ARM mbed IoT Device Platform June 2017
Why ARM in IoT?
ARM mbed IoT Device Platform
IoT deployments are starting to scale out 2016 mbed device software and services deployment highlights
mbed Cloud Trust in the Internet of Things 06.11.2018
The Chain of Trust Requirements
Connecting chip to cloud
mbed security architecture
mbed Cloud: Trust built in from development to deployment 06.11.2018
mbed Cloud Update Secure updates of device firmware Cost-effective sucre and reliable software update Ensuring long product lifetime Key features End-to-end update orchestration – Managing and monitoring the update process Fail safe protection from accidental updates and recovery from failed update Secure authenticity, integrity and confidentiality firmware protection Flexible workflow support Separate publication, distribution and application flows, Broadcast and mesh network friendly
mbed OS 5 Unified security and connectivity 06.11.2018
mbed OS 5 A platform OS for IoT devices
mbed OS stack This slide animates Focus on the key blocks that are changing. The solid white lines represent what is planned for Q2 release, dotted lines represent future roadmap. Refer to FAQs. Pls take note of the questions on this slide and report them over to Bee, PE contact and Paul Bakker. Some FAQs - Q. Will yotta be supported? Code base will be available for the next 6 months but it wont be supported. We do not know if yotta as a tool will be maintained, we will update as soon as we have a resolution.
mbed OS - Licensing We’ve worked with our partners to come up with an overall licensing structure that balances everyone’s needs. mbed OS is free and open source for all developers. Some components in the driver layer are distributed as binaries but we make source code available to mbed partners whenever possible. Thread is an example of such a component.
mbed OS core Enables application and component libraries to work unchanged across MCUs Provides portability for developers and helps to deliver network effects for contributors Consistent boot and C/C++ runtime across MCUs Including support across different toolchains, std library integrations RTOS kernel Built on the established, widely used, open source CMSIS-RTOS RTX Very small kernel optimised for constrained memory devices Peripheral driver APIs Common Driver APIs for all common peripherals, supported across all MCUs
mbed OS 5 - mbed RTOS Includes CMSIS-RTOS RTX Based on the Keil RTX Real-Time Operating System Multi-Thread & pre-emptive scheduler mbed RTOS is a C++ wrapper over the Keil RTX code Thread Mutex Semaphores Queue and MemoryPool Mail RTOS Timer ISR HAL – mbed has a long time nice HAL but we are investing heavily on it to support for fine grain power control .. And that will be one of the SW components that will be avilable in first alpha release.
mbed OS 5 - Event Queue The mbed-events internal library provides a flexible queue for scheduling events Can be initialized within an mbed RTOS task Available functions for easily composing independent event queues Thread & IRQ safe mbed-events library can Act as drop-in scheduler Provide synchronization between multiple threads Act as a mechanism for moving events out of interrupt contexts. Targeting power constrained applications
mbed OS - mbed library internals mbed API / mbed HAL mbed library provides abstractions for the microcontroller (MCU) hardware mbed API is providing the actual friendly, object oriented API to the final user. Target independent HAL API is our foundation for the mbed target independent library CMSIS-CORE headers provides a suitable data structure to access these low level CPU registers HAL – mbed has a long time nice HAL but we are investing heavily on it to support for fine grain power control .. And that will be one of the SW components that will be available in first alpha release.
mbed OS Networking 06.11.2018
mbed OS Connectivity Supports broad range of IoT connectivity mbed Partner & Community contributions Development Hardware Software Libraries Tutorials and Examples Commercial Products and Support Future standards on the radar Next-gen Industrial 802.15.4 Mesh NB-IoT
BLE BLE has huge potential beyond its current application areas Trusted robust radio, low cost chips, roadmap to longer range and IP mbed OS has established BLE APIs, already used widely and successfully Added support for RTOS, portability across different vendors Examples demonstrating functionality e.g. Google Eddystone Expanding support for BLE across more platforms ST Bluetooth already supported
Wi-Fi Support for integrated Wi-Fi modules Working with partners to support Wi-Fi chipsets and stacks Supports MAC and Network Processor integration Flexibility in supported architectures Preferred modules include both Wi-Fi+BLE Enables use of BLE for side-band configuration and control Maybe SoC or Wi-Fi/BLE MCU chipset e.g. ODIN-W2 module based on chipset solution
mbed 6LoWPAN 6LoWPAN can be utilized in big commercial networks where can be several hundres of nodes Network archictecture supports also very deep networks, where hop count can be over 15 mbed 6LoWPAN stack is currently used in large commercial networks with +800 nodes
Thread Thread is a network and transport level stack A secure wireless mesh network technology for home and beyond – analogous to Wi-Fi Thread is a network and transport level stack Thread is “application-layer agnostic” Thread can support multiple application layers Built on proven, existing internet technologies mbed Thread stack provides leading support built into mbed OS
