element14 Community
element14 Community
    Register Log In
  • Site
  • Search
  • Log In Register
  • Community Hub
    Community Hub
    • What's New on element14
    • Feedback and Support
    • Benefits of Membership
    • Personal Blogs
    • Members Area
    • Achievement Levels
  • Learn
    Learn
    • Ask an Expert
    • eBooks
    • element14 presents
    • Learning Center
    • Tech Spotlight
    • STEM Academy
    • Webinars, Training and Events
    • Learning Groups
  • Technologies
    Technologies
    • 3D Printing
    • FPGA
    • Industrial Automation
    • Internet of Things
    • Power & Energy
    • Sensors
    • Technology Groups
  • Challenges & Projects
    Challenges & Projects
    • Design Challenges
    • element14 presents Projects
    • Project14
    • Arduino Projects
    • Raspberry Pi Projects
    • Project Groups
  • Products
    Products
    • Arduino
    • Avnet Boards Community
    • Dev Tools
    • Manufacturers
    • Multicomp Pro
    • Product Groups
    • Raspberry Pi
    • RoadTests & Reviews
  • Store
    Store
    • Visit Your Store
    • Choose another store...
      • Europe
      •  Austria (German)
      •  Belgium (Dutch, French)
      •  Bulgaria (Bulgarian)
      •  Czech Republic (Czech)
      •  Denmark (Danish)
      •  Estonia (Estonian)
      •  Finland (Finnish)
      •  France (French)
      •  Germany (German)
      •  Hungary (Hungarian)
      •  Ireland
      •  Israel
      •  Italy (Italian)
      •  Latvia (Latvian)
      •  
      •  Lithuania (Lithuanian)
      •  Netherlands (Dutch)
      •  Norway (Norwegian)
      •  Poland (Polish)
      •  Portugal (Portuguese)
      •  Romania (Romanian)
      •  Russia (Russian)
      •  Slovakia (Slovak)
      •  Slovenia (Slovenian)
      •  Spain (Spanish)
      •  Sweden (Swedish)
      •  Switzerland(German, French)
      •  Turkey (Turkish)
      •  United Kingdom
      • Asia Pacific
      •  Australia
      •  China
      •  Hong Kong
      •  India
      •  Korea (Korean)
      •  Malaysia
      •  New Zealand
      •  Philippines
      •  Singapore
      •  Taiwan
      •  Thailand (Thai)
      • Americas
      •  Brazil (Portuguese)
      •  Canada
      •  Mexico (Spanish)
      •  United States
      Can't find the country/region you're looking for? Visit our export site or find a local distributor.
  • Translate
  • Profile
  • Settings
Personal Blogs
  • Community Hub
  • More
Personal Blogs
Andy Clark's Blog Azure Sphere Secure IOT - First look
  • Blog
  • Documents
  • Mentions
  • Sub-Groups
  • Tags
  • More
  • Cancel
  • New
  • Share
  • More
  • Cancel
Group Actions
  • Group RSS
  • More
  • Cancel
Engagement
  • Author Author: Workshopshed
  • Date Created: 7 Nov 2018 10:51 PM Date Created
  • Views 2040 views
  • Likes 9 likes
  • Comments 7 comments
  • azure sphere
  • iot
Related
Recommended

Azure Sphere Secure IOT - First look

Workshopshed
Workshopshed
7 Nov 2018

Overview

 

Azure Sphere is a new platform from Microsoft it consists of a system on chip, SDK and online tools for management. The key problem they are trying to solve is making IOT devices secure.

 

You don't have permission to edit metadata of this video.
Edit media
x
image
Upload Preview
image

 

Some of the principles they've used are described in the "Seven Properties of Highly Secure Devices" white paper, a summary shown in the table below.

image

To achieve this, they have designed a new architecture along with MediaTek, the system on chip MT3620. This consists of multiple cores. The "Pluton" is a security processor, this is responsible for hardware random number generation, key and certificate storage, cryptographic functions and failure management. Alongside this is an Arm Cortex-A7 application processor and two Cortex-M4 cores with floating point units that can be used to offload processing or I/O from the main processor. It also has the usual range of peripherals such as UART,I2C,SPI,I2S,PWM,GPIO and ADC.  There's also Wifi connectivity supporting a/b/g/n in the 2.4GHz,  5GHz ranges. All these components are separated by "I/O Firewalls" so you can lock given peripherals to just specific cores. Given the sheer number of things on this SOC I'm expecting a higher than average power consumption, that's something I'll have to look into.

imageimage

 

Comparable products

I've not looked at the alternatives in detail but both Microchip and Cypress have "Secure IOT" offerings.

