Microsoft ready to share secure MCU
Having designed the Sopris microcontroller with the help of silicon partner MediaTek Inc. Microsoft is now putting that microcontroller on a development board together with software that it is prepared to share with other researchers and security experts in academia and industry.
Microsoft is calling for others to get involved in Project Sopris this way and to drive a fundamental upgrade in electronic security. The researchers argue if this is not done it will leave microcontrollers unfit for purpose in the era of the Internet of Things and leave society vulnerable. The project is aimed at security for low-cost devices generally, recognizing that if security requires too much die area or resources it will not be affordable in numerous applications.
In particular Microsoft claims that traditional microcontrollers are “particularly ill-prepared for the security challenges of internet connectivity.”
Seven pillars of security
The Project Sopris group has begun by identifying what it considers are the seven properties required in highly secure devices and has conducted an experiment with silicon partner to revise one of MediaTek’s MCUs to create a prototype secure microcontroller.
The seven properties are: hardware-based root of trust; small trusted computing base; multi-layered and multi-vectored defense in depth; compartmentalization; certificate-based authentication; renewable security and failure reporting.
Microsoft has designed hardware security module it calls Pluton and states that adding Pluton or an equivalently-featured security module to a design is a necessary step towards creating a highly secure device.
The Pluton root of trust subsystem includes a security processor, cryptographic enginers, a hardware random number generator, a key store and a cryptographic operation engine.
The cryptographic engines in Pluton include an AES symmetric-key decryption and encryption engine, a SHA hashing engine used for measuring code and checking certificates, and a public key engine for accelerating RSA and ECC public key operations.
Next: Working with MediaTek
Microsoft worked with MediaTek to adapt the Cortex-M4F based MT7687 Wi-Fi enabled MCU and upgrade it to a Sopris-caliber MCU.
The original MT7687 comes with 352kbytes of embedded SRAM and 64kbyte of boot ROM. It includes a secure boot and hardware crypto engines for AES, DES/3DES and SHA2. A Wi-Fi and Bluetooth subsystem includes an 802.11b/g/n radio, baseband, and MAC, and an interface for an in-package flash die. There is an additional 32-bit RISC CPU in the Wi-Fi subsystem to offload communications tasks.
Microsoft made three changes to the MT7687. The research team added a Pluton security subsystem, upgraded the CPU to one including a memory management unit and increased the amount of on-die SRAM.
Sopris microcontroller with Pluton security subsystem included. Source: Microsoft.
Microsoft has not indicated which core it substituted for the Cortex-M4F or whether it simply added the optional memory protection unit as would be suggested by the Sopris MCU block diagram.
Typically microcontroller cores do not come with a memory management unit although the Cortex-M0+, Cortex-M3, Cortex-M4 and Cortex-M7 processors have an optional memory protection unit, which can be used to define memory access permissions and memory attributes or memory regions. The Cortex-M23/M33 cores were introduced by ARM in October 2016 with enhanced security for IoT applications in mind (see Secure processor cores added to Cortex-M range).
Next: White paper explains more
In a white paper on Project Sopris Microsoft researchers state: “In comparison to Sopris, existing microcontrollers do not support the properties required to create highly secure devices. For example, even though a microcontroller might include hardware crypto engines, keys directly usable by software in the microcontroller’s primary processor are insecure if a flaw is found in that software. Lacking a small trusted computing base, defense in depth, and compartmentalization, most microcontrollers use a single-compartment RTOS. In such systems, virtually any software vulnerability becomes a fatal flaw that allows the attacker to breach the single security layer and gain complete and permanent control of the device.”
Having designed the Sopris microcontroller Microsoft is now putting that microcontroller on a development board together with software that it is prepared to share with other researchers and security experts in academia and industry.
Related links and articles: