Microsoft Secures IoT From The Microcontroller Up

Frustrated by the glut of unsecured IoT devices? So are Microsoft. And they’re using custom Linux and hardware to do something about it.

Microsoft have announced a new ecosystem for secure IoT devices called “Azure Sphere.” This system is threefold: Hardware, Software, and Cloud. The hardware component is a Microsoft-certified microcontroller which contains Microsoft Pluton, a hardware security subsystem. The first Microsoft-certified Azure Sphere chip will be the MediaTek MT3620, launching this year. The software layer is a custom Linux-based Operating System (OS) that is more capable than the average Real-Time OS (RTOS) common to low-powered IoT devices. Yes, that’s right. Microsoft is shipping a product with Linux built-in by default (as opposed to Windows Subsystem for Linux). Finally, the cloud layer is billed as a “turnkey” solution, which makes cloud-based functions such as updating, failure reporting, and authentication simpler.

In terms of complexity, this seems similar to Microsoft’s IoT Core product, which can run on a Raspberry Pi but is targeted at building single-purpose devices using Windows APIs. Coordinating with specialized cloud services probably puts this beyond the standard toolkit for an average maker, but anyone looking to go to production should try to learn from this system because it seems designed to reduce the security and update problems that IoT devices seem to struggle with. Microsoft also published a short history of the project.

What would you build with a secure IoT system? We hope that secure IoT devices like this will proliferate, unlike Intel’s discontinued Edison and Galileo, and the Intel-driven Arduino 101 board.

Thanks [RQDQ] and [RoGeorge]!

48 thoughts on “Microsoft Secures IoT From The Microcontroller Up

    1. To be honest… Shell Shock was legal drinking age in all countries by the time it was discovered and patched.

      Open source can theoretically have better code review, but practice does not guarantee it. How often have you looked at the code in your kernel or boot loader?

  1. Microsoft was just feeling left out of the big data group! now they will have their own stream of information from consumers homes only they dont have to put in any work to actually develop the products, they just sell the frame work. Think about it, while google and amazon are out there spending R&D money on their home products, microsoft goes and hands out a framework for other people to develop and hand over all of their data streams..

    Microsoft just wants to be swinging with the big boys again, they may have missed out on the phone and tablet revolution but at least the now have a good front on the IOT battles.

      1. That is true, they are trying to take over the IOT market by supplying the OEM’s instead of putting out their own product. That strategy also jives with their operating system strategy but i do find it amusing that they didnt have their own kernel that they could have used for this given the amount of code and multiple kernels they have in their archives. I dont see this as the 3E’s with respect to linux even though they have been pushing linux subsystems for a while now. I think that they are using linux because it is the fastest and cheapest way to get this product to market. I dont see this product line lasting long at all as the whole IOT industry is poised to receive massive push back soon in regards to privacy and planned obsolescence.

    1. If you want scary: I once read that MS is doing the ID cards (that everybody has to have) for Belgium, another nice treasure trove I imagine. And being an US company not just a trove for MS I fear but also for the US 3-letter government orgs.

      But hey; they at least always have waffles.

  2. I read the summary and it smells like “all your devices need to connect to microsoft to work”

    I still want to be able to disconnect all my IOT things and turn them into LOT (lan of things)

  3. Seriously? You had to hate on Intel in the last sentence. Do you believe Intel is the only company that kills products?
    Drew, get a grip.

    Qualcomm merging with NXP merging with Freescale will kill a ton of overlapping products. Start reporting on those. Or, are they sponsors? .

    How many processors do you think will be needed to build an ecosystem so that Azure IOnTrouble will stay alive? The performance needed to drive this Linux-MS concoction will limit it to the highest clocked and expensive ARM, Intel and AMD processors.

    I give the MS initiative 2 years. One year to understand that they need 50 processors and dozens of partners to get the ecosystem running, and the second year to realize that ain’t gonna happen and slowly/quietly fade from existence.

