Microsoft Unveils Secure MCU Platform with a Linux-Based OS

By Eric Brown

Microsoft has announced an “Azure Sphere” blueprint for for hybrid Cortex-A/Cortex-M SoCs that run a Linux-based Azure Sphere OS and include end-to-end Microsoft security technologies and a cloud service. Products based on a MediaTek MT3620 Azure Sphere chip are due by year’s end.

Just when Google has begun to experiment with leaving Linux behind with its Fuchsia OS —new Fuchsia details emerged late last week— long-time Linux foe Microsoft unveiled an IoT platform that embraces Linux. At RSA 2018, Microsoft Research announced a project called Azure Sphere that it bills as a new class of Azure Sphere microcontrollers that run “a custom Linux kernel” combined with Microsoft security technologies. Initial products are due by the end of the year aimed at industries including whitegoods, agriculture, energy and infrastructure.

Based on the flagship, Azure Sphere based MediaTek MT3620 SoC, which will ship in volume later this year, this is not a new class of MCUs, but rather a fairly standard Cortex-A7 based SoC with a pair of Cortex-M4 MCUs backed up by end to end security. It’s unclear if future Azure Sphere compliant SoCs will feature different combinations of Cortex-A and Cortex-M, but this is clearly an on Arm IP based design. Arm “worked closely with us to incorporate their Cortex-A application processors into Azure Sphere MCUs,” says Microsoft. 

Azure Sphere OS architecture (click images to enlarge)

Major chipmakers have signed up to build Azure Sphere system-on-chips including Nordic, NXP, Qualcomm, ST Micro, Silicon Labs, Toshiba, and more (see image below). The software giant has sweetened the pot by “licensing our silicon security technologies to them royalty-free.”

Azure Sphere SoCs “combine both real-time and application processors with built-in Microsoft security technology and connectivity,” says Microsoft. “Each chip includes custom silicon security technology from Microsoft, inspired by 15 years of experience and learnings from Xbox.”

The design “combines the versatility and power of a Cortex-A processor with the low overhead and real-time guarantees of a Cortex-M class processor,” says Microsoft. The MCU includes a Microsoft Pluton Security Subsystem that “creates a hardware root of trust, stores private keys, and executes complex cryptographic operations.”

The IoT oriented Azure Sphere OS provides additional Microsoft security and a security monitor in addition to the Linux kernel. The platform will ship with Visual Studio development tools, and a dev kit will ship in mid-2018.

Azure Sphere security features (click image to enlarge)

The third component is an Azure Sphere Security Service, a turnkey, cloud-based platform. The service brokers trust for device-to-device and device-to-cloud communication through certificate-based authentication. The service also detects “emerging security threats across the entire Azure Sphere ecosystem through online failure reporting, and renewing security through software updates,” says Microsoft.

Azure Sphere eco-system conceptual diagram (top) and list of silicon partners (bottom)

In many ways, Azure Sphere is similar to Samsung’s Artik line of IoT modules, which incorporate super-secure SoCs that are supported by end-to-end security controlled by the Artik Cloud. One difference is that the Artik modules are either Cortex-A applications processors or Cortex-M or -R MCUs, which are designed to be deployed in heterogeneous product designs, rather than a hybrid SoC like the MediaTek MT3620.Hybrid, Linux-driven Cortex-A/Cortex-M SoCs have become common in recent years, led by NXP’s Cortex-A7 based i.MX7 and -A53-based i.MX8, as well as many others including the -A7 based Renesas RZ/N1D and Marvell IAP220.

MediaTek MT3620

The MediaTek MT3620 “was designed in close cooperation with Microsoft for its Azure Sphere Secure IoT Platform,” says MediaTek in its announcement. Its 500MHz Cortex-A7 core is accompanied by large L1 and L2 caches and integrated SRAM. Dual Cortex-M4F chips support peripherals including 5x UART/I2C/SPI, 2x I2S, 8x ADC, up to 12 PWM counters, and up to 72x GPIO.

The Cortex-M4F cores are primarily devoted to real-time I/O processing, “but can also be used for general purpose computation and control,” says MediaTek. They “may run any end-user-provided operating system or run a ‘bare metal app’ with no operating system.”

In addition, the MT3620 features an isolated security subsystem with its own Arm Cortex-M4F core that handles secure boot and secure system operation. A separate Andes N9 32-bit RISC core supports 1×1 dual-band 802.11a/b/g/n WiFi.

The security features and WiFi networking are “isolated from, and run independently of, end user applications,” says MediaTek. “Only hardware features supported by the Azure Sphere Secure IoT Platform are available to MT3620 end-users. As such, security features and Wi-Fi are only accessible via defined APIs and are robust to programming errors in end-user applications regardless of whether these applications run on the Cortex-A7 or the user-accessible Cortex-M4F cores.” MediaTek adds that a development environment is avaialble based on the gcc compiler, and includes a Visual Studio extension, “allowing this application to be developed in C.”

