The Era of Home Automation as a Service is here
Once there is a unified industry standard protocol for device control, the door is wide open for any entity to offer home automation services. All that is required is a service platform, somewhere in the home, that has a Matter SDK and the appropriate radio interfaces. The job is made much easier with related industry standards that simplify the development of that node such as projects Cassini and Centauri, the foundational platform certification programs aimed at promoting industry wide platform standardization (more on this later).
Home Automation-as-a-Service Platform is a new term reflecting the emergence of a new category of product in the market. The capabilities of the HAaaS (Figure 1) are defined by the software it is running. The platform is designed to be upgradable, meaning new services, algorithms and features can be added as they become available over time. This is made possible with future-proofed hardware and the provision for over-the-air (OTA) updates. The following sections will go into detail about key features of a HAaaS.
Figure 1: A cloud-native, software-defined HAaaS Platform
1. Heterogeneous compute The complex and varied applications that HAaaS platforms are required to run necessitate the use of heterogeneous compute hardware. The term heterogeneous computing refers to systems that use more than one type of processing. CPUs are typically the primary processing element in a heterogenous system all workloads. CPUs come in various sizes relating to compute performance and power consumption. In many cases, dedicated compute blocks such as NPUs or GPUs are also required to handle specific workloads such as ML, usually for latency reasons.
Before we get to the section of available silicon, here is a brief tour of the underlying architecture and IP for the general-purpose CPUs.
Security is a key built-in feature of all recent Cortex processors as connectivity is expected from all future devices which then requires security by design.
Future home automation services need to leverage ML workloads extensively for situational awareness, which can require significant compute resources. The performance requirements of an application can vary substantially based on the complexity of the underlying ML model. Highly optimized use cases can have a complexity of less than 1 GOP/s, whereas high end use cases can have complexities north of 20 TOP/s, representing orders of magnitude difference. As a result, a device must have the correct hardware for the desired use case. High-end applications will require dedicated resources to run properly, whilst simpler applications should take advantage of lower performance requirements and therefore select lower cost, more efficient hardware.
Since the HAaaS Platform will need to control home devices over WIFI, and 802.15.4 then usually an always-on low power Cortex-M radio island is highly recommended. The service platform main compute subsystem remains in sleep mode most of the time while the island is awake listening for activity from devices in the home.
There is a wide choice of Cortex-M processor profiles for the always-on low power profile to suit specific use cases including voice UI for example. The latest such processor is the Cortex-M55:
There is a wide choice of Cortex-M processor profiles for the always-on low power profile to suit specific use cases including voice UI.
To summarize, heterogeneous compute platforms have many forms. An analysis of the intended complexity of the service platform is required to dimension the compute resources accordingly with a mix of processors to meet the various features, power, and price points.
2. Microservice-based architecture Support for continuous software updates is crucial to the HAaaS Platform concept. In a world with rapidly changing consumer demands, the ability to continuously update device functionality is required to successfully decouple the software solution from the underlying hardware, meaning the services can evolve with new service developments. Updates are required to be performed securely and over-the-air (OTA) (Figure 2), as the cost to physically access each node is prohibitive. It is critical that updates are confirmed to be genuine before they are installed.
Typical updates involve all functionalities of the device: • New and improved ML models. • Operating system • Security updates • Services
Service updates are expected to be the most frequent hence the ability to use cloud-native techniques is necessary. Thanks to container technology, software applications can be packaged in a self-contained unit that can run in different computing environments reliably. The container is built in the cloud to include everything that is needed to ensure that the application runs successfully when deployed to the service node. The application is packaged with elements like libraries and all other software dependencies. There are various popular containers for embedded devices such as Docker, and container orchestrators, such as k3s and Kubernetes.
The ability to easily perform OTA updates, paired with cloud-native and containerized software, enables the transition to a microservice deployment model, where applications split into clearly defined functionalities called microservices. Each one of those, can be managed and updated independently.