    Just sayin’

      1. I also had to laugh when I read the story on Slashdot a few days ago, where they quoted an article on TechCrunch. Rob Lefferts from Microsoft apparently said: “With Azure Sphere, Microsoft is addressing an entirely new class of IoT devices, the MCU.” and “Windows IoT runs on microprocessor units (MPUs) which have at least 100x the power of the MCU”

        Since these “MCUs” built by Mediatek are 500 MHz Cortex-A7, it really makes me wonder what Windows IoT was designed for.

  4. That MediaTek device looks interesting – an ARM A7 paired with a couple of M4Fs. It has the potential to be far more useful than the theoretically great but hard to code for BeagleBone PRUs. Plenty of other more familiar hardware partners lined up too. Their offerings might be easier to work with.

    Info on Azure Sphere is sparse right now. I was hoping that HaD might have some more but it seems like the same (with the same automatic anti-MS backlash too). Best I have found is that dev boards might be available from late May.

  5. And how does this not count as an instance of Microsoft’s long-established “embrace, extend, extinguish” strategy?

    For those who haven’t been paying attention over the past 30 years, Microsoft is not a consumer-friendly company. It makes its money selling software to OEMs. When the RIAA wanted copy protection from the hardware up because they consider the word ‘customer’ synonymous with ‘thief’, Microsoft built it and promoted it.. the ironically named PlaysForSure program that ended up making devices incompatible with each other being just one example.

    Extrapolating from historical precedent, Microsoft doesn’t care about your privacy or mine. It wants to collect licensing fees from every hardware manufacturer whose marketing department plans to slap ‘IoT’ on a box. Ideally, its wants a monopoly on the core software for such devices, and will do whatever the OEMs want in order to get it. The model of ‘security’ they’ll end up promoting is one where the device manufacturer can collect any information it wants without your knowledge or consent, and can disable a device remotely if you don’t pay your dues. It will just be harder for third parties to hack in and do the same.

    Under that model, all of us count as ‘third parties’ and — assuming the system actually works — the hardware will be useless when the manufacturer decides to abandon it.

    I’m not sure how that rates “We hope that secure IoT devices like this will proliferate” on a site devoted to hardware hacking.

    1. > And how does this not count as an instance of Microsoft’s long-established “embrace, extend, extinguish” strategy?

      Yeah, completely agreed. I’ve been watching Microsoft for the last 30 years too, and I don’t feel like coming near them for any reason.

      I find it particularly ironic that this one is about “Microsoft and security”. For those who have been watching… duh.

    2. People have been ignoring the more important feature of these announcements:
      Microcontroller ARM TrustZone. The Palladium of IoT.

      That is the real purpose of this initiative and facet of it that people should be focusing on and concerned by. While Microsoft’s co-opting of linux after decades of verbal abuse merits scrutiny, that is the far more dangerous aspect, since TrustZone on IoT devices means you can’t trust ANY level of device from little to big, and you can’t reflash them with your personally trusted firmware images.

      We have been in a golden age of embedded hackery, but much like what happened to coreboot when the keys to the kingdom were brought back under the dominion of Intel and then AMD (as they had been by ARM in the cellular market prior to Android and certain other commercial niches), we are soon going to see embedded get locked down like PCs were locked down. And unless popular support begins to side with us instead of the corporations, it will be a big blow to the flexibility inherent in modern tech, and proof of why Linus’ GPLv2 only kernel licensing decision was a bad idea, especially after Tivoization make the GPLv3 necessary.

  6. Maybe I’m not getting this, but could anyone elaborate on the difference between Microsoft’s Mediatek MT3620 and NXP’s i.MX 7 -well, apart from the fact that Mediatek has two Cortex M4F’s …

    Apart from that, am I the only one who thinks it’s really dangerous to promote the MCU as “secure”, giving the desired target audience the impression they can just sit back and relax and nothing bad will ever happen again?