 

https://www.microchip.com/design-centers/embedded-security

http://www.cypress.com/solutions/internet-things-iot

 

Getting going

https://azure.microsoft.com/en-us/services/azure-sphere/get-started/

 

Microsoft has partnered with French and German distributors but I could not work out how to order from them for the UK. So I ordered from Seeed making sure to pick the EU model so it works properly with our Wifi.

 

There's not much in the box, just a card with the Wifi conformity details and URL for SDK along with the board and a USB cable.

image

 

Visual studio community

It is possible to cross-compile Azure Sphere code from the command line using just the SDK and GCC but if you use Visual Studio it's possible to build and debug from the IDE. I use VS at work so am fairly familiar with it so that seemed my preferred option. The Visual Studio suite of tools is pretty large so I installed the "Comunity Edition" onto my home machine using just the core editor to start with. That was still 650MB.

 

https://azure.microsoft.com/en-gb/blog/developing-an-azure-sphere-experience-with-visual-studio/

 

I then downloaded the SDK which at this time is still a preview. http://aka.ms/AzureSphereSDKDownload

There's a new version of the SDK out next week. https://azure.microsoft.com/en-gb/updates/upcoming-azure-sphere-18-11-release-announcement/

Installing the SDK took some time on this machine as it needed to install all of the other prerequisites and dependencies, the Azure Sphere components when it finally got to them did not take long at all.

 

I then fired up Visual Studio, created a new project using the blink sample and hit build.

image

That completed successfully.

 

1>------ Build started: Project: Mt3620Blink1, Configuration: Debug ARM ------
1>Azure Sphere Utility version 2.0.2.45571
1>Copyright (C) Microsoft Corporation. All rights reserved.
1>
1>Start time (UTC): Wednesday, 07 November 2018 22:40:04
1>verbose: Creating image.
1>verbose: Azure Sphere application image written.
1>verbose: Appending metadata.
1>verbose: Wrote metadata:
1>  Section: Identity
1>    Image Type:        Applications
1>
1>    Component UID:     d762ff43-6761-45b0-bb44-6c555b55cf14
1>
1>    Image UID:         71bad514-7fc9-4af5-b766-7e1bf8e0ac75
1>
1>  Section: Signature
1>    Signing Type:      ECDsa256
1>
1>    Cert:              a8d5cc6958f48710140d7a26160fc1cfc31f5df0
1>
1>  Section: Debug
1>    Name:              Mt3620Blink1
1>
1>    Built On (UTC):    07/11/2018 22:40:10
1>
1>    Built On (Local):  07/11/2018 22:40:10
1>
1>  Section: Temporary Image
1>    Remove image at boot: False
1>
1>    Under development: True
1>
1>  Section: ABI Depends
1>    Depends:           ApplicationRuntime@1
1>
1>
1>verbose: Packaging completed successfully.
1>verbose: Output file is at: C:\Users\owner\Desktop\Andy\Azure Sphere\Mt3620Blink1\Mt3620Blink1\bin\ARM\Debug\Mt3620Blink1.imagepackage
1>Command completed successfully in 00:00:07.2077566.
========== Build: 1 succeeded, 0 failed, 0 up-to-date, 0 skipped ==========

 

One point of interest is that the code contains a manifest file, that contains the capabilities that the processors are allowed to use. This is part of the firewalls mentioned earlier. If you don't include a required GPIO or UART then the processors won't connect to them. As an experiment, I removed GPIO 8 from this list (the LED that is toggled by the code) and it still compiled successfully so this is only checked at runtime.

 

{
  "SchemaVersion": 1,
  "Name" : "Mt3620Blink1",
  "ComponentId" : "d762ff43-6761-45b0-bb44-6c555b55cf14",
  "EntryPoint": "/bin/app",
  "CmdArgs": [],
  "TargetApplicationRuntimeVersion": 1,
  "Capabilities": {
    "AllowedConnections": [],
    "Gpio": [ 8, 9, 10, 12 ],
    "Uart": [],
    "WifiConfig": false
  }
}

 

Claiming the board

The next step is to claim the board so that I can deploy code to it and monitor it from Azure IOT Hub. I've not completed this yet but there's a few steps such as setting up logins so I'll cover that in more detail in the next post.