Figure 2: Using cloud-native principles and OTA updates to deploy services
3. Robust software ecosystem To build a state-of-the-art HAaaS Platform, hardware is only half of the story. To support complex SoCs with heterogenous processing elements as well as continuous training and delivery of ML models, a strong software ecosystem is a prerequisite. Arm Compute Library provides a collection of low-level ML functions optimized for Arm hardware, allowing developers to extract maximum performance of all available compute. For edge devices, compiling ML models for specific hardware targets is often a prudent approach, as the code can be optimised and run with less overhead. Models can be built and trained in TensorFlow, for instance, and then run through a ML compiler, such as TVM. TVM is an open governance framework which has support for a broad set of backends, both in terms of computing elements such as Cortex-A and Cortex-M processors. The compiled model can then be deployed to the HAaaS Platform in a container, where it can be continuously trained and monitored for drift. This is useful for HAaaS Platform running on limited hardware or within a small power envelope, as code can be further optimised to reduce code size and improve efficiency.
4. Strong hardware and software security In many use cases the HAaaS Platform has a critical operational role in the home. A compromised HAaaS Platform represents a significant safety and privacy hazard. Recent data breaches have seen hackers access vast quantities of confidential and sensitive data. As HAaaS Platform become increasingly widespread and are entrusted with critical tasks, it is crucial that device security and consumer privacy are prioritized.
Hardware security for the IoT has typically been a fragmented affair with numerous competing standards. Platform Security Architecture (PSA) Certified, introduced in 2019, brings a hardware agnostic, standardized framework to the fragmented and fast-moving world of IoT security. It offers three levels of certification, allowing vendors to build a chip with an appropriate level of security for the use case. Security certifications such as PSA Certified are important for HAaaS Platform adoption because they provide an independently verified stamp of approval, reassuring the end user that the service node they are using employs the necessary components to achieve a strong Root of Trust (RoT), which is the secure foundation of trust on which the rest of the system depends in a connected universe.
Hardware security is offered by Arm TrustZone technology, supported in all ArmV8-A cores. TrustZone effectively divides the CPU into two worlds, secure, and non-secure. This allows for secure code to be isolated from non-secure access. TrustZone extends across the system, providing access control to secure peripherals and secure memory regions.
Figure 3: PARSEC offers an abstraction layer for various security backends
A hardware RoT can be implemented in numerous ways, and the functionalities of the RoT are often accessed with an ad-hoc solution, which makes it difficult to deploy software across multiple platforms. Platform Abstraction for Security Service (Parsec) (Figure 3) is a solution to address this problem. This project forms part of the Cloud Native Computing Foundation (CNCF) and provides a common API for hardware security and cryptographic services in a platform agnostic way. Parsec provides a microservice for brokering access to platform specific hardware security. This allows cloud-native workloads written in any programming language, deployed in any container runtime or packaging to access platform security services while remaining decoupled from physical platform details. Parsec can be integrated with various backends such as a Trusted Platform Module (TPM), Hardware Security Modules (HSM) and Trusted Applications. In addition to hardware security, it is important that communications across the broader network are secured. Using strong encryption is important as it acts as a last line of defence in case data is intercepted. Data streams must be encrypted to a high standard, for instance using the AES256 encryption algorithm which is virtually impenetrable by brute force attacks. Encryption algorithms can be accelerated in hardware by using the cryptography extensions available in many Cortex-A processors.
In the coming years HAaaS Platform will benefit from the security features introduced as part of the Armv9-A architecture. New security features include Memory Tagging Extensions (MTE), which help mitigate memory corruption attacks which underpin many famous data security breaches, and Branch Target Indicators (BTI)/ Pointer Authentication to help resist Return-Oriented Programming (ROP) and Jump-Oriented Programming (JOP) attacks.
5. Hardware and Software Standardization
HAaaS Platform deployments are often large in scale and comprise a variety of different hardware. An appropriate amount of standardization is key to enabling frictionless deployment of firmware and software. Arm SystemReady (Figure 4) is a foundational certification program aimed at promoting the required hardware standardization. Focused on IoT Edge, SystemReady IoT Ready (IR) ensures platform interoperability with embedded Linux and other embedded operating systems. System Ready IR is aimed at devices that support operating systems that only require a subset of UEFI interfaces in firmware, defined by the Embedded Base Boot Requirements (EBBR). The minimal set of processor and system architecture requirements to enable a standard OS to boot are provided by the Base System Architecture (BSA).