    Jeez, the whole thing is wrong on so many levels…

  7. The problem for Microsoft and Intel for that matter, is that in this market, decisions on micro and software usage are made by engineers. Not consumers, or learn IT in 21 days hoodies. Engineers generally don’t fall for all that marketing bull and want to look under the hood. Things that matter to engineers are things like robustness, continued availability, bang for buck, power consumption, performance and source code availability. Sorry Microsoft, you don’t score well on any of these metrics.

  8. Take a listen to:- twit.TV/sn episode 660 for some more detail. Download and fast forward to about 1 hour 30. (ish)

    Or await the written transcripts and show notes on GRC.com/sn

  9. On the technology side thing, I Think it has to do with the ARM Trustzone , PSA announcements back in October. Basically arm has implemented a hardware level isolate on subsystem level, and even released open source firmware for any manufacturer who wishes to take advantage of it. I think MS is just trying to get into the big data services game using this feature.

    MS public announcements are meant to draw more attention but the underlying technology of security on a silicon level is exciting.

    Sources:
    https://www.arm.com/news/2017/10/a-common-industry-framework
    https://pages.arm.com/iot-security-manifesto.html
    https://github.com/ARM-software/arm-trusted-firmware
    https://www.theregister.co.uk/2017/10/23/arm_platform_security_architecture/

  10. If your new “IoT security” thing requires an ARM chip and a linux kernel, its a non-starter for many IoT applications. A large chunk of the IoT world is built around a low-power microcontroller (Pic, AVR, something like that) coupled to a (generally low-power) WiFi and/or Bluetooth chipset to provide connectivity. Or possibly something that combines both in the one chip like an ESP series chip.

  11. The people who run Microsoft are mentally old, feeble, and lack vision. Microsoft is the dominant operating system.

    Long hail Linux and the communal push to drive Microsoft to extinction.

  12. I appreciate the irony of a Microsoft product fundamentally built on Linux…

    … but we don’t want or need Linux for tiny, edge-node IoT micropower devices.

    These devices need to be very very small, very very low power, very cheap, and not bloated at all.
    And yes, it’s true that this might imply that we won’t have much strong crypto right out to the micropower edge device – and that’s OK.

    1. “this might imply that we won’t have much strong crypto right out to the micropower edge device – and that’s OK.”
      Whether that’s OK or not very much depends on what the device does. Even for the most innocent-seeming little sensor, consider the consequences of an attacker spoofing the readings–maybe crypto is needed after all.

  13. Unless I’m missing something, this seems like a combination of trying to do a smaller, cheaper, implementation of the collection of concepts that started as “Next Generation Secure Computing Base”, became “Palladium”, and are now TPM/other Trusted Computing Group stuff on the PC side (the ‘Pluton security subsystem’); with a bundled cloud service that does communication and ‘telemetry’.

    I don’t doubt that Microsoft will do a less-ghastly job than a great many people merrily shipping embedded firmware; and it’s fairly trivially true that a beefy ARM core offers “additional headroom” and “advanced processing power”(not that anyone didn’t realize that; but they also realize that throwing a fairly beefy ARM core at the problem can blow your power budget and budget budget).

    Seems like one half a direct port of the “Secure Booted PCs connecting to Azure Everything” push on the PC side to smaller hardware; and perhaps the other half an attempt to keep ‘Homekit’ from being the only recognizable name in ‘consumer embedded devices that care even slightly about secure implementations’; but if there is novelty here I’m either missing it or they aren’t explaining it.

    The skeptical observer might also inquire with owners of ‘Surface RT’ devices about how that carefully secured ARM platform with deep Microsoft cloud dependencies is working out for them…

  14. Don’t trust my information being stored on somebody else’s server. The courts have no problems violating the 3rd amendment and using IOT devices, etc as ‘soldiers’ quartered in your house to hear/see/sense your every action…

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.