A Blog by Jonathan Low


Apr 19, 2018

Why Microsoft Is Putting Old Nemesis Linux In New Chip

The enemy of my enemy is my friend. JL

Shaun Nichols reports in The Register and Jay Greene reports in the Wall Street Journal:

To head off cyberattacks like the one that took down Twitter and Netflix, Microsoft is deploying widely used operating-system software. It won’t, however, be Windows. Microsoft plans to embed Linux, a rival technology former Chief Executive Steve Ballmer once called a “cancer,” in a new design for millions of internet-connected devices.The platform is Microsoft's foray into the trendy edge-computing space, while locking gadget makers into cloud subscriptions.
The Register Microsoft has designed a family of Arm-based system-on-chips for Internet-of-Things devices that runs its own flavor of Linux – and securely connects to an Azure-hosted backend.
Dubbed Azure Sphere, the platform is Microsoft's foray into the trendy edge-computing space, while craftily locking gadget makers into cloud subscriptions.
The way it works is like this: Microsoft makes its system-on-chip (SoC) blueprints available to chip designers, which fabricate the chipset and flog it to IoT device makers. These manufacturers slap the silicon in their products, and run Microsoft's Linux-based Sphere OS along with their own software on the chip, which connects to Microsoft's Azure Sphere running on Redmond's cloud.
Sphere does things like make sure gizmos only run official firmware, and automatically pushes out and installs bug fixes on remote devices, and so on. In the process, the chipmaker moves more silicon, the device vendor gets a turnkey security service to show to customers, and Microsoft gets a cloud customer for the lifespan of the device.
It's basically a rip-off of Arm's Mbed Cloud, if you don't want to be generous to Microsoft. The Windows giant calls its chip an MCU – a micro-controller unit – even though pretty much everyone else would call it a system-on-chip. Let's see what's in it...

So what's on the chip?

The Azure Sphere MCU itself is a combination of Arm processor cores, wireless connectivity, memory, some IO, and Microsoft's custom security controller and core sandboxing.
The heavy lifting will be done by an Arm Cortex-A CPU that will run the device's application code and Redmond's custom Linux OS. A pair of Cortex-M cores handle the I/O, and can be accessed by the gadget's engineers: you can run whatever code you need on them.
A third Cortex-M core forms the basis of Microsoft's homegrown "Pluton" security coprocessor, which polices the system: it is off-limits to application software on the Cortex-A CPU, and the code running on the other Cortex-Ms. Pluton is kept separate by what Microsoft calls hardware IO firewalls within the SoC.
Whatever firmware is loaded, and regardless of whether or not it has been hacked while running, the Pluton part should remain unaffected and unmolested.
Pluton provides a secure boot mechanism so only officially sanctioned firmware runs, and it uses cryptographic certificates to encrypt and protect its communications with the Azure backend, and to authenticate the gizmo so that the servers can be sure they are talking to legit non-tampered-with hardware. The goal is to stop people or miscreants modifying the firmware, to prevent counterfeit products from connecting, to encrypt data traffic, to receive and install trusted software updates, and so on.
In order to guarantee this, the Pluton section exclusively oversees the Wi-Fi hardware: if application-side code needs to talk to the outside world, it has to ask nicely via APIs with the security coprocessor. The app can't tell the wireless electronics what to do directly. This stops rogue application code hijacking the wireless connectivity for malicious purposes.
All in theory, of course. Computer security mechanisms and defenses are known to have exploitable bugs – the original Microsoft Xbox, anyone?

The Wall Street Journal
To head off cyberattacks like the one in 2016 that took down Twitter Inc. TWTR +0.03% and Netflix Inc., Microsoft Corp. MSFT +0.50% is deploying widely used operating-system software it bolstered with enhanced security features.
It won’t, however, be Windows.
Microsoft instead plans to embed Linux, a rival technology former Chief Executive Steve Ballmer once called a “cancer,” in a new design for a computer chip for toys, household appliances, industrial machinery and millions of other internet-connected devices.
A lack of security features on such microcontroller chips allowed hackers in 2016 to use more than 300,000 devices to launch the widespread denial-of-service attack dubbed Mirai.
Microsoft’s embrace of Linux is another a sign the company under CEO Satya Nadella is moving past the Windows era.
Mr. Nadella last month reorganized the company around its growing Azure cloud-computing operations and its Office productivity business. In doing so, he downgraded the role of Windows, the foundation of Microsoft’s success for much of its 43 years.
He also has shifted Microsoft’s strategy by making products such as its SQL Server database program work with Linux, open-source software Mr. Ballmer had decried as a threat to intellectual-property rights.
Microsoft was set to announced the new chip design Monday at the annual RSA digital-security conference in San Francisco.
The move is designed to bolster Microsoft’s position in the Internet of Things market against cloud-infrastructure leader Amazon.com Inc. and others. The global market for microcontroller chips that can connect to the web—roughly one-eighth of the overall microcontroller-chip business—hit $2.2 billion last year, said Tom Hackenberg, a principal analyst with the research firm, IHS Markit Ltd.
Microsoft used Linux because even the most scaled-down version of Windows won’t fit on thumbnail-size microcontroller chips. Its engineers added security features the company developed to the Linux “kernel,” the core elements of the operating system.
Later this year, manufacturers can buy the chip with a service that monitors threats and updates with the latest patches for 10 years. The bundle, called Azure Sphere, will cost less than $10 a device, though the company declined to be more specific.
MediaTek Inc., a chip maker based in Taiwan, said it is willing to use the design because the company lacks experience developing and updating security services. Microcontroller chips that can connect to the web cost about $3 to $5 apiece, and the new design will add “a dollar or two at most,” said MediaTek vice president Finbarr Moynihan.
That cost is negligible for Microsoft customers such as luxury-appliance maker Sub-Zero Group Inc. The company is putting the chips in its ranges and refrigerators that send mobile-phone alerts and provide diagnostic data.
Azure Sphere is less likely to appeal to companies that make inexpensive connected gadgets with thin profit margins, such as baby monitors or toys, where consumers are more price sensitive, said Saniye Alaybeyi, a research director for Gartner Inc.
Microsoft made the chip design open, giving customers the ability to buy the chip but then connect to security services on their own servers or from another cloud provider. This isn’t the first time the company has worked with Linux, but the Azure Sphere chip is the first product Microsoft has built exclusively on the open-source software, the company said.


Post a Comment