Sept 26, 2018, linux.com: Building Security into Linux-Based Azure Sphere
… Launching the first dev kit for Azure Sphere. The Azure Sphere MT3620 Development Kit features MediaTek’s MT3620, a 500MHz Cortex-A7/Cortex-M4F hybrid SoC that runs the lightweight Azure Sphere OS on a single -A7 core. The SoC’s 4MB of RAM is the only RAM on Seeed’s Grove compatible dev board. Other SoC vendors besides MediaTek will offer their own Cortex-A/Cortex-M SoCs for Azure Sphere, says Microsoft.
…
One of the main goals of Azure Sphere was to bring security to the MCU world where “security is basically nonexistent,” said Fairfax. Microsoft somewhat confusingly refers to the MediaTek MT3620 as an MCU rather than an application processor due to its inclusion of Cortex-M4 MCU cores. In part, this may be a marketing ploy since Microsoft intends to compete directly with the Cortex-M oriented Amazon FreeRTOS.
Apr 16, 2018 → Sep 24, 2018, Microsoft: Azure Sphere | Microsoft Azure
Azure Sphere PREVIEW
A solution for creating highly secured, connected MCU-powered devices to help you reimagine your business, drive innovation, and delight customers.
Order a development kit >
Get ready for the MCU IoT revolution
Azure Sphere is a solution for creating highly-secured, connected Microcontroller (MCU) devices, providing you with the confidence and the power to reimagine your business and create the future.
Find peace of mind
Security is foundational to connected IoT experiences. Don’t trust your brand to single line-of-defense and second-best solutions. The Azure Sphere approach to security is based on years of Microsoft experience and research. Together, Azure Sphere promotes security with crossover MCUs, our secured OS, and turnkey cloud security service, guarding every Azure Sphere device and delivering end-to-end IoT security that responds to emerging threats—so you don’t have to.
Get to market faster
Streamline the development and maintenance of your products. Azure Sphere is designed for efficiency and comes with a set of Visual Studio tools that will completely change how you create and manage MCU powered experiences. Azure Sphere is designed to connect quickly and easily to Azure, but our open approach means that you’re able to use Azure Sphere alongside the public or private cloud of your choice.
Create the future
IoT is no longer science fiction. Azure Sphere brings the promise of a secured connected future to MCU devices everywhere. Azure Sphere MCUs deliver unmatched computing power and built-in connectivity that pave the way for next generation experiences. Azure Sphere enables you to reimagine everything from business models to product experiences. Delight customers with intelligent products that predict and respond to their needs.
Meet the newest class of microcontrollers, plus the OS and cloud technologies that secure them
Azure Sphere brings together the best of Microsoft’s expertise in cloud, software, and device technology to provide a unique approach to security that starts in the silicon and extends to the cloud. Together, Azure Sphere MCUs, the Azure Sphere OS, and the Azure Sphere Security Service provide you with the confidence to reimagine your business and the tools to create the future.
Secured MCU
Secured from the silicon up. Our new crossover class of MCUs now combines both real-time and application processors with built-in Microsoft security technology and connectivity.
Secured OS
An OS purpose built for security and agility to create a trustworthy platform for new IoT experiences. Our secured OS builds security innovations pioneered in Windows into an HLOS small enough for MCUs.
Cloud security
Protect devices with a cloud built for IoT security. The Azure Sphere Security Service renews device security, identifies emerging threats, and brokers trust among device, cloud, and other endpoints.
Read more about the secure platform:
Secured MCU
Azure Sphere MCUs: A new crossover class of MCU with built-in Microsoft security technology, connectivity, and the headroom to support dynamic new experiences.
The Pluton security subsystem creates a hardware root of trust, stores private keys, and executes complex cryptographic operations.
A new crossover MCU combines the versatility and power of a Cortex-A class processor with the low overhead and real-time guarantees of a Cortex-M class processor.
Built-in network connectivity provides secured, reliable, online experiences and ensures devices are up to date.
Secured OS
The Azure Sphere OS: A highly-secured OS from Microsoft that creates a trustworthy defense-in-depth platform for new IoT experiences.
Secured application containers compartmentalize code for agility, robustness, and security.
On-chip connectivity services secure your connection to the cloud and provide access to the Azure Sphere Security Service.
A custom Linux kernel enables silicon diversity and innovation.
