Linux Inside Azure Sphere on the Horizon

Azure Sphere will be generally available in Feb 2020, Microsoft announced at the IoT Solutions World Congress on Monday. Its scheduled arrival highlights Microsoft’s readiness to fulfill its promise for better Internet of Things device security at scale, company officials said.

Microsoft first introduced Azure Sphere in 2018, opting to use its own version of a Linux operating system instead of Windows 10 to drive its new Azure Sphere OS to securely connect Internet of Things devices.

Security is one of the leading barriers to IoT adoption. Microsoft hopes to lock down IoT device security with its cloud-based delivery solution.

The number of connected devices is expected to reach 20 billion in 2020.

Microsoft expects IoT adoption to accelerate to provide connectivity to hundreds of billions of devices. Such massive growth would increase the stakes for unsecured devices.

Enterprise customers would buy at least 70 percent more IoT devices if their concerns about cybersecurity were addressed, suggests research from Bain & Company.

Microsoft sees its mission as empowering organizations to create and connect secure, trustworthy IoT devices in order to encourage innovation.

Azure Sphere is a platform connecting microcontroller units embedded within IoT devices connected to the cloud. The platform operates a new MCU crossover class that combines both real-time and application processors with built-in Microsoft security technology and connectivity. Each chip includes custom silicon security technology Microsoft developed.

“The Azure Sphere system leverages IoT security by embedding hardened chips with a Linux OS, building in security to the devices’ manufacturing rather than making it an afterthought,” noted Gabe Turner, director of content at Security Baron.

The chip is an extension of the i.Mx8 applications processor series optimized for power and performance, specifically for artificial intelligence graphics and an improved user interface experience overall, he told LinuxInsider.

The new Azure Sphere-certified chips are based on Microsoft’s 15 years of experience with Xbox, to secure this new class of MCUs and the devices they power.

High Impact for IoT Security

In essence, with Azure Sphere Microsoft is productizing security for IoT-enabled or connected devices, said Charles King, principal analyst at Pund-IT.

Since the platform includes a custom microcontroller, a high-level operating system, and a services platform, manufacturers can use Azure Sphere to enable and support IoT functions in a wide variety of products, from smart speakers to major appliances to factory equipment, he noted.

“That should improve the value, safety and security of those products and make them more attractive to consumers and businesses,” King told LinuxInsider.

Given Microsoft’s size and market footprint, Azure Sphere may help bring some order to an IoT market that is complex and somewhat fractious, especially when it comes to security products and protocols, he suggested. Over time, manufacturers and developers may come to see Azure Sphere as a safe choice for securely enabling IoT.

Linux Leverage

Azure Sphere leverages a custom Linux-based kernel. The kernel runs in supervisor mode, along with a boot loader, and is tuned for the flash and RAM capabilities of the Azure Sphere MCU.

The kernel provides a surface for preemptable process execution, and the driver model exposes MCU peripherals to OS services and applications. Its relative lightness and ability to support targeted processes make Linux a great choice for Azure Sphere, King pointed out.

Silicon Delivers

Microsoft plans to deliver on its Azure Sphere mission through several strategic investments and partnerships. Partnering with silicon leaders is a key part of that plan.

The company has forged three key partnerships to lock down IoT security:

  • MediaTek’s MT3620, the first Azure Sphere certified chip produced, is designed to meet the needs of the more traditional MCU space, including in WiFi-enabled scenarios.
  • NXP Semiconductors delivered a new Azure Sphere certified chip as an extension of its i.MX 8 high-performance applications processor series optimized for performance and power, to bring greater compute capabilities that support advanced workloads from artificial intelligence and graphics.
  • Qualcomm delivered the first cellular-enabled Azure Sphere chip With ultra-low-power capabilities for greater freedom to securely connect anytime, anywhere.

Hardware Connectivity

A diverse hardware ecosystem will simplify the process of connecting enterprise equipment, noted Microsoft. Guardian modules will make it easier to bring existing hardware online without risking and jeopardizing mission-critical equipment. Guardian modules plug into existing physical interfaces on equipment and can be deployed with common technical skill sets that require no device redesign.

The deployment is fast, does not require equipment to be replaced before its end of life, and quickly pays for itself, according to Microsoft. The first guardian modules are available from Avnet and AI-Link.

