Microsoft has released details on Azure Sphere, their bid to make IoT devices secure by default:
First is a new class of microcontrollers (MCUs) that supports seven critical hardware features that Microsoft says are a necessary foundation to build secure systems. These include support for unforgeable encryption keys protected by hardware, the ability to update system software, and hardware-enforced compartmentalization between software components. Microsoft has some track record in building such systems, in particular with the Xbox, which is designed to have tamper-proof hardware that’s securely updatable.[…]
Second is a new operating system: Azure Sphere OS. The company says this OS combines a custom Linux kernel with Windows-inspired security features, providing a secure platform that scales down to smaller systems than Windows can reach. Application code is run within containers to provide isolation, and Microsoft will have a custom security monitor running beneath the Linux kernel to protect system integrity and arbitrate access to critical resources.
The third part is Azure Sphere Security Service, a cloud service that will detect security issues (by recognizing failures and errors on devices), act as a source of software updates, and mediate secure communications between devices and to the cloud.
The Microsoft-made microcontroller designs will be available to manufacturers under royalty-free licenses.
Additionally, the big news is Microsoft’s own Linux distribution, a first for the company. They do have a custom Linux build they us in-house for Azure’s networking stack, but that isn’t available outside of the company.