A security monitor guards integrity and access to critical resources.
Secured OS
The Azure Sphere Security Service: A turnkey security service that guards every Azure Sphere device by renewing security, identifying emerging threats, and brokering trust among device, cloud, and other endpoints.
Protects your devices and customers with certificate-based authentication of all communication.
Guarantees a device’s authenticity and ensures it runs only your genuine software.
Provides insight into device and application failures and visibility into emerging security threats.
Responds to threats with automated updates of the Azure Sphere OS.
Allows for easy deployment of your software updates to your Azure Sphere powered devices.
Modernize your MCU development experience with Visual Studio
Install the Visual Studio Tools for Azure Sphere to get started writing applications. These tools include application templates, development tools, and the Azure Sphere software development kit (SDK).
Simplify and accelerate development
Streamline debugging
Modernize your development experience
Connect your Azure Sphere devices quickly and easily to Azure IoT
A simple Visual Studio wizard guides you through the process of connecting your device to Azure IoT Hub and adds the code you need directly into your application.
Easily connect your devices to Azure
Send telemetry from your device to the cloud
Enable device-to-cloud and cloud-to-device messaging
Secured devices
Read The Seven Properties of Highly Secured Devices
Your cloud, your choice
Find out how Azure Sphere works with your cloud provider.
…
Our silicon ecosystem
The first Azure Sphere chip will be the MediaTek MT3620, which represents years of close collaboration and testing between MediaTek and Microsoft. Other early partners include Arm, who worked closely with us to incorporate their Cortex-A application processors into Azure Sphere MCUs.
We’re also working closely with leading silicon manufacturers to create a broad ecosystem of vendors who can use their expertise to design specialized chips for various markets. Here are some of the partners who are actively engaged with us to deliver Azure Sphere MCUs along with other partners in the Azure Sphere ecosystem.
…
Related products and services
IoT Hub
Connect, monitor and manage billions of IoT assets
IoT Edge
Extend cloud intelligence and analytics to edge devices
IoT Central
Experience the simplicity of SaaS for IoT, with no cloud expertise required
Feb 22, 2010, ARM YouTube channel:
ARM Launches the Cortex-M4 Processor
– There are two Cortex-M4 products from ARM
(see ARM Information Center: Cortex-M4(F) Lazy Stacking and Context Switching Application Note 298):
Cortex-M4 without Floating-point Unit (FPU)
Cortex-M4F with a FPU.
– Jan 2013, ARM whitepaper: Cortex-M Processors and the Internet of Things (IoT)
– Aug 16, 2018, ARM: Microprocessor Cores and Technology
Cortex-A
Cortex-R
Cortex-M
Machine Learning
SecurCore
Highest Performance
⇒ Supreme performance at optimal powerExample use cases:
– Automotive
– Industrial
– Medical
– Modem
– Storage
Real-Time Processing
⇒ Reliable mission-critical performanceExample use cases:
– Automotive
– Cameras
– Industrial
– Medical
Lowest Power, Lower Cost
⇒ Powering the most energy efficient embedded devicesExample use cases:
– Automotive
– Energy grid
– Medical
– Secure embedded applications
– Smart cards
– Smart devices
– Sensor fusion
– Wearables
Efficiency Uplift for All Devices
⇒ Project Trillium for unmatched versatility and scalabilityExample use cases:
– Artificial intelligence
– Augmented reality
– Edge computing
– Neural network frameworks
– Object detection
– Virtual reality
Tamper Resistant
⇒ Powerful solutions for security applicationsExample use cases:
– Advanced payment systems
– Electronic passports
– SIM
– Smart cards
…
Cortex-M
Cortex-M35P
The first Armv8-M processor with tamper resistance built in
Added physical resilience and system safety functions won’t compromise performance
Includes the option of integrated digital signal processing (DSP)
Layers of protection guard against easy attacks and system takeovers
Learn More
Cortex-M33
Ideal blend of real-time determinism, efficiency and security
Simplifies digital signal processing with security
Differentiate your product with TrustZone software isolation
Brings 32-bit performance to even the simplest and cost-sensitive devices
Learn More
Cortex-M23
Smallest and lowest power microcontroller with TrustZone security
Includes built-in security foundation with TrustZone
Memory protection minimizes the risk of unexpected access
Ideal processor for use in energy-harvesting IoT nodes and small sensors
Learn More
Cortex-M7
