Follow me on Twitter @dglover
|Author||Dave Glover, Microsoft Cloud Developer Advocate|
|Target Platform||Azure Sphere MT3620|
|Target Service||Azure IoT Central|
|Developer Platform||Windows 10 or Ubuntu 18.04/20.04|
|Azure SDK||Azure Sphere SDK 20.11 or better|
|Developer Tools||Visual Studio (The free Community Edition or better) or Visual Studio Code (Free OSS)|
|Supported Hardware||Avnet Azure Sphere MT3620 Starter Kit Seeed Studio Azure Sphere MT3620 Development Kit and the Seeed Studio MT3620 Mini Dev Board|
|Licence||Review full MIT Licence.|
Learn more about Azure Sphere
Azure Sphere is a comprehensive IoT security solution – including hardware, OS, and cloud components – to actively protect your devices, your business, and your customers.
Azure Sphere is made up of three interrelated components:
- Azure Sphere-certified MCUs
- Azure Sphere OS
- Azure Sphere Security Service
These components are backed by Microsoft best-in-class security experts who monitor emerging threats, design updates and provide a decade of ongoing servicing.
Azure Sphere Developer Learning Path
This Azure Sphere developer learning path is designed to ease you into the world of Azure Sphere development.
Your journey starts with the equivalent of hello world, the next step is sending telemetry to Azure IoT, then you will learn how to securely control a device from Azure IoT, and finally connect and send Azure IoT Events from a FreeRTOS application.
Each lab assumes you have completed the previous lab.
You are also free to use and modify the code provided in this learning path for your projects, commercial or otherwise, no liability accepted.
Learning path overview:
- Lab 0: Lab Set Up
- Lab 1: Introduction to Azure Sphere development
- Lab 2: Connect a room environment monitor to Azure IoT
- Lab 3: Set the room virtual thermostat with Azure IoT Device Twins
- Lab 4: Remote reboot your Azure Sphere with Azure IoT Direct Methods
- Lab 5: Integrate FreeRTOS Real-time room sensors with Azure IoT
- Lab 6: Integrate Azure RTOS Real-time room sensors with Azure IoT
- Lab 7: Connect and control your room environment monitor with Azure IoT
- Develop highly secure IoT solutions with Azure Sphere, Azure RTOS and IoT Central
- Develop highly secure IoT solutions with Azure Sphere, Azure RTOS and IoT Hub
Why Azure Sphere
As billions of new devices are connected, organizations need to secure them to help protect data, privacy, physical safety, and infrastructure. Azure Sphere builds on decades of Microsoft experience in hardware, software, and cloud to provide a turnkey solution for IoT devices. Azure Sphere is secure by design so you can build innovative IoT products that customers can use with confidence.
Why you should care about IoT security
Almost a day doesn't go by without some newsworthy IoT security attack happening, and those are just the ones that make the news cycle. IoT security is fundamental and at the same time often absent from many conversations in the rush to get products to market.
The Seven Properties of Highly Secure Devices is highly recommended to help you understand what is required to mitigate exposure to IoT security issues. This IoT Security whitepaper draws from industry and Microsoft experience.
Here is one of the most unconventional: a fish tank. Not just an ordinary fish tank, mind you, but a high-tech one that featured Internet connectivity. That connection allowed the tank to be remotely monitored, automatically adjust temperature and salinity, and automate feedings.
It also allowed hackers to swipe 10 gigabytes of data from the North American casino that just installed it, according to a report from the threat intelligence experts at Darktrace.
The Growing ecosystem of hardware partners
Get started with Azure Sphere using the prototyping developer kits from Avnet and Seeed Studio. Build solutions with industry standard modules from AI-Link, Avnet, and USI. Internet enable existing equipment with the Avnet Guardian module.
Today the Mediatec MT3620 MCU powers Azure Sphere. The family of certified Azure Sphere MCUs will expand to include offerings from Qualcomm and NXP.
Azure Sphere in Action
This PCB will initially support their parking solution, controlling boom gates and detecting vehicles as well as other monitor and control applications in car parks. However, it will suit any IoT application where monitoring and control of legacy equipment is needed, and is available for third party integrator to purchase.
Building solutions with pre-certified Azure Sphere modules is the fastest way to bring a secure IoT product to market.
Prototype PCB design included here with the permission of Divvy Parking
Starbucks and the Avnet Azure Sphere Guardian Module
Youtube Building Secure IoT Solutions with Azure Sphere
Click on the following image to start watching the introduction session to building secure solutions with Azure Sphere.
Azure Sphere Architecture
The initial release of the Azure Sphere is built on the Mediatec MT3620. This MCU consists of 5 cores. There is a dedicated communications core, a dedicated Security Subsystem core, and three user application cores.
The three applications cores are as follows:
- One ARM Cortex A7 core running Embedded Linux (built with Yokto), exposing a set of POSIX APIs. Developers can build and deploy a High Level application to this core. This core is also responsible for the TrustZone Security Monitor, threat detection reporting, and OS and Application life cycle management.
- Two ARM Cortex M4Fs. Developers can build and deploy Real Time applications to these cores. Real Time applications can be built against the bare metal or built using real time frameworks such as FreeRTOS, and in the future, Azure RTOS.
With Visual Studio you can develop and debug applications running on all three cores. For example, you can simultaneously debug an app running on the A7 core and a M4 core FreeRTOS app.
The MT3620 MCU is also known as a Crossover MCU as it bridges the application world of ARM Cortex A7 with the Real time world of ARM Cortex M4.
Applications on Azure Sphere are locked down by default and you must grant capabilities to the application. This is key to Azure Sphere security and is also known as the Principle of least privilege.
Capabilities, such as access to GPIO pins and network endpoint must be granted to both High Level and Real Time applications. This defends against application bugs and malicious code attacks.
The chip includes a Memory Management Unit (MMU) to provide protected memory address spaces.
Measured boot ensures only signed/certified OS components are loaded as part of the boot sequence.
Only signed and verified apps can run on the microcontroller cores.
Azure Sphere Devices
For simplicity, only the LEDs and sensors built into the Azure Sphere developer boards are used in these labs. These labs do not require any expansion boards or extra sensors.
The following Azure Sphere developer boards are supported by these labs, and for completeness, links to expansion options for each developer board.