The evolution of intelligent edge processing requires profound innovations in advanced processing and energy efficiency while ensuring that the foundations are robustly secured. Edge devices need to do more with less as well as provide greater safety and security to the millions of users who rely on these devices to provide essential services and modern conveniences to their daily lives. Through our strategic partnership with Microsoft and the expansion of NXP’s EdgeVerse portfolio, our customers can access more scalable, secure and performance efficient applications processors that can help create a productive, safer, more secure and greener world.
Our partnership with Microsoft and the development of this first processor family is an important milestone that demonstrates our continued commitment providing choice and flexibility to customers backed by the best in IoT security. We have invited our Microsoft Azure Sphere colleagues, Dr. Galen Hunt, Distinguished Engineer and Managing Director, and Kirsten Soelling, Program Manager, to share how the i.MX 8ULP-CS with Azure Sphere enables a whole new class of highly secured connected devices:
Dr. Galen Hunt, Microsoft Distinguished Engineer and Managing Director
The i.MX 8ULP-CS with Azure Sphere
NXP has introduced its first cloud-secured crossover applications processor, the i.MX 8ULP-CS with Azure Sphere, and announced plans to build additional Azure Sphere-certified processors as part of the NXP i.MX 9 series. This multi-chip collaboration between NXP and Microsoft will give customers more flexibility and capabilities and will enable a whole new class of Azure Sphere devices.
The Azure Sphere-certified offerings for both the i.MX 8 and i.MX 9 series processors bring together NXP’s expertise in silicon with Microsoft’s expertise in software, cloud and security to make it easier for device builders to create highly secured devices.
The i.MX 8ULP-CS, so named because it is cloud secured by Azure Sphere, benefits from all four components of Azure Sphere: the Microsoft Pluton hardware root of trust enabled on NXP EdgeLock™ secure enclave, the secured Azure Sphere OS, the cloud-based Azure Sphere Security Service and ongoing on-chip OS and security improvements from Microsoft for each device, for more than ten years. Together, these four components deliver a chip-to-cloud security solution that provides ongoing protection against new and emerging threats to keep devices secured over time. The i.MX 8ULP-CS will enable an expansive new generation of secured devices across a number of segments, including industrial, mobile, smart cities, smart homes and critical infrastructure. Everything from HVAC systems to home appliances to battery-operated personal IoT devices can be built on a foundation of security backed by Azure Sphere.
The Azure Sphere mission is to empower every organization on the planet to connect and create secured and trustworthy IoT devices. Our collaboration with NXP helps us to offer customers more choice, more implementation options and more flexibility—backed by the Azure Sphere security promise—to help ensure the durable value of transformative technologies and experiences.
Together, NXP and Microsoft are delivering a new class of secured SoCs for the IoT market. The collaboration delivers intelligent security that is responsive and always improving. Azure Sphere provides ongoing protection, responding to emerging threats and providing continual updates to help keep devices secured. NXP customers can enjoy the peace of mind that comes from knowing their i.MX 8ULP-CS devices are actively protected in the field by Azure Sphere.
The Seven Properties of Highly Secured Devices
We want every connected device manufacturer to be able to push the boundaries of innovation with the confidence that Microsoft has their back. We have leveraged deep security expertise across Microsoft hardware, software and cloud to develop a very clear view of what IoT security requires. Extensive research and evidence identified seven properties that must be present in every connected device in order for us to consider it “highly secured.” These properties outline the requirements for a device to withstand the complex threat landscape, limit the reach of an attack and to renew and enhance security over time. The extensive security built into Azure Sphere also includes all seven properties and gives customers a fast-track to creating highly secured IoT devices.
Security Starts in the Silicon: Microsoft Pluton Enabled on Edgelock™ Secure Enclave
In the i.MX 8ULP-CS, the Microsoft Pluton security subsystem is enabled through the NXP EdgeLock secure enclave, providing a dependable hardware root of trust and advanced security measures to guard against attacks. Pluton is built directly into the SoC, with hardware and software tightly integrated. The Pluton design improves the ability to guard against remote and local attacks, prevents the theft of credential and encryption keys and provides the ability to recover from software bugs. Pluton on EdgeLock secure enclave ensures the SoC uses only the most up-to-date software versions, further eliminating vulnerabilities. Pluton is also critical to delivering comprehensive chip-to-cloud security through integration with the Azure Sphere OS and the Azure Sphere Security Service.
Extending Security from the Chip to the Cloud
The Azure Sphere OS runs on every i.MX 8ULP-CS and is purpose-built to create an agile and highly secured software environment. This defense-in-depth OS is designed with layers of security to limit the potential reach of an attack and to make it possible to restore the health of the device in the event it is compromised. It combines security innovations pioneered in Windows, a security monitor and a custom Linux kernel to create a trustworthy platform for delivering new IoT experiences.
The Azure Sphere Security Service is a turnkey cloud service that connects to and guards every i.MX 8ULP-CS device. It brokers trust, as a certificate authority, for device-to-cloud and device-to-device communication, monitors the Azure Sphere ecosystem to detect emerging threats and provides a secured conduit for delivering automated application and OS updates. With this secured channel, Azure Sphere provides the infrastructure to securely and reliably update the firmware for devices in the field. The Azure Sphere Security Service brings the rigor and scale of Microsoft device, software and cloud security to each i.MX 8ULP-CS device.
"Every Azure Sphere-certified i.MX 8ULP-CS device is supported with ongoing OS and security improvements for over ten years."
Ongoing Security Improvements, OS Updates For Over 10 Years
Every Azure Sphere-certified i.MX 8ULP-CS device is supported with ongoing OS and security improvements for over ten years. Our team of Microsoft security experts provides ongoing security monitoring of the full Azure Sphere ecosystem to identify new types of attacks and emerging security vulnerabilities. We then proactively upgrade our operating system on each device and cloud service to mitigate against those new threats. We continually deploy OS and security updates to every i.MX 8ULP-CS device, globally, without disrupting the device. We are fighting a sophisticated security battle—at scale—so that customers don’t have to.
Security. Productivity. Opportunity.
The Azure Sphere-certified i.MX 8ULP-CS will unleash innovation for customers across industries as they create new devices and experiences that are also highly secured. To simplify and accelerate the process of developing and maintaining applications at scale on i.MX 8ULP-CS devices, we support several development environments, including Visual Studio on Windows and Visual Studio Code on Windows or Linux. The Visual Studio extension for Azure Sphere provides the most advanced tools for authoring code, integrated debugging and developer collaboration so that developer teams can focus their efforts on the value they want to create. We also provide support for continuous integration of Azure Sphere projects in GitHub Actions, or the system of your choice, with our official container image.
Organizations of any size can pursue IoT development with the confidence that NXP and Microsoft have laid out a foundation of security and that Azure Sphere is actively working to maintain and improve the security of every i.MX 8ULP-CS device over time. By providing chip-to-cloud security for your devices—at scale—Azure Sphere can help customers untether productivity; freeing your teams to focus on opportunities to achieve more.
Our collaboration with NXP on the development of this first chip is an important milestone that demonstrates our continued commitment to provide choice and flexibility to customers backed by the best in IoT security. The i.MX 8ULP-CS will be available for private preview later this year and will be generally available in 2022.
To learn more about Azure Sphere, please visit www.microsoft.com/azure-sphere
To learn more about i.MX 8ULP-CS please visit www.nxp.com/imx8ulpcs
For sales inquiries regarding the i.MX 8ULP-CS, please contact Naama Bak.