What’s this Azure Sphere?
Most of our everyday devices contain one or more Microcontrollers (MCU) which controll the operations of applicances. The applicances of MCUs ranging from domestic applicances like coffee machines over building systems like HVAC and elevaters, energy applicances like smart meters or solar systems until industrial solutions or mission critical systems for traffic control. In the past days this controllers where standalone devices without any network connections. There was less need to concern about hackers. Now, in the age of IoT, manufacturers of such appliaces are building smart cloud based services on top of their existing solutions. This requires to connect the devices to the cloud in a secure an reliable fashion. In detail this means:
- securely manage, exchange and store private keys and certificates
- provide and deploy instant patches against latest seurity vulnerabilites over secure connections
- guarantee the integrity of the firmware / OS
There comes Azure Sphere which provides a highly secured solution for connecting Microcontroller Units (MCU) in a secure way to the cloud by establishing security from silicon level over a secure OS to the cloud.
The secured MCU contains the so called Pluton security subsystem which creates a trusted hardware and stores private keys. Furthermore it allows the execution of complex cryptographic operations.
The secured OS is built by Azure Sphere OS is a custom Linux System maintained by Microsoft (Yes, you see right: Linux from Microsoft) which uses the security possibilities of the Azure Sphere Hardware.
The so called cloud security contains the Azure Sphere security service operated by Microsoft, which delivers automatic patches and OS updates to the devices and therefore protects against security vulnerabilities.
Installing the dev environment
I followed the official documentation to set up your board and install the Azure Sphere SDK. Everything went well until I updated the OS using
azsphere device recover. While dowloading the OS went smooth, the connection after downloading the OS failed. After checking everything twice, I realized that I already had an other TAP-Windows Adapter which was the first one. So I removed all TAP Windows Adapters and reinstalled the SDK. From there on, everithing worked as described.
The current MT3620 Hardware is really just an eval kit. It has limited power regarding processing power and memory. With only 4MB of memory there is not so mach space for larger applications. Therefore it is mainly a replacement for classical MCU applications which need a secure connectivity. But for this use case it provides everything an embedded developer needs to get the job of securely connecting the MCU to the cloud done without having to do a Masters degree in IoT security in advance.
The basic idea of Azure Sphere is very appealing from an embedded developers perspective. It enables secure connectivity to the cloud and protects the device against vulnerabilities from the ground up. Therefore as a developer I can focus on the business logic which provides value to the customer and do not have to spend a lot of my time building and maintaining a security infrastructure to protect my device against any kind of hacking and cracking.