Highest performance Cortex-M processor
Simplifies signal processing to bring high-performance DSP to the masses
Built in floating point processing reduces power consumption
Supports innovative MCUs for more intensive automation tasks
Learn More
Cortex-M4
Control and performance for mixed signal devices
Integrated digital signal processing (DSP) simplifies system design
Essential microcontroller features make it ideal for industrial applications
Most widely deployed Cortex-M processor with broad ecosystem
Learn More
Cortex-M3
Exceptional 32-bit performance with low power consumption
Available for a no license fee through DesignStart
Commonly used across many smart home devices
Deployed in billions of devices across a broad set of embedded applications
Learn More
Cortex-M1
Optimised for FPGA design
Available for a no license fee through DesignStart
Based on the most proven and trusted embedded architecture
Optimised for FPGA development
Learn More
Cortex-M0+
Smallest footprint and lowest power requirements of Cortex-M processors
Take advantage of 32-bit processing intelligence at an 8-bit cost
Three highly optimized low power modes conserve energy
Most commonly used in wearables for healthcare, fitness and more
Learn More
Cortex-M0
Smallest Arm processor available
Available for a no license fee through DesignStart
Ideal for smart sensors and mixed signal systems-on-chip (SoC)
Three highly optimized low power modes conserve energy
Learn More
…
Apr 10, 2018, Mediatek: Microsoft Azure Sphere MCU with extensive I/O peripheral subsystem for diverse IoT applications
The MT3620 is a highly integrated, high performance IoT MCU with the high level of security necessary for modern, robust internet-connected devices. The MT3620 targets a wide range of IoT applications including smart home, commercial, industrial and many other domains thanks to its extensive I/O peripheral subsystem that allows device design flexibility and freedom.
The MT3620 was designed in close cooperation with Microsoft and is compatible with the Microsoft Azure Sphere solution.
High Performance Application Processor and Real-time I/O Processors
MT3620 features an Arm Cortex-A7 application processor operates up to 500MHz and includes large L1 cache and L2 cache and integrated SRAM for highly efficient operation over a wide range of potential applications. Two general purpose Arm Cortex-M4F I/O subsystems running at up to 200MHz support the requirements of the many on-chip peripherals including 5x UART/I2C/SPI, 2x I2S, 8x ADC, up to 12 PWM counters and up to 72x GPIO, allowing a diverse range of potential applications. These two Cortex-M4F I/O subsystems are primarily intended to support real-time I/O processing but can also be used for general purpose computation and control. The Cortex-M4F cores may run any end-user-provided operating system or run a ‘bare metal app’ with no operating system. Flash memory to support the Cortex-A7 and both Cortex-M4F processors is integrated in the MT3620 package.
The Microsoft Pluton Security Subsystem and Dedicated Wi-Fi Subsystem
Outside of these three end-user accessible cores, MT3620 contains an isolated security subsystem with its own Arm Cortex-M4F core that handles secure boot and secure system operation. In addition, a 1×1 dual-band 802.11a/b/g/n Wi-Fi radio subsystem is controlled by a dedicated Andes N9 32-bit RISC core. This subsystem contains radio, baseband and MAC that is designed to allow high throughput applications with great power efficiency.
Operation of the MT3620 security features and Wi-Fi networking are isolated from, and run independently of, end user applications. Only hardware features supported by Azure Sphere are directly accessible to MT3620 end-users. As such, security features and Wi-Fi are only accessible via defined Azure Sphere APIs and are robust to programming errors in end-user applications regardless of whether these applications run on the Cortex-A7 or the user-accessible Cortex-M4F cores.
Microsoft provides a powerful development environment based on Visual Studio which leverages the gcc compiler, allowing customer applications to be developed in C. Please refer to documentation from Microsoft for information about which hardware features are available to end-user applications.
Microsoft Azure Sphere
MT3620 leverages Microsoft Azure Sphere to provide an unprecedented level of security for connected devices. The secure solution provides device authentication and attestation, supports remote over-the-air software updates to maintain security in the face of evolving attacks, and also automates error logging and reporting. Please refer to Microsoft for more information.
