The evolution of intelligent edge processing requires profound innovations in advanced processing and energy
efficiency while ensuring that the foundations are robustly secured. Edge devices need to do more with less as well
as provide greater safety and security to the millions of users who rely on these devices to provide essential
services and modern conveniences to their daily lives. Through our strategic partnership with Microsoft and the
expansion of NXP’s EdgeVerse portfolio, our
customers can access more scalable, secure and performance efficient applications processors that can help create a
productive, safer, more secure and greener world.
Our partnership with Microsoft and the development of this first processor family is an important milestone that
demonstrates our continued commitment providing choice and flexibility to customers backed by the best in IoT
security. We have invited our Microsoft Azure Sphere colleagues, Dr. Galen Hunt, Distinguished Engineer and Managing
Director, and Kirsten Soelling, Program Manager, to share how the i.MX 8ULP-CS with Azure Sphere enables a whole new
class of highly secured connected devices:
Dr. Galen Hunt, Microsoft Distinguished Engineer and Managing Director
The i.MX 8ULP-CS with Azure Sphere
NXP has introduced its first cloud-secured crossover
applications processor, the i.MX 8ULP-CS with Azure Sphere, and announced plans to build additional Azure
Sphere-certified processors as part of the NXP i.MX 9 series. This multi-chip collaboration between NXP and
Microsoft will give customers more flexibility and capabilities and will enable a whole new class of Azure Sphere
The Azure Sphere-certified offerings for both the i.MX 8 and i.MX 9 series processors bring together NXP’s expertise
in silicon with Microsoft’s expertise in software, cloud and security to make it easier for device builders to
create highly secured devices.
The i.MX 8ULP-CS, so named because it is cloud secured by Azure Sphere, benefits from all four components of Azure
Sphere: the Microsoft Pluton hardware root of trust enabled on NXP EdgeLock™ secure enclave, the secured
Azure Sphere OS, the cloud-based Azure Sphere Security Service and ongoing on-chip OS and security improvements from
Microsoft for each device, for more than ten years. Together, these four components deliver a chip-to-cloud security
solution that provides ongoing protection against new and emerging threats to keep devices secured over time. The
i.MX 8ULP-CS will enable an expansive new generation of secured devices across a number of segments, including
industrial, mobile, smart cities, smart homes and critical infrastructure. Everything from HVAC systems to home
appliances to battery-operated personal IoT devices can be built on a foundation of security backed by Azure Sphere.
The Azure Sphere mission is to empower every organization on the planet to connect and create secured and trustworthy
IoT devices. Our collaboration with NXP helps us to offer customers more choice, more implementation options and
more flexibility—backed by the Azure Sphere security promise—to help ensure the durable value of transformative
technologies and experiences.
Together, NXP and Microsoft are delivering a new class of secured SoCs for the IoT market. The collaboration delivers
intelligent security that is responsive and always improving. Azure Sphere provides ongoing protection, responding
to emerging threats and providing continual updates to help keep devices secured. NXP customers can enjoy the peace
of mind that comes from knowing their i.MX 8ULP-CS devices are actively protected in the field by Azure Sphere.
The Seven Properties of Highly Secured Devices
We want every connected device manufacturer to be able to push the boundaries of innovation with the confidence that
Microsoft has their back. We have leveraged deep security expertise across Microsoft hardware, software and cloud to
develop a very clear view of what IoT security requires. Extensive research and evidence
identified seven properties that must be present in every connected device in order for us to consider it
“highly secured.” These properties outline the requirements for a device to withstand the complex threat landscape,
limit the reach of an attack and to renew and enhance security over time. The extensive security built into Azure
Sphere also includes all seven properties and gives customers a fast-track to creating highly secured IoT devices.
Security Starts in the Silicon: Microsoft Pluton Enabled on Edgelock™ Secure Enclave
In the i.MX 8ULP-CS, the Microsoft Pluton security subsystem is enabled through the NXP EdgeLock secure enclave,
providing a dependable hardware root of trust and advanced security measures to guard against attacks. Pluton is
built directly into the SoC, with hardware and software tightly integrated. The Pluton design improves the ability
to guard against remote and local attacks, prevents the theft of credential and encryption keys and provides the
ability to recover from software bugs. Pluton on EdgeLock secure enclave ensures the SoC uses only the most
up-to-date software versions, further eliminating vulnerabilities. Pluton is also critical to delivering
comprehensive chip-to-cloud security through integration with the Azure Sphere OS and the Azure Sphere Security
Extending Security from the Chip to the Cloud
The Azure Sphere OS runs on every i.MX 8ULP-CS and is purpose-built to create an agile and highly secured software
environment. This defense-in-depth OS is designed with layers of security to limit the potential reach of an attack
and to make it possible to restore the health of the device in the event it is compromised. It combines security
innovations pioneered in Windows, a security monitor and a custom Linux kernel to create a trustworthy platform for
delivering new IoT experiences.
The Azure Sphere Security Service is a turnkey cloud service that connects to and guards every i.MX 8ULP-CS device.
It brokers trust, as a certificate authority, for device-to-cloud and device-to-device communication, monitors the
Azure Sphere ecosystem to detect emerging threats and provides a secured conduit for delivering automated
application and OS updates. With this secured channel, Azure Sphere provides the infrastructure to securely and
reliably update the firmware for devices in the field. The Azure Sphere Security Service brings the rigor and scale
of Microsoft device, software and cloud security to each i.MX 8ULP-CS device.
"Every Azure Sphere-certified i.MX 8ULP-CS device is supported with ongoing OS and security improvements for over
Ongoing Security Improvements, OS Updates For Over 10 Years
Every Azure Sphere-certified i.MX 8ULP-CS device is supported with ongoing OS and security improvements for over ten
years. Our team of Microsoft security experts provides ongoing security monitoring of the full Azure Sphere
ecosystem to identify new types of attacks and emerging security vulnerabilities. We then proactively upgrade our
operating system on each device and cloud service to mitigate against those new threats. We continually deploy OS
and security updates to every i.MX 8ULP-CS device, globally, without disrupting the device. We are fighting a
sophisticated security battle—at scale—so that customers don’t have to.
Security. Productivity. Opportunity.
The Azure Sphere-certified i.MX 8ULP-CS will unleash innovation for customers across industries as they create new
devices and experiences that are also highly secured. To simplify and accelerate the process of developing and
maintaining applications at scale on i.MX 8ULP-CS devices, we support several development environments, including
Visual Studio on Windows and Visual Studio Code on Windows or Linux. The Visual Studio extension for Azure Sphere
provides the most advanced tools for authoring code, integrated debugging and developer collaboration so that
developer teams can focus their efforts on the value they want to create. We also provide support for continuous
integration of Azure Sphere projects in GitHub Actions, or the system of your choice, with our official container
Organizations of any size can pursue IoT development with the confidence that NXP and Microsoft have laid out a
foundation of security and that Azure Sphere is actively working to maintain and improve the security of every i.MX
8ULP-CS device over time. By providing chip-to-cloud security for your devices—at scale—Azure Sphere can help
customers untether productivity; freeing your teams to focus on opportunities to achieve more.
Our collaboration with NXP on the development of this first chip is an important milestone that demonstrates our
continued commitment to provide choice and flexibility to customers backed by the best in IoT security. The i.MX
8ULP-CS will be available for private preview later this year and will be generally available in 2022.
To learn more about Azure Sphere
To learn more about i.MX 8ULP-CS
For sales inquiries regarding the i.MX 8ULP-CS, please contact Naama Bak.