Figure 4: The Arm SystemReady foundation for cloud-native software
SystemReady provides a foundation for a cloud- native software stack, meaning platforms built to the SystemReady specification can run standard operating systems, hypervisors, and containers. Hardware standardization and abstraction are fundamental to building a sustainable ecosystem around the HAaaS Platform and will make it easier to deploy HAaaS Platform successfully in new, cutting-edge applications. Developers today have a wealth of chips suppliers to choose from, each with a variety of solutions to select from. For this write-up we selected one of those many to showcase the possibilities, NXP.
6. NXP: A Comprehensive Offering
IoT devices have a range of requirements from how and what they connect to, how they are controlled and what experiences they deliver. To deliver these devices, different system architectures and solutions are needed with a range of compute and connectivity capabilities. NXP provides complete solutions (Figure 5) with scalable product portfolios and software enablement supporting the key building blocks of IoT devices: processing, connectivity, and security.
As described above, the HAaaS Platform plays a critical role in the managing a home and is a complex application requiring a powerful solution. A gateway type device is represented at the high-end of the diagram shown on page 9 and is best implemented with a Linux host architecture that has the performance capabilities needed, can manage multiple networks, and implements security mechanisms to protect against a range of IoT attacks.
NXP’s multi-core i.MX 8M Mini applications processor is ideal for Matter gateway devices because it blends advanced processing capabilities with a heterogeneous multi-core processing architecture (single-, dual- or quad- Arm® Cortex-A53 and Cortex-M4F cores) with sophisticated audio, video, and graphics to enable low-power and high-performing applications. With these features, the i.MX 8M Mini enables rich user interfaces with touch, voice, graphics, video, image analytics and vision, low thermal system cost to optimize for fan-less operation and long battery life.
Figure 5: HAaaS-related NXP offerings
Adding connectivity capabilities to an i.MX 8M Mini design is simple and flexible because NXP’s standard Linux BSP integrates Matter and stacks and drivers for Thread and Wi-Fi connectivity. For the radio hardware, NXP offers a variety of options to address different IoT use cases and their requirements such as data rate, latency, reliability and range: K32W0x for Thread (low-power mesh network) and Bluetooth LE (for provisioning devices to a Matter network), W8987 for Wi-Fi and Bluetooth and the newly announced IW612 which implements Thread, Wi-Fi and Bluetooth in a monolithic die and is designed to optimize co-existence.
Starting a product with the i.MX 8M is now much easier and faster with Arm Virtual Hardware (AVH) which: • Is a step change in the evolution of Arm’s modeling technology. • Delivers virtual platforms in the cloud for developers to verify and validate embedded and IoT applications. • Removes the complexity of building and configuring board farms • Enables modern, agile, cloud native software development practices, such as continuous integration and continuous development CI/CD (DevOps) and MLOps workflows.
AVH models virtualize the functional behavior of the i.MX 8M complete development kit, including peripherals, sensors, and other board components. This technology executes the same software binaries as on real hardware and leverages the Arm silicon partners’ SDKs. AVH gives software developer access to the platform in cloud-based servers and avoids the complexity and cost of maintaining physical hardware installations and provides a natural and easy to use API with integration to key providers of CI/CD and ML services.
The foundation of a HAaaS Platform is a future proofed, heterogeneous compute platform. Arm offers a comprehensive range of hardware IP and software to build a powerful, efficient, and secure platform such as those offered today by NXP.
A strong security infrastructure can be achieved by following PSA Certified guidelines to implement appropriate security features, and by using Parsec to provide a common API to hardware security and cryptographic services in a platform agnostic fashion. SystemReady allows for portability across diverse Arm-based platforms, with standard off-the-shelf OSes and hypervisors supported in a consistent manner. A microservice-based architecture decouples the hardware from the software, meaning new functionalities can be added via OTA updates. Standard ML frameworks make it simpler to build and deploy ML models at the edge, and with devices being securely connected to the cloud, models can be improved and updated over time. AVH is the fastest and easiest means to start software development on virtual platforms using all the latest of cloud development techniques and tools. Built by combining powerful, future-proofed platforms with a cloud-native software stack for simplified deployments and OTA upgrades, the HAaaS Platform represents a key component of the most exciting future home automation service deployments.