Microsoft learns to love LinuxIn recent years, we’ve seen Microsoft has increasingly softened its long-time anti-Linux stance by adding Linux support to its Azure service and targeting Windows 10 IoT at the Raspberry Pi, among other experiments. Microsoft is an active contributor to Linux, and has even open-sourced some technologies.

It wasn’t always so. For years, Microsoft CEO Steve Ballmer took turns deriding Linux and open source while warning about the threat they posed to the tech industry. In 2007, Microsoft fought back against the growth of embedded Linux at the expense of Windows CE and Windows Mobile by suing companies that used embedded Linux, claiming that some of the open source components were based on proprietary Microsoft technologies. By 2009, a Microsoft exec openly acknowledged the threat of embedded Linux and open source software.

That same year, Microsoft was accused of using its marketing muscle to convince PC partners to stop providing Linux as an optional install on netbooks. In 2011, Windows 8 came out with a new UEFI system intended to stop users from replacing Windows with Linux on major PC platforms.


Azure Sphere promo video

Further information

Azure Sphere is available as a developer preview to selected partners. The MediaTek MT3620 will be the first Azure Sphere MCU, and products based on it should arrive by the end of the year. More information may be found in Microsoft’s Azure Sphere announcement and product page.

Microsoft | www.microsoft.com

This article originally appeared on LinuxGizmos.com on April 16.

IoT: From Gateway to Cloud

Starting Up, Scaling Up

In this follow on to our March “IoT: From Device to Gateway” Special Feature, here we look at technologies and solutions for the gateway-to-cloud side of IoT. These solutions ease the way toward getting a cloud-connected system up and running.

By Jeff Child, Editor-in-Chief

After exploring the edge device side of the Internet-of-Things (IoT) last month, now we’ll look at cloud side the equation. Even though the idea of Internet-linked embedded devices has been around for decades, multiple converging technology trends have brought us to the IoT phenomenon of today. The proliferation of low cost wireless technology has coincided with significant decrease in the costs of computing, data storage and sensor components. Meanwhile, that same computing and storage are now widely available as cloud-based platforms that can scale linearly.

Much attention has been focused on the size of the growing IoT market in terms of revenue and number of devices. But another interesting metric is the number of IoT developers working on IoT-based systems. According to analysts, that number will approach 10 million within the next few years and a lot of that growth will be among smaller firms starting from the ground up or adding IoT to their infrastructure for the first time. For those smaller organizations the process of getting started with cloud-connected infrastructure can be a hurdle. And even after that step, there’s the issue of scaling up as the need arises to expand their IoT implementation.

Feeding both those needs, a number of companies ranging from IoT specialists to embedded software vendors to microcontroller vendors have over the past six months, rolled out a variety of solutions to help developers get started with their cloud-connected IoT system and scale that system to larger numbers of IoT edge nodes and increased cloud-based service functionality.

IoT for the Masses

With both those trends in mind, Atmosphere IoT positions itself as focused on the mass market of IoT developers. Formerly part of Anaren, Atmosphere IoT Corp. was previously Anaren’s IoT Group before Anaren divested that division in January into the newly formed Atmosphere IoT Corp. For its Atmosphere IDE product, the company provides an interesting business model. Atmosphere IDE is available for free—anyone can log on and use it. Once you get over 5 connected things and want to have Atmosphere IoT store more data and manage more things, you start paying incrementally. The idea is to make it easy for developers to generate code and get prototype systems and a limited pilot program up and running. When users are ready to scale up or when they find commercial success, they can scale linearly because all of Atmosphere’s software is built on the Amazon Web Services (AWS) cloud.

Photo 1
The Cloud View part of Atmosphere IDE lets developers use cloud elements to quickly connect their projects to Atmosphere Cloud, sending data from an embedded system to the cloud for a cohesive sensor-to-cloud solution.

 

Using the IDE, developers can create either Wi-Fi or Bluetooth Smart projects and choose between supported platforms including Anaren hardware and the Intel Curie module. On the cloud development side, the Atmosphere IDE provides easy cloud connectivity access, connecting IoT devices to the cloud application to take advantage of data hosting, analysis, reporting, real-time monitoring and much more. The Cloud View (Photo 1) part of the IDE lets developers use cloud elements to quickly connect their projects to Atmosphere Cloud, sending data from an embedded system to the cloud for a cohesive sensor-to-cloud solution.

Industry 4.0 Solution

For its Industry 4.0 IoT solution, Mentor in February introduced its Mentor Embedded IoT Framework (MEIF). MEIF is a comprehensive, cloud vendor-agnostic embedded software framework designed to help developers create, secure and manage “cloud-ready” smart devices for Industry 4.0 applications. MEIF features well-defined interfaces engineered to complement and extend cloud vendor embedded software development kit (SDK) APIs. …

 

Read the full article in the April 333 issue of Circuit Cellar

Don’t miss out on upcoming issues of Circuit Cellar. Subscribe today!
Note: We’ve made the October 2017 issue of Circuit Cellar available as a free sample issue. In it, you’ll find a rich variety of the kinds of articles and information that exemplify a typical issue of the current magazine.