Microsoft’s recently announced Internet of Things (IoT) product, the Azure Sphere, is a platform that enables developers to create secure, Internet-enabled devices.
The Azure Sphere module is comprised of a microcontroller, a Linux-based OS, and a cloud-based security service. With many reports of unsecured and vulnerable smart home devices being published at an astounding rate, a board that can take the place of those devices is necessary. The module has 16MB of flash storage, 4MB of SRAM, an Arm Cortex-A7 processor for low-power applications, and two Arm Cortex-M4F processors for real-time processing, along with built-in Wi-Fi and the Microsoft Pluton security subsystem. I/O such as SPI, I2C, and up to 27 GPIO pins allow for other sensors and microcontrollers to be easily interfaced.
Because the Azure Sphere module is cloud-based, applications can be uploaded and run remotely, along with a suite of debugging and logging tools to assist companies in providing better experiences to their end users.
The Azure Sphere departs from its IoT counterparts in a few major ways. Each module has a unique identifier generated by the Pluton security subsystem hardware. This makes the cryptographic key unforgeable and therefore provides a hardware root of trust. The microcontroller has its own set of defenses as well, including hardware firewalls and a sandboxed runtime environment. The system uses cryptographically signed certificates for authentication rather than passwords, making a network-based attack extremely difficult. Lastly, in the event of a breach or other failure, the Azure Sphere device will report operational data to a cloud-based system, letting developers and administrators service them remotely.
These comprehensive security measures, whether in the cloud or the silicon itself, provides a level of defense against attacks that is nearly unparalleled by other IoT devices.
An array of onboard sensors, such as an accelerometer, gyroscope, temperature, and pressure sensor, populate the board as well, allowing for basic environmental measurements.
Installation and Setup
To begin setting up the device, first connect the board via USB to a computer running Windows 10 version 1607 or newer. Upon opening Device Manager, three COM ports should be visible.
Next, install the Azure Sphere software development kit (SDK), which includes the command-line utility, device libraries, and Visual Studio extensions. The installer can be found at https://aka.ms/AzureSphereSDKDownload and it requires a Visual Studio version of either VS 2017 15.9+ or VS 2019 16.04+.
It is necessary to update the Azure Sphere OS after the successful installation of the SDK. To do so, run the Azure Sphere Developer Command Prompt, which is inside the folder Azure Sphere in the Start Menu.
Then run the command azsphere device show-ota-status to check the OS version. If it shows an unknown, deprecated, or TP release, the command azsphere device recover must be run to update it.
In order to use the Azure Sphere, a user must be logged in to the cloud service. Since the Azure Sphere uses the Azure Active Directory (AAD), a Microsoft work or school account is needed. To check if a given account works, run azsphere login in the Azure Sphere Developer Command Prompt. If login fails, a different account is necessary. For instructions on creating a new account to use with Azure Sphere, visit Microsoft’s page.
Once logged in, the device needs to be claimed. Claiming an Azure Sphere device is permanent, which means that even if a device is sold or transferred, the account used to claim it can never be changed. If you are the first in an organization to sign-in, a new tenant must be created first. That is done by running azsphere tenant create — name . It is recommended that only one tenant should be created per organization. Run the command azsphere device claim after selecting a tenant to claim that device. After running this, the device will be unable to be moved to another tenant. For more information about tenants, visit https://docs.microsoft.com/en-us/azure-sphere/install/limit-tenant-access.
After the device has been claimed, a Wi-Fi connection must be setup. Running azsphere device wifi add — ssid — key adds new Wi-Fi credentials, where yourSSID is the network name and yourNetworkKey is the network password. The Azure Sphere does not support WEP or hidden networks, and SSIDs are case-sensitive. Use azsphere device wifi show-statusto check if the connection was successful.
By default, Azure Sphere devices are configured to be in a “locked” state, which means that applications cannot be loaded and debugging functions are disabled. Running the command azsphere device prep-debug unlocks the device.
To begin programming, select the sample blink program from the list of Azure Sphere example applications. Once main.c has loaded, click View > Output to open the output window. After ensuring the Azure Sphere board is connected, select Remote GDB Debugger from the menu bar.
Once prompted, select yes to build the application. It then gets compiled and sideloaded (flashed over USB rather than Over-The-Air) onto the Azure Sphere device. A blinking LED should be visible if the application was successfully flashed.
Microsoft’s Azure Sphere is a great platform to build IoT devices with security as a key feature, not an afterthought. With three powerful Arm Cortex processors, 16MB of flash storage, and 4MB of SRAM, almost any embedded project is possible.
Ready to get your hands on Azure Sphere MT3620 Starter Kit? We’re giving 20,000 of them away. Request yours now!