Thread Technical Features Direct addressability – device-to-device, device-to-application, device-to-cloud Battery operated devices with years of life – door locks, security sensors etc. Simple network joining Intuitive – no mysterious button sequences or jargon Scalable to 250-300 devices per network Latency less than 100 milliseconds for typical interactions Multiple border routers Seamless connectivity to user interaction devices – phone, tablet, wall controller
mbed OS 6LoWPAN 802.15.4 and Thread Continue to lead in Thread implementation and standardisation Also supporting generic 6LoWPAN 2.4 and Sub-GHz mbed OS 5.1 brings MAC abstractions, simple transceiver support Enables easy porting of SoCs and MCU + transceivers to support Thread/6LoWPAN Multiple transceivers now working, can be used with any suitable mbed Enabled MCU Focus is use in commercial building, industrial and smart city environments Border router and early Access Point references available Tracking future industrial Thread development
LoRa We invested early and have good support for LoRa in mbed 7 LoRa hardware devices already in platform/component database mbed LoRa examples imported 1000's times Planning to increase investment in LoRa with interested partners Raising investment to be #1 LoRa development platform mbed OS 5.3: Standard mbed LoRa APIs, examples and showcase demos 2017: Services support, widespread deployment of low cost mbed Enabled modules Low-cost modules, support for operator "starter kits", events and demos
mbed OS Security 06.11.2018
mbed OS - Security The ARM mbed IoT Device Platform addresses security at multiple layers: Communication The lifecycle of the device from production, through deployment, commissioning, service, and eventual retirement The device itself
mbed TLS Light-weight open source cryptographic and SSL library written in C Apache 2.0 license, the GPL 2.0 license or under mbed partnership Supports a number of different cryptographic algorithms SSL/TLS communication TCP/IP communication Hashing Random number generation (RNG) Symmetric cipher (Cipher) Public Key cryptography (PK) X.509 public key infrastructure (X.509) SSL/TLS - provides the means to setup and communicate over a secure communication channel using SSL/TLS. Its basic provisions are: Initialize an SSL/TLS context. Perform an SSL/TLS handshake. Send/receive data. Notify a peer that a connection is being closed. TCP/IP module provides a generic communication channel. It provides the following basic functions: Setup a connection Send/receive data Close a connection Hashing module provides one-way hashing functions. Hashing functions are used to create a fixed-length representation of a block of data so that when the data changes the hash value does not match. The hash value is also known as a (message) digest. Random number generator (RNG) module provides a function for random number generation. Cipher module provides symmetric encryption and decryption using some chosen ciphers in a generic way. Public Key module provides asymmetric cryptography functions that are mainly used for: Public/private keypair generation. Parsing and writing keys. Key exchange. Message signing and verification. Message encryption/decryption. X.509 module provides the structures and functions to manage X.509 certificates.
What is uVisor? Provide modular security blocks for common security problems Software security sandbox targeting existing Cortex-M3/M0+ core customers Protect secrets and memories from unprivileged or malicious code from broken or untrusted code (Stack, Code, RAM, data) against leakage of information (Code, Registers, Keys) against implementation errors (Stack manipulation) Simplify security assessment of embedded devices Turn complex security functions into simple and safe API’s: stop people from reinventing broken wheels (Secure Identity, Firmware over the Air, Encryption, Randomness, Secure Manufacturing) Prepare customers for upcoming v8-M security concepts based on ARM TrustZone for Cortex- M processors
The uVisor Boot Process on ARMv7-M uVisor initialized first in boot process Private stack and data sections Private data sections in flash for storing secrets Relocation of interrupts vector table into secure memory Initialization of memory protection unit based on box ACL’s Whitelist approach – only necessary peripherals are accessible to each box Each box has private .bss data and stack sections De-privilege execution, continue boot unprivileged to initialize C/C++ libraries
Thank you! 06.11.2018
Thread/6LoWPAN Border Router and Access Point Reference hardware and software for Border Router and Linux Access Point Off the shelf solution to connect IPv6 6LoWPAN mesh nodes Contains both hardware (RPi + RPi HAT) and open source software reference Access point is based on OpenWRT https://developer.mbed.org/platforms/mbed-6LoWPAN-Border-Router-HAT/ Access Point Border Router Backhaul Network (e.g. Cellular, Ethernet) Router Node Configuration, UI, IT Admin VPN, Tunnelling, Translation Firewall Logging I/O, Extras Node IEEE 802.15.4 Ethernet Cellular network Cortex-M Border Router 2.4GHz 802.15.4 Tx DAPLink ID UART SWD UART with flow control SPI I2C USB Cortex-A Linux Access Point Reference