There is a warning that once you've claimed a board you can't move it to another "tenant".

https://azure.microsoft.com/mediahandler/files/resourcefiles/azure-sphere-device-authentication-and-attestation-service/…

https://azure.microsoft.com/en-us/services/iot-hub/

 

Project

Those who know of my previous projects will be happy to know that this one is also going to be in the form of an enchanted object. I'm not going to let too much out of the bag at the moment but here's a teaser.

image

  • Sign in to reply

Top Comments

  • Fred27
    Fred27 over 6 years ago in reply to Workshopshed +2
    I'm very wary of the Meadow. Firstly, because I was bitten by Secret Labs on the Agent Smartwatch and Netduino Go. (Wilderness Labs apparently took over from Secret Labs rather than being related, but…
  • shabaz
    shabaz over 6 years ago in reply to Fred27 +2
    This is so not true either (from their kickstarter page): " Meadow is the world's first, modern, secure, professional IoT platform " If that's the case, I'd love to know how they protect against the scenario…
  • Fred27
    Fred27 over 6 years ago +1
    It looked like a potentially interesting board when it was announced, but a bit pricey as a pre-order purchase. Which of the cores does the user have access to? I seem to remember that earlier demos only…
  • Workshopshed
    Workshopshed over 6 years ago

    More on the Cypress PSOC 6 - http://circuitcellar.com/industry-enterprise/product-news/cypress-semi-teams-with-arm-for-secure-iot-mcu-solution/

    image

    Looks like they have something similar to what Microsoft is calling "Firewalls"

    • Cancel
    • Vote Up +1 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • Workshopshed
    Workshopshed over 6 years ago

    Another platform for comparison

    https://www.96boards.org/blog/up-and-running-with-the-secure96-tpm/

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • Workshopshed
    Workshopshed over 6 years ago in reply to Fred27

    Yeh, it's a difference crew but looks like a small step from the Neduino rather than a giant leap.

     

    I did see a good example of remote management for the Pi but the name of the solution escapes me. I'm trying to move all my .Net work across to Core as we rarely do anything that's tightly tied to the O/S. For the above project I'm hoping to use Azure Functions to do some of the backend processing.

     

    The Azure Sphere board protects from re-flashing by having secure boot, signed images and remote revocation.

    https://docs.microsoft.com/en-us/azure-sphere/product-overview/architecture

    • Cancel
    • Vote Up 0 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • shabaz
    shabaz over 6 years ago in reply to Fred27

    This is so not true either (from their kickstarter page):

    "Meadow is the world's first, modern, secure, professional IoT platform"

    If that's the case, I'd love to know how they protect against the scenario that some malicious party re-flashes the chip or the other memory chip on the board, or puts their own code on the board in some other way.. not saying other manufacturers have completely solved that problem, but other manufacturers have gone a lot further to reduce the risk. I've gone a lot further on a custom personal board - if I can do it, so can others - and Meadow clearly has not.

    • Cancel
    • Vote Up +2 Vote Down
    • Sign in to reply
    • More
    • Cancel
  • Fred27
    Fred27 over 6 years ago in reply to Workshopshed

    I'm very wary of the Meadow. Firstly, because I was bitten by Secret Labs on the Agent Smartwatch and Netduino Go. (Wilderness Labs apparently took over from Secret Labs rather than being related, but it still makes me wary.) Secondly, I wonder if an STM32F7 is enough to run an RTOS, Mono and .NET. Far less risky to run .NET Core on a Raspberry Pi IMHO. You can even get it running in a Docker container.

    • Cancel
    • Vote Up +2 Vote Down
    • Sign in to reply
    • More
    • Cancel
>
element14 Community

element14 is the first online community specifically for engineers. Connect with your peers and get expert answers to your questions.

  • Members
  • Learn
  • Technologies
  • Challenges & Projects
  • Products
  • Store
  • About Us
  • Feedback & Support
  • FAQs
  • Terms of Use
  • Privacy Policy
  • Legal and Copyright Notices
  • Sitemap
  • Cookies

An Avnet Company © 2025 Premier Farnell Limited. All Rights Reserved.

Premier Farnell Ltd, registered in England and Wales (no 00876412), registered office: Farnell House, Forge Lane, Leeds LS12 2NE.

ICP 备案号 10220084.

Follow element14

  • X
  • Facebook
  • linkedin
  • YouTube