a lamb to the slaughter. From the vulnerabilities that have already emerged, domestic ARM chips struggle to cope with critical vulnerabilities like Spectre and memory vulnerabilities, which can lead to serious issues such as confidential information leaks and attacks on cloud computing systems.
Currently, security researchers have discovered numerous serious security vulnerabilities in ARM architecture CPUs. For example:
1. CVE-2024-5660 Memory Access Error Vulnerability.This vulnerability exists in ARM V8.2 architecture processors. It allows modified, untrusted customer operating systems to jeopardize the security of the host system, making it exploitable by attackers for system attacks in cloud computing scenarios.
2. UnTrustZone Vulnerability.Attackers can copy secret data to SRAM within TrustZone through secure calls and exploit this vulnerability to recover secret data from SRAM, thereby breaching TrustZone’s security isolation.
3. TIKTAG Vulnerability.This vulnerability reveals flaws in memory protection on ARM processors. For ARM v8.2 architecture, the lack of implementation of MTE results in missing memory protection functions, or even if MTE is implemented, this vulnerability prevents ARM v8.2 architecture from fully defending against memory attacks. This vulnerability targets Arm’s Memory Tagging Extension (MTE) and uses speculative execution to leak MTE memory tags, bypassing critical protection mechanisms against memory corruption. Using the TIKTAG vulnerability gadget, attackers can accurately leak MTE tags in real applications like Google Chrome and the Linux kernel within seconds, thereby compromising memory protection mechanisms.
4. CVE-2024-10929 SPECTRE-BSE Ghost Vulnerability.There exists a ghost vulnerability in ARM architecture CPUs known as Spectre-BSE (Spectre Branch Status Eviction). This vulnerability allows attackers to control the victim’s branch history, thereby controlling the victim’s branch prediction path, indicating that the defenses against ghost vulnerabilities in ARM v8.2 architecture may not be thorough.
5. Leaky MDU Side Channel Vulnerability.This vulnerability exploits the MDU side channel to speculate on victim address information, thereby breaking security features like KASLR. Attackers can obtain victim address information by leveraging state changes in the disambiguation unit, further accessing secret data dependent on that address information.
ARM Licensing is Unreliable
Over the past decade, domestic companies have introduced a large number of CPUs from abroad, establishing MIPS, SPARC, Power, ARM, and X86 CPUs in mainland China. In practice, after the onset of the tech war initiated by the United States, there have been instances of supply shortages and “out of stock” situations for ARM chips.
When American politicians make threats, ARM has stated that it will comply with U.S. sanctions, severing all cooperation and communication with companies in mainland China. When the international situation eases, ARM promotes compliance, expressing a willingness to do business with China. Practice has proven that ARM lacks the ability to counter U.S. sanctions and is essentially not immune to international political risks.
In the past, domestic ARM manufacturers liked to boast about their so-called ARM instruction set licensing, but in reality, this licensing cannot withstand international political risks and is also difficult to avoid commercial risks.
Take ARM’s lawsuit against Qualcomm as an example. ARM issued a “60-day mandatory notice to terminate the architecture license agreement” to Qualcomm in the lawsuit, proving that ARM’s licensing can be revoked, and ARM can sell licenses externally, which naturally means it can also cancel licenses.
Indeed, the final judgment of the U.S. court favored Qualcomm, but that does not mean that Chinese companies will receive the same protection from U.S. courts. After all, Qualcomm’s lobbying groups, legal resources, and political-business relationships in the U.S. are not something any Chinese company can easily challenge, and ARM is still a publicly traded company in the U.S. If a Chinese company gets involved in a similar lawsuit, the outcome will not be much better than that of the previously shocked Jin Hua.
ARM’s cancellation of the instruction set architecture license to Qualcomm and the removal of 11 Russian developers’ contributions from the Linux kernel share a common point: the sanctioned parties are all building on someone else’s land.
It seems free, but regardless of how much your construction increases the value of the land, it does not prevent the landlord from expelling you and swallowing your construction results, then bringing in others to continue the construction. Therefore, the only way to avoid being choked is to build on your own land.
ARM Development is Not Autonomous
Although ARM CPU manufacturers claim in presentations that the Loongson instruction set lacks sustainable development capabilities, they can continue to evolve based on ARM V9 licensing. In reality, Loongson is the truly independent instruction set with autonomous development capabilities, while domestic ARM CPU manufacturers can only follow ARM’s lead.
Specifically, the ARM route has an endless purchasing problem. The ARM instruction set has been updated to V9, and it will certainly be updated to V10, V11 in the future. Previously, domestic ARM purchased V8 licensing, now they have purchased V9 licensing; when ARM updates to V10, will domestic ARM manufacturers have to purchase again? If this endless purchasing continues, then where does the so-called autonomy of domestic ARM lie?
In terms of autonomy, Loongson’s independent instruction set, with all core IP designed independently and a self-built software ecosystem, has the strongest autonomy. If Loongson can succeed, it can achieve a tripartite balance among X86, ARM, and LoongArch, establishing a division of the world.
In contrast, domestic ARM is essentially a vassal within the ARM system, constrained by ARM in terms of technology and profits, and must continuously pay royalties to ARM. Last year, ARM went public in the U.S., with the Chinese market accounting for 38% of its revenue, making the Chinese market an important source of ARM’s revenue and profits.
Here, I must criticize the so-called self-developed CPU of domestic ARM. Since they have developed it independently and do everything themselves, why do they still have to pay ARM high licensing fees every year?
The value of self-research is determined by the amount of patent fees paid to foreign companies. If there are no patent fees at all, it must be true self-research; otherwise, it is pseudo self-research.
With the annual payment of huge licensing fees to ARM and nearly 40% of ARM’s revenue coming from the Chinese market, how can domestic ARM CPUs have the audacity to claim autonomy?
Conclusion
In fact, the appropriate positioning of domestic ARM chips should be as commercial chips, integrating Western technology systems, purchasing ARM licenses and TSMC processes, benefiting from the Android software ecosystem, and expanding territory in the commercial market, providing domestic mobile manufacturers with more affordable ARM chips, thereby enhancing their bargaining power against Qualcomm and MediaTek.
In practice, to ensure information security, it is essential to have a CPU that is completely independent from the instruction set, IP core design, chip production, and packaging. Domestic ARM chips are not suitable as the cornerstone of autonomous information systems. Especially in scenarios with high requirements for security and autonomy, ARM should not be forcibly promoted.