Download Documents
MediaTek MT3620 Product Brief May2018
Specifications
Application Processor
AP Type: ARM Cortex-A7
AP Core Quantity: Single (1)
AP Frequency: 500MHz
Subprocessors
CPU Type: ARM Cortex-M4 with FPU
CPU Cores: Dual (2)
Peripheral Interfaces
IO:
ADC, GPIO, I2C, I2S, PWM, SPI, UART
Connectivity
Wi-Fi: a/b/g/n
Antenna: 1T1R
Bands: 2.4GHz, 5GHz
April 16, 2018, Blog | Microsoft Azure: Introducing Microsoft Azure Sphere: Secure and power the intelligent edge by Galen Hunt Partner Managing Director, Microsoft Azure Sphere
In the next decade, nearly every consumer gadget, every household appliance, and every industrial device will be connected to the Internet. These connected devices will also become more intelligent with the ability to predict, talk, listen, and more. The companies who manufacture these devices will have an opportunity to reimagine everything and fundamentally transform their businesses with new product offerings, new customer experiences, and differentiate against competition with new business models.
All these everyday devices have in common a tiny chip, often smaller than the size of your thumbnail, called a microcontroller (MCU). The MCU functions as the brain of the device, hosting the compute, storage, memory, and an operating system right on the device. Over 9 billion of these MCU-powered devices are built and deployed every year. For perspective, that’s more devices shipping every single year than the world’s entire human population. While few of these devices are connected to the Internet today, within just a few years, this entire industry, all 9 billion or more devices per year, is on path to include connected MCUs.
Internet connectivity is a two-way street. With these devices becoming a gateway to our homes, workplaces, and sensitive data, they also become targets for attacks. Look around a typical household and consider what could happen when even the most mundane devices are compromised: a weaponized stove, baby monitors that spy, the contents of your refrigerator being held for ransom. We also need to consider that when a device becomes compromised, it’s not just a problem for the owner, it can also become a problem for society. A device can disrupt and do damage on a larger scale. This is what happened with the 2016 Mirai botnet attack where roughly 100,000 compromised IoT devices were repurposed by hackers into a botnet that effectively knocked the U.S. East Coast off the Internet for a day. It’s of paramount importance that we proactively address this emerging threat landscape with solutions that can keep pace as connected MCUs ship in billions of new devices ever year.
Here, you can read more about how in 2015 a small team of us within Microsoft Research began exploring how to secure this vast number of MCU-powered devices yet to come online. Leveraging years of security experience at Microsoft, and learnings from across the tech industry, we identified The Seven Properties of Highly-Secure Devices. We identified the need for a hardware root of trust to protect and defend the software on a device. We identified the need for multiple layers of defense-in-depth, both in hardware and in software, to repel hackers even if they fully breach one layer of security. We identified the critical need for hardware, software, and cloud to work together to secure a device. Over time the Seven Properties gained traction and became the foundation for a movement within Microsoft – which ultimately brings us to today.
Securing the billions of MCU powered devices
Today at RSA 2018, we announced the preview of Microsoft Azure Sphere, a new solution for creating highly-secured, Internet-connected microcontroller (MCU) devices. Azure Sphere includes three components that work together to protect and power devices at the intelligent edge.
Azure Sphere certified microcontrollers (MCUs): A new cross-over class of MCUs that combines both real-time and application processors with built-in Microsoft security technology and connectivity. Each chip includes custom silicon security technology from Microsoft, inspired by 15 years of experience and learnings from Xbox, to secure this new class of MCUs and the devices they power.
Azure Sphere OS: This OS is purpose-built to offer unequalled security and agility. Unlike the RTOSes common to MCUs today, our defense-in-depth IoT OS offers multiple layers of security. It combines security innovations pioneered in Windows, a security monitor, and a custom Linux kernel to create a highly-secured software environment and a trustworthy platform for new IoT experiences.
Azure Sphere Security Service: A turnkey, cloud service that guards every Azure Sphere device; brokering trust for device-to-device and device-to-cloud communication through certificate-based authentication, detecting emerging security threats across the entire Azure Sphere ecosystem through online failure reporting, and renewing security through software updates. It brings the rigor and scale Microsoft has built over decades protecting our own devices and data in the cloud to MCU powered devices.
These capabilities come together to enable Azure Sphere to meet all 7 properties of a highly secured device – making it a first of its kind solution.
