Microsoft’s bid to secure the IoT: custom Linux, chips, Azure

Microsoft has released details on Azure Sphere, their bid to make IoT devices secure by default:

First is a new class of microcontrollers (MCUs) that supports seven critical hardware features that Microsoft says are a necessary foundation to build secure systems. These include support for unforgeable encryption keys protected by hardware, the ability to update system software, and hardware-enforced compartmentalization between software components. Microsoft has some track record in building such systems, in particular with the Xbox, which is designed to have tamper-proof hardware that’s securely updatable.

[…]

Second is a new operating system: Azure Sphere OS. The company says this OS combines a custom Linux kernel with Windows-inspired security features, providing a secure platform that scales down to smaller systems than Windows can reach. Application code is run within containers to provide isolation, and Microsoft will have a custom security monitor running beneath the Linux kernel to protect system integrity and arbitrate access to critical resources.

The third part is Azure Sphere Security Service, a cloud service that will detect security issues (by recognizing failures and errors on devices), act as a source of software updates, and mediate secure communications between devices and to the cloud.

The Microsoft-made microcontroller designs will be available to manufacturers under royalty-free licenses.

Additionally, the big news is Microsoft’s own Linux distribution, a first for the company. They do have a custom Linux build they us in-house for Azure’s networking stack, but that isn’t available outside of the company.

9 Comments

  1. 2018-04-19 8:23 pm
  2. 2018-04-19 10:24 pm
  3. 2018-04-19 10:25 pm
    • 2018-04-20 7:37 am
      • 2018-04-20 2:44 pm
  4. 2018-04-20 2:08 pm
    • 2018-04-20 2:13 pm
    • 2018-04-20 2:27 pm
  5. 2018-04-21 4:18 pm