Azure Sphere

'Azure Sphere is a secure, world-class application platform with built-in communication and security capabilities for Internet-connected devices- IoT. The platform consists of integrated hardware built around a secure silicon chip, the ''Azure Sphere OS'' (operating system for Azure Sphere), a high-end operating system based on Linux, and the Azure Sphere Security Service, a cloud-based security service that provides continuous, renewable security. Azure Sphere security was developed based on Microsoft Researchs position on the seven required characteristics of highly secure devices.

Azure Sphere OS

The Azure Sphere OS is a custom Linux-based microcontroller operating system created by Microsoft to run on an Azure Sphere-certified chip and to connect to the Azure Sphere Security Service. The Azure Sphere OS provides a platform for Internet of things application development, including both high-level applications and real-time capable applications. It is the first operating system running a Linux kernel that Microsoft has publicly released and the second Unix-like operating system that the company has developed for external (public) users, the other being Xenix.

Azure Sphere Security Service

The Azure Sphere Security Service, sometimes referred to as AS3, is a cloud-based service that enables maintenance, updates, and control for Azure Sphere-certified chips. The Azure Sphere Security Service establishes a secure connection between devices and the internet and/or cloud services and ensures secure boot. The primary purpose of contact between an Azure Sphere device and the Azure Sphere Security Service is to authenticate the device identity, ensure the integrity and trust of the system software, and to certify that the device is running a trusted code base. The service also provides the secure channel used by Microsoft to automatically download and install Azure Sphere OS updates and customer application updates to deployed devices.

Azure Sphere chips and hardware

Azure Sphere-certified chips and hardware support two general implementation categories: greenfield and brownfield. Greenfield implementation involves designing and building new IoT devices with an Azure Sphere-certified chip. Azure Sphere-certified chips are currently produced by MediaTek. In June 2019, NXP announced plans to produce a line of Azure Sphere-certified chips. In October 2019, Qualcomm announced plans to produce the first Azure Sphere-certified chips with cellular capabilities. Brownfield implementation involves the use of an Azure Sphere guardian device to securely connect an existing device to the internet. Azure Sphere guardian modules are currently produced by Avnet.

MediaTek 3620

MT3620 is the first Azure Sphere-certified chip and includes an ARM Cortex-A7 processor (500 MHz), two ARM Cortex-M4F I/O subsystems (200 MHz), 5x UART/I2C/SPI, 2x I2S, 8x ADC, up to 12 PWM counters and up to 72x GPIO, and Wi-Fi capability. MT3620 contains the Microsoft Pluton security subsystem with a dedicated ARM Cortext-M4F core that handles secure boot and secure system operation.

Azure Sphere hardware

Azure Sphere-certified chips can be purchased in several different hardware configurations produced by Microsoft partners.

Modules
* Avnet Wi-Fi Module
* AI-Link Wi-Fi Module
* USI Dual Band Wi-Fi Module
Development kits
* Avnet MT3620 Starter Kit
* Seeed MT3620 Dev Board
* Seeed MT3620 Mini Dev Board
Guardian devices
* Avnet Guardian Module

Azure Sphere Guardian module

An Azure Sphere Guardian module is external, add-on hardware that incorporates an Azure Sphere-certified chip and can be used to securely connect an existing device to the internet. In addition to an Azure-Sphere certified chip, an Azure Sphere Guardian module includes the Azure Sphere OS and the Azure Sphere Security Service. A guardian module is a method of implementing secure connectivity for existing devices without exposing those devices to the internet. The guardian module can be connected to a device through an existing peripheral on the device and is then connected to the internet through Wi-Fi or Ethernet. The device itself is not connected directly to the network.

Microsoft Pluton

Pluton is a Microsoft-designed security subsystem that implements a hardware-based root of trust for Azure Sphere. It includes a security processor core, cryptographic engines, a hardware random number generator, public/private key generation, asymmetric and symmetric encryption, support for elliptic curve digital signature algorithm (ECDSA) verification for secured boot, and measured boot in silicon to support remote attestation with a cloud service, and various tampering counter-measures. As of March 2022, however, Pluton is still in the design stage, as silicon companies see no reason to implement it.

Application development

The Linux-based Azure Sphere OS provides a platform for developers to write applications that use peripherals on the Azure Sphere chip. Applications can run on either the A7 core with access to external communications or as real-time capable apps on one of the M4 processors. Real-time capable applications can run on either bare metal or with a real-time operating system (RTOS). Developer applications can be distributed to Azure Sphere devices through the same secure mechanism as the Azure Sphere OS updates.

Timeline

The following is a list of announcements and releases from Microsoft around Azure Sphere.

See also

* Intel Management Engine
* Windows Subsystem for Linux
* Xenix
* Windows IoT

References

External links

*

2018 software
ARM operating systems
Computer-related introductions in 2018
Computing platforms
Embedded operating systems
Linux
Microcontroller software
Microsoft hardware
Microsoft operating systems

{{operating-system-stub