What device manufacturers are saying
“Sub-Zero and Wolf have had a legacy of innovation in food preservation and preparation for over 70 years and we see significant opportunity in the connected devices market to create new and unique customer experiences. As our homes become more connected, we place significant value on the security of connected devices, so we can focus on continuing to deliver an exceptional customer experience. Microsoft’s approach with Azure Sphere is unique in that it addresses security holistically at every layer.”
– Brian Jones, Director of Product Strategy and Marketing, Sub-Zero
“Glen Dimplex is a leader in development of intelligent heating, renewable energy solutions and domestic appliances. We recognize that addressing security at every layer of connected devices is critical to shipping connected devices with confidence. The work Microsoft is doing with Azure Sphere uniquely addresses the security challenges of the connected microcontrollers shipping in billions of devices every year. We look forward to integrating Azure Sphere into our product lines later this year.”
– Neil Naughton, Deputy Chairman, Glen Dimplex
We’ve been sharing our plans for Azure Sphere with device manufacturers across multiple verticals including whitegoods, agriculture, energy, and infrastructure and their enthusiasm has been consistently centered around three core benefits:
Security
Our device manufacturing partners consider security a pre-requisite for creating connected experiences, and they know that single line-of-defense and second-best solutions are not enough. Azure Sphere provides security that starts in the hardware and extends to the cloud, delivering holistic security that protects, detects, and responds to threats – so they’re always prepared. And they love the fact that our solution is turnkey, eliminating the need to invest in additional infrastructure and staff to secure these devices.
Productivity
As device manufacturers look to transform their products, they are also looking for ways to lower overhead and increase team efficiency. Azure Sphere’s software delivery model and Visual Studio development tools deliver productivity and dramatically optimize the process of developing and maintaining apps on their devices. This means our device manufacturing partners can bring products to market faster and they can focus their efforts on creating their unique value.
Opportunity
The real magic begins when device manufacturers start imagining the possibilities that open with Azure Sphere. The built-in connectivity and additional headroom included in Azure Sphere certified MCUs changes everything. Our device manufacturing partners are re-thinking business models, product experiences, the way they service customers, and the way they predict the needs of their customers. It’s been incredible to watch them design next generation experiences with Azure Sphere.
Our silicon ecosystem
Having the right set of silicon partners has been an important part of our journey in bringing Azure Sphere to market. We’ve been working directly with leaders in the MCU space to build a broad ecosystem of silicon partners who will be combining our silicon security technologies with their unique capabilities to deliver Azure Sphere certified chips. With our silicon partners, we’ve created a revolutionary new generation of MCUs. These chips have network connectivity, unequalled security, and advanced processing power to enable new customer experiences. Each Azure Sphere chip will include our Microsoft Pluton security subsystem, run the Azure Sphere OS, and connect to the Azure Sphere Security Service for simple and secure updates, failure reporting, and authentication.
The first Azure Sphere chip, the MediaTek MT3620, will come to market in volume this year. Over time we will see other silicon partners introducing their own Azure Sphere chips to the market. To ensure our ecosystem of partners expands rapidly, we’re licensing our silicon security technologies to them royalty-free. This enables any silicon manufacturer to build Azure Sphere chips while keeping costs down and prices affordable to device manufacturers.
We can’t wait to see what you build with Azure Sphere
Today, Azure Sphere is in private preview. We’re working closely with select device manufacturers to build future products powered by Azure Sphere. We expect the first wave of Azure Sphere devices to be on shelves by the end of 2018. Dev kits will be universally available in mid-2018. We fully expect to be surprised by the innovative ideas that you invent for the world and for your customers. We can’t wait to see what you will build!
For more details, please visit the Azure Sphere website.
Learn more about the origins of Azure Sphere and the team that built it on the Microsoft Research blog.
April 16, 2018, Microsoft Research Blog: From research idea to research-powered product: behind the scenes with Azure Sphere by Vikram Dendi, Chief Product Officer, AI+R NExT
At RSA Conference 2018, Microsoft announced Azure Sphere, previewing a unique new solution to help connect and secure the most populous category of computing today: the tens of billions of devices powered by microcontrollers (MCUs). Azure Sphere represents an opportunity for Microsoft and our partners to serve a new era of computing with securely connected devices at tremendous scale. Just as Microsoft brought affordable PCs to every desk, with Azure Sphere we aim to enable a low cost, securely connected experience on every device.
