Products       Learn       Buy       Support       Company
  Home > Products > SecureSMX
  SecureSMX®  Secure RTOS

What is the Problem?

Currently cyber criminals are exploiting the low-hanging fruit of email phishing and similar methods to break into computer systems. However these vulnerabilities are being closed off. Soon these bad actors will be forced to start breaching unprotected embedded and IoT devices. This may not become a big problem for a few more years. However now is the time for forward-looking companies to take action. Once your device has been hacked it is too late to avoid the negative consequences.

What is Our Solution?

We have recently released a new RTOS which provides a high-level of security for embedded and IoT devices. It is called SecureSMX®, and it is aimed at microcontroller systems based upon the Arm Cortex-M architecture v7 and v8. It contains many innovative, patented solutions.

How Does It Work?

SecureSMX enables dividing an application into fully isolated partitions. Should a bad actor gain access to one partition, he or she cannot access other partitions. In addition, strong limits are applied to partitions such that bad actors cannot bring down the rest of the system through stratagems such as infinite loops or using up system resources. Security is further strengthened by putting critical resources below the pmode barrier (see diagram) and keeping vulnerable resources above the barrier.

Does It Support Existing Systems?

Yes. SecureSMX is specifically designed to enable moving vulnerable code into isolated partitions above the pmode barrier. A series of demos showing this process are posted below. Mission-critical and other code continue to run, as is, with little or no modification. Code moved into isolated partitions also requires little modification. SecureSMX fosters an iterative process where device security can be slowly improved over a period of time. Even if a device cannot be upgraded, once shipped, if it has a long lifetime ahead, it makes sense to start shipping less vulnerable devices.

What About New Systems?

SecureSMX supports frameworks. These start with determining what modules are needed and how they must interconnect. Then a framework is built where each module is placed inside of an isolated partition, its estimated size is emulated with an array, and its estimated processor usage is emulated with a loop. Interconnections are emulated with generic portals and some stub code. The entire framework will run by itself, emulating the final system. Individual developers can work on their modules and continuously test them within the full framework environment. The framework approach supports modern programming techniques such as Agile and CI/CD. As portals are fleshed out, misunderstandings are ironed early in the project. The net result is a rugged system with built-in security and delivered on time!

What Is Included In SecureSMX?

SMX is a rich RTOS with considerable functionality and with many security and reliability features built in, such as parameter testing, event monitoring, error management, function callbacks, etc. It is not a new RTOS. It has been used in hundreds of devices since 1989.

SecureSMX runs on top of SMX and includes innovative features to efficiently utilize the v7 and v8 MPUs and Cortex-M in order to enable truly isolated partitions, runtime limiting, resource control via tokens, moving ISR code into umode partitions, and numerous other features. SecureSMX is designed for high flexibility, which allows applying security features only where needed, and it provides alternative methods for achieving security objectives.

smxAware is an RTOS plug-in for the IAR C-SPY debugger. It not only provides in-depth support for SMX, but it also permits viewing MPAs and MPUs conveniently.

MpuMapper creates a map showing what partitions variables and functions are in. This is very helpful during debugging.

MpuPacker facilitates getting the most efficient ordering of region blocks in memory for Cortex-v7M processors.

FreeRTOS and ThreadX ports facilitate moving applications from these RTOSs to SMX in order to utilize SecureSMX security features.

SecureSMX User's Guide, smx User's Guide, and smx Reference Manual. Each of these 200+ page, carefully-written manuals provides a wealth of accurate information. In addition manuals are available for smxAware, smxBase, eheap, target guide, and others. These can be freely downloaded, except SecureSMX, which must be requested.

  • Add high security to microcontroller designs.
  • Existing designs: Upgrade security by incrementally isolating vulnerable code in unprivileged mode (umode) with little or no change to trusted code.
  • New designs: Create security frameworks that bake in high security and enforce good coding practices to accelerate development and testing.
  • Isolated partitions block hacker malware from accessing critical code and data.
  • Partition limitations prevent system damage from malware inside of hacked partitions.
  • Mission-critical code is protected in privileged mode (pmode) by the pmode barrier.
  • Partition-only recovery or disable permits the main system to continue operating when the partition has been hacked.
  • Partition-only updates minimize exposure of critical software during updates.
  • Security extended to other RTOSes via porting layers.


Please contact for licensing and pricing information.


SecureSMX Partition Demos (pd0-pd4)

Series of demos that shows how to create an isolated partition in pmode and then move it to umode, following the included guide. Intended to provide a quick introduction to SecureSMX and how to use it.

SecureSMX User's Guide Table of Contents

Learn how to use SecureSMX to partition embedded and IoT devices.


Is Your Thing in Danger?

We have found that through careful, innovative design techniques, IoT software can be divided into isolated partitions that provide strong security against hacker invasions on Cortex-M systems

Read More

Where's the Gold?

Many IoT Things are embedded systems to which networking has recently been added. As such, hackers can overcome the weak defenses of such systems and gain access to critical data. There is a solution to prevent this using SecureSMX.

Read More

What's in Your SOUP?

SOUP (Software of Unknown Pedigree) is often incorporated into embedded system projects due to schedule pressure or lack of in-house expertise. This paper outlines a step-by-step approach using SecureSMX to put SOUP into an isolated partition to protect the rest of your system.

Read More

FreeRTOS Security? Not to Worry

It is now possible to greatly increase the security of FreeRTOS projects by porting them to SecureSMX, which facilitates dividing an application into isolated partitions. This limits a hacker to just the partition entered. This paper shows porting from FreeRTOS to SecureSMX.

Read More

Moving Uptown to Umode

Most software starts off running in privileged mode, but to improve security, it should run in unprivileged mode. This paper shows the steps to achieve this with SecureSMX and discusses tradeoffs.

Read More

Get Along Little Dogies

In a recent report, 918 CWEs have been identified and documented by MITRE, and more are being identified regularly. Granted there are tools and standards to help programmers avoid these weaknesses, but this is a lot to worry about when trying to create and debug software that does something useful. This paper shows an alternate approach using SecureSMX.

Read More

     back to top
  Register for More Info
  Get SecureSMX News

Achieving Device Security ebook

Partition Demos Download

User's Guide TOC

Home       Sitemap       Contact