Using the right developer tools for better apps helps solve IoT connectivity issues. Microsoft began that effort last month when it released its SDK preview for Visual Studio. Microsoft soon will have an SDK for Linux and support for Visual Studio Code.

The company has made it quicker and simpler to develop, deploy and debug Azure Sphere apps since then. A set of samples and solutions on GitHub provide easy building blocks for developers to get started.

Microsoft is working on ways to help manufacturers secure and service their connected devices by leverage existing code running on a Real-Time Operating Systems (RTOS) or bare-metal. One approach is to enable the M4 core processors embedded in the MediaTek MT3620 chip.

This makes it easy to enhance MCU code to send and receive data via the protection of a partner app running on the Azure Sphere OS. It can be updated seamlessly in the field to add features or to address issues.

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open source technologies. He has written numerous reviews of Linux distros and other open source software.Email Jack.


  • I have no problem with a difficult distro, as long as they state the level of expertise on their page. If it is a beginner distro, state that, if an expert distro, make that perfectly clear. Some Linux users want problem free computing, other enjoy problem solving (tearing their hair out!). Hey,that is what Linux is about, choice.

  • Hello, Matas here. The author and maintainer of Dragora.

    Looking for news about Dragora’s recent beta release, I came to your review.

    I was reading your article…

    You have to know and understand that this is a development version, as I said in the ad has many things missing. Perhaps I could have been more honest in the sense of mentioning that it lacks a web browser (among other things). But I was afraid that if, while writing this, nobody wanted to try it.

    Let me tell you that Dragora is a distribution that I started in 2007, since then I’m focused on the project, mainly development. I do it selflessly, voluntarily and I don’t earn enough money to support my family doing Dragora. This does not detract from the fact that I have my reasons to carry it out with all the effort and sacrifice involved in making or maintaining a distribution from scratch…

    Regarding the installer, I’m surprised that it says that once the distribution is installed, it doesn’t offer the package manager…

    I know that the page does not offer much information at the moment, nor is it super updated. This is something that I want to improve, but I have to devote a lot of time apart, leaving aside the development. This is something that I have in progress (slow but sure).

    It gave me a bit of laughter when you mention that you remembered the startx command, it is evident that you use distributions that have many things abstracted. I’m not against there being a distribution or a system where you press a button and magically everything happens marvelously, but what is the cost of abstracting all these layers to be able to offer such a thing to the user? I think it becomes more complex, also more likely to errors and insecurity. Not to go too far from the subject, the main reason why Dragora doesn’t start with a graphical environment initially is because it uses the kernel or the version of the Linux-libre project (GNU Linux libre). It is likely that if you do not have hardware compatible with this, it may not work. So booting directly into the environment can be really frustrating leaving the user not knowing what to do.

    Know that this is a development version, although Xfce was introduced, it is not completely complete, so you will already open it…

    On the terminal emulator, only xterm and st are included at the moment. It is also true that you can offer the option to install Dragora when the initial screen appears, without having to start the session live.

    You are hard because you became capricious and pampered by what distributions offer today. I’m not saying it’s wrong, but at least you can try to be a little more positive in the articles you write as to try to help a free software project. Let it be understood and I repeat that we are talking about a "beta" version, a category that is called or it is understood that there are things pending to be done. It is also wrong to use the term "Linux", since it refers to only one kernel, you the "great journalist".

    I will try to improve but I also want to add that if you or your readers see that a certain project (a free software in this case) does not have X, Y, or X.. instead of merely "complaining" you or your readers can try to contribute, in this case, Dragora’s doors are open. Finally, I don’t do Dragora because "it’s my distro". On the contrary, I never saw it as something mine alone, I try to do my bit to improve the world as much as possible.

  • What. Why in the hell would expect a minimal build-it-yourself distros to load into a DE straight away? How is lack of terminal emulator a problem when you can just change tty?

    I mean, there’s no reason to use this distro over arch or gentoo if you want well documented build-your-own-Linux experience, or you know, something that doesn’t state not being user friendly as it’s entire purpose, if you want to boot into GUI and have a GUI package manager.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Jack M. Germain
More in Software

When a website asks me to accept or decline cookies, I...
Loading ... Loading ...

LinuxInsider Channels