And it talks to Azure. Cortana probably spotted lurking nearby
Microsoft has designed a family of Arm-based system-on-chips for Internet-of-Things devices that runs its own flavor of Linux – and securely connects to an Azure-hosted backend.
Dubbed Azure Sphere, the platform is Microsoft’s foray into the trendy edge-computing space, while craftily locking gadget makers into cloud subscriptions.
The way it works is like this: Microsoft makes its system-on-chip (SoC) blueprints available to chip designers, which fabricate the chipset and flog it to IoT device makers. These manufacturers slap the silicon in their products, and run Microsoft’s Linux-based Sphere OS along with their own software on the chip, which connects to Microsoft’s Azure Sphere running on Redmond’s cloud.
Sphere does things like make sure gizmos only run official firmware, and automatically pushes out and installs bug fixes on remote devices, and so on. In the process, the chipmaker moves more silicon, the device vendor gets a turnkey security service to show to customers, and Microsoft gets a cloud customer for the lifespan of the device.
It’s basically a rip-off of Arm’s Mbed Cloud, if you don’t want to be generous to Microsoft. The Windows giant calls its chip an MCU – a micro-controller unit – even though pretty much everyone else would call it a system-on-chip. Let’s see what’s in it…
So what’s on the chip?
The Azure Sphere MCU itself is a combination of Arm processor cores, wireless connectivity, memory, some IO, and Microsoft’s custom security controller and core sandboxing.
The heavy lifting will be done by an Arm Cortex-A CPU that will run the device’s application code and Redmond’s custom Linux OS. A pair of Cortex-M cores handle the I/O, and can be accessed by the gadget’s engineers: you can run whatever code you need on them.
A third Cortex-M core forms the basis of Microsoft’s homegrown “Pluton” security coprocessor, which polices the system: it is off-limits to application software on the Cortex-A CPU, and the code running on the other Cortex-Ms. Pluton is kept separate by what Microsoft calls hardware IO firewalls within the SoC.
Whatever firmware is loaded, and regardless of whether or not it has been hacked while running, the Pluton part should remain unaffected and unmolested.