These days, most cloud providers are delivering end-to-end edge computing platforms for the Internet of Things (IoT). Among them is Microsoft’s Azure Sphere, which runs on the Azure cloud platform. The Azure Sphere OS is a customized version of Linux designed to work with processors that implement Microsoft’s Pluton security hardware subsystem.
NXP and Microsoft announced a partnership around Azure Sphere at this year’s NXP Connect conference. NXP will supply the edge-node hardware while Microsoft provides the hooks to the cloud, including the custom, Linux-based Azure Sphere OS (see figure).
NXP’s new i.MX 8 will incorporate Microsoft’s Pluton security hardware designed to support the Azure Sphere OS that ties into the Azure cloud.
The i.MX 8 chip will not be shipping in quantity until next year. It was designed by engineering teams from each company and will be built using fully depleted silicon-on-insulator (FD-SOI) technology to minimize power requirements. There will be single and dual core versions based on the Arm Cortex-A35; a Cortex-M33 core handles real-time chores. Both support Arm’s TrustZone security as well. An independent audio/video processing domain is powered by a high-performance HiFi4 DSP core. The chip will be part of NXP’s new Edge Verse family.
Azure Sphere OS is designed to have a small memory footprint. It runs on the Cortex-A while an RTOS will typically run on the Cortex-M33. Microsoft just picked up Express Logic, so its ThreadX RTOS could be an option.
“NXP's collaboration with Microsoft is yet another step in our ongoing commitment to bring complete security solutions to our customers," said Joe Yu, vice president of the low-power applications processors product line at NXP. “With this Azure Sphere-certified applications processor, customers can build purposeful edge products using the energy efficiency and multifaceted capabilities of the i.MX 8 series, and enjoy the peace of mind that comes from knowing that their products are protected in the field by Azure Sphere security service.”
“At a time when the opportunity of innovation is limited only by imagination, security is a persistent challenge. Our collaboration with NXP enables our partners to fully realize the opportunity in front of them by delivering intelligent security that is responsive and always learning,” said Galen Hunt, Distinguished Engineer and Managing Director, Microsoft Azure Sphere. “Together with the performance and flexibility of NXP’s i.MX application processors, we will help our partners transform their products and the way they service and interact with their customers. This collaboration allows device manufacturers across various industries to achieve more.”
Microsoft’s Azure Sphere OS boots from the Pluton’s root-of-trust. The hardware has its own random-number generator, crypto acceleration, and key management and storage. Each chip has its own private key and Azure’s public key installed when the chip is built. It supports remote attestation; the OS and framework also support over-the-air (OTA) updates, with Microsoft delivering Azure Sphere OS updates along with application updates all under company control.
Applications that run on the Azure Sphere OS have a secure and authenticated communications link with the Azure Sphere cloud. The Azure cloud supports applications as well as provides management services for the edge devices.