Isolated Partitioning of Firmware Improves IoT Device Security

There are two methods for improving IoT device security: secure partitioning and secure coding. The latter seems to have gained favor, not only for cloud software, but also for IoT device firmware. This may be because there has not been an effective firmware partitioning solution for microcontroller-based devices using memory protection units (MPUs). We are … Continue reading Isolated Partitioning of Firmware Improves IoT Device Security

Heap for C++ Partitions

The Problem As embedded systems become more eclectic, they are likely to include third-party C++ code. This is especially true since the third-party code may not have been written for embedded systems. C++ poses a problem for partitioned embedded systems (Ref. 1). As discussed in Ref. 2, it is best to use mutexes for heap … Continue reading Heap for C++ Partitions

Using MpuPacker to Minimize Waste

The Cortex-M v7 MPU requires regions to be a power of two in size and aligned to their size. This can waste a lot of memory if they aren’t ordered efficiently. We developed our MpuPacker utility to help with this by optimizing the ordering and also recommending regions that can be reduced in size or … Continue reading Using MpuPacker to Minimize Waste

Ten Windows

I recently read Viewpoint: IoT and the cybersecurity industry’s hardware blind spot by Shahram Mossayebi. It is well-written and informative. Although the Hardware Root of Trust (HRoT) based upon immutable device identity, as discussed in this article, may be essential, I don’t think it is the complete solution for security of IoT devices. It does nothing … Continue reading Ten Windows

MPU Debugging with smxAware

smxAware was enhanced with new features to help debug issues related to the Memory Protection Unit in SecureSMX systems. These are covered here. The IAR debugger displays the MPU registers like this: RNR can be manually patched to the slot number to view, which then shows the RBAR and RASR values for that slot. A … Continue reading MPU Debugging with smxAware

Blocking USB Threats

Factory threats are escalating at a staggering rate. Honeywell has written a helpful report (Ref. 1) on how USB devices are being used to circumvent the air gap that protects most factories. This is becoming a serious industrial cybersecurity problem. One type of USB device is specifically designed to inject a trojan horse into a … Continue reading Blocking USB Threats

Improving IoT Device Security

I just read a very good article, Supply Chain Security Guidance, by the staff at Finite State, Inc. This article brings home the massive impact upon embedded devices that President Biden’s Executive Order on Improving the Nation’s Cybersecurity will have. I think it is clear from this article that very few existing connected devices are … Continue reading Improving IoT Device Security

MPU Extension

In any real project using a secure RTOS with a Memory Protection Unit (MPU), you are likely to run out of MPU slots for at least some tasks. One group of culprits is peripheral drivers, which tend to require multiple IO regions. If you have only one region to give to your task, you may … Continue reading MPU Extension

To Partition Or Not To Partition

For Secure IoT Devices Most embedded systems that are connected to the Internet, also known as things or devices, are based upon microcontrollers having moderate performance and small to moderate memories. The software or firmware in these devices typically runs on minimal RTOSs with no security protection. All software in such systems is linked into … Continue reading To Partition Or Not To Partition

Get Along Little Dogies

Is it time to herd your CWEs (Common Weakness Enumerations) into a safe coral where they won’t trample your code? In a recent report, 918 CWEs have been identified and documented by MITRE, and more are being identified regularly. Of these, 418 are classified as software weaknesses. Each weakness is described in a separate document, … Continue reading Get Along Little Dogies