Security and resource constraints are often at odds with each other. While some security measures involve making code smaller by removing attack surfaces, others require adding new features, which consume precious flash and RAM. How did Microsoft manage to create a secure Linux based OS that runs on the Azure Sphere MCU?
The Azure Sphere OS begins with a long-term support (LTS) Linux kernel. Then the Azure Sphere development team customizes the kernel to add additional security features, as well as some code targeted at slimming down resource utilization to fit within the limited resources available on an Azure Sphere chip. In addition, applications, including basic OS services, run isolated for security. Each application must opt in to use the peripherals or network resources it requires. The result is an OS purpose-built for Internet of Things (IoT) and security, which creates a trustworthy platform for IoT experiences.
At the 2018 Linux Security Summit, Ryan Fairfax, an Azure Sphere engineering lead, presented a deep dive into the Azure Sphere OS and the process of fitting Linux security in 4 MiB of RAM. In this talk, Ryan covers the security components of the system, including a custom Linux Security Module, modifications and extensions to existing kernel components, and user space components that form the security backbone of the OS. He also discusses the challenges of taking modern security techniques and fitting them in resource-constrained devices. I hope that you enjoy this presentation!
Watch the video to learn more about the development of Azure Sphere’s secure, Linux-based OS. You can also look forward to Ryan’s upcoming talk on Using Yocto to Build an IoT OS Targeting a Crossover SoC at the Embedded Linux Conference in San Diego on August 22.
Visit our website for documentation and more information on how to get started with Azure Sphere.