Azure Sphere was conceived in 2015 when a small team within AI+Research NExT began exploring the future of connected devices and innovating solutions for securing the vast number of future Internet-connected MCU-powered devices. This project team operated in an impact-focused white space to develop their ideas without being tethered to any specific technology or existing product; they were free to innovate. As a result, Azure Sphere became a true One Microsoft pursuit – a research-powered, cross-company effort combining the depth and breadth of our experience across silicon, software and cloud technologies. Azure Sphere makes achieving security for MCU-powered connected devices an easy, affordable, no-compromise decision for device-makers everywhere.
It is especially inspiring to me that Azure Sphere represents yet another product made possible by Microsoft’s deep investments in research, combining truly out-of-the-box thinking from brilliant researchers and engineers with product excellence and the growth mindset permeating today’s culture at Microsoft. As a product builder who has had an opportunity to envision and engineer innovation in several settings – independent startups, on small corporate teams, as well as within large engineering groups – I’ve enjoyed a privileged view into a special world at Microsoft, one fueled by imagination, research experimentations and a learning mindset. I’ve come to appreciate the unlimited possibilities unlocked when you develop on top of the depth of understanding that comes from decades of research, learn from years of experience in implementing these techniques into Microsoft’s biggest products and then bring these things together as a company to deliver a completely new solution with the potential to transform an entire category. These are advantages best found in a place like Microsoft, and our organization (NExT) has been exploring the power of these well-connected research + engineering hybrid teams to accelerate advances in a variety of areas, ranging from Silicon Futures, Artificial Intelligence to reinventing Healthcare and more.
Project Sopris: Hypothesize – Learn – Experiment – Refine
Not too long ago, Azure Sphere was just a spark in Galen Hunt’s mind. With several decades of experience as a systems researcher making significant contributions to our operating systems and to our computing architecture (plus tours of duty building production systems), Galen was struck by the extent of security vulnerability within the rapidly growing ecosystem of MCU-powered, network-connected devices. Not only were the newsworthy examples of exploitations on these vulnerable devices growing each day, the devastating effects of mass hacking and control of “zombie devices” was being felt far and wide on the Internet. Simultaneously, the increasing capabilities of AI, the promise of breakthroughs at the edge and the breathtaking ways in which connected edge devices are poised to disrupt practically every industry created urgency in finding a solution. This was the origin of the project, internally called “Codename 4×4”, referring to the technical requirements that the chip will have at least 4 MB of RAM and 4 MB of Flash on the processor that sits at the heart of Azure Sphere.
The Sopris development board
Last March, we shared our perspective on the immediate importance of securing low-cost edge devices, and our approach on how to do it effectively. Project Sopris – our research effort towards this goal – was published as a whitepaper outlining the Seven Properties of Highly Secure Devices for a no-compromise approach to security. The project team engaged deeply with the broader academic and security research community to share what we had learned, to test and refine our hypotheses and foster further learning. Working with a silicon partner, the team built a prototype chip and a developer board that incorporated what we had learned. These Sopris developer kits were then shipped to the security researcher community to extend information sharing, learn from field testing and to advance the conversation about the importance and immediacy of securing devices powered by MCUs.
Bringing the best together – in technology and in people
Today, Azure Sphere is being introduced to the world by a dream team built from the very best that Microsoft and our partners have to offer – from research to product to great ecosystem partners, together with our first set of forward-thinking customers. Azure Sphere pulls together some of the most innovative research work in the areas of secure silicon, OS architecture and cloud capabilities, with top business, engineering and manufacturing collaborators. We’ve come a long way, from Galen’s first imaginings to enabling future product innovation by those building new devices incorporating Microsoft Azure Sphere.
It has been a privilege to be part of building something novel and also something we all have come to see as being essential for the future of this category of computing. Research is not only about the quest for truth and beauty but also about getting ahead of the curve in effecting positive change and shaping the future to be safer and better for people everywhere. Project 4×4 and Azure Sphere represent how Microsoft leverages world-class research and engineering to invent, incubate, solve, build and ship new technologies and business opportunities across the globe. I like to think we serve the future and the world by delivering what’s NExT.
Secure from the Silicon Up – Codename 4×4 Team, December 2017