Products       Learn       Buy       Support       Company
  Home > Products > SecureSMX
  SecureSMX®  Secure RTOS

What is the Problem?

Currently cyber criminals are exploiting the low-hanging fruit of email phishing and similar methods to break into computer systems. However these vulnerabilities are being closed off. Soon these bad actors will be forced to start breaching unprotected embedded and IoT devices. This may not become a big problem for a few more years. However now is the time for forward-looking companies to take action. Once your device has been hacked it is too late to avoid the negative consequences.

What is Our Solution?

We have recently released a new RTOS which provides a high-level of security for embedded and IoT devices. It is called SecureSMX®, and it is aimed at microcontroller systems based upon the Arm Cortex-M architecture v7 and v8. It contains many innovative, patented solutions.

How Does It Work?

SecureSMX enables dividing an application into fully isolated partitions. Should a bad actor gain access to one partition, he or she cannot access other partitions. In addition, strong limits are applied to partitions such that bad actors cannot bring down the rest of the system through stratagems such as infinite loops or using up system resources. Security is further strengthened by putting critical resources below the pmode barrier (see diagram) and keeping vulnerable resources above the barrier.

Does It Support Existing Systems?

Yes. SecureSMX is specifically designed to enable moving vulnerable code into isolated partitions above the pmode barrier. A series of demos showing this process are posted below. Mission-critical and other code continue to run, as is, with little or no modification. Code moved into isolated partitions also requires little modification. SecureSMX fosters an iterative process where device security can be slowly improved over a period of time. Even if a device cannot be upgraded, once shipped, if it has a long lifetime ahead, it makes sense to start shipping less vulnerable devices.

What About New Systems?

SecureSMX supports frameworks. These start with determining what modules are needed and how they must interconnect. Then a framework is built where each module is placed inside of an isolated partition, its estimated size is emulated with an array, and its estimated processor usage is emulated with a loop. Interconnections are emulated with generic portals and some stub code. The entire framework will run by itself, emulating the final system. Individual developers can work on their modules and continuously test them within the full framework environment. The framework approach supports modern programming techniques such as Agile and CI/CD. As portals are fleshed out, misunderstandings are ironed early in the project. The net result is a rugged system with built-in security and delivered on time!

What Is Included In SecureSMX?

SMX is a rich RTOS with considerable functionality and with many security and reliability features built in, such as parameter testing, event monitoring, error management, function callbacks, etc. It is not a new RTOS. It has been used in hundreds of devices since 1989.

SecureSMX runs on top of SMX and includes innovative features to efficiently utilize the v7 and v8 MPUs and Cortex-M in order to enable truly isolated partitions, runtime limiting, resource control via tokens, moving ISR code into umode partitions, and numerous other features. SecureSMX is designed for high flexibility, which allows applying security features only where needed, and it provides alternative methods for achieving security objectives.

smxAware is an RTOS plug-in for the IAR C-SPY debugger. It not only provides in-depth support for SMX, but it also permits viewing MPAs and MPUs conveniently.

MpuMapper creates a map showing what partitions variables and functions are in. This is very helpful during debugging.

MpuPacker facilitates getting the most efficient ordering of region blocks in memory for Cortex-v7M processors.

FreeRTOS and ThreadX ports facilitate moving applications from these RTOSs to SMX in order to utilize SecureSMX security features.

SecureSMX User's Guide, smx User's Guide, and smx Reference Manual. Each of these 200+ page, carefully-written manuals provides a wealth of accurate information. In addition manuals are available for smxAware, smxBase, eheap, target guide, and others. These can be freely downloaded, except SecureSMX, which must be requested.

  • Add high security to microcontroller designs.
  • Existing designs: Upgrade security by incrementally isolating vulnerable code in unprivileged mode (umode) with little or no change to trusted code.
  • New designs: Create security frameworks that bake in high security and enforce good coding practices to accelerate development and testing.
  • Isolated partitions block hacker malware from accessing critical code and data.
  • Partition limitations prevent system damage from malware inside of hacked partitions.
  • Mission-critical code is protected in privileged mode (pmode) by the pmode barrier.
  • Partition-only recovery or disable permits the main system to continue operating when the partition has been hacked.
  • Partition-only updates minimize exposure of critical software during updates.
  • Security extended to other RTOSes via porting layers.


Please contact for licensing and pricing information.


SecureSMX Partition Demos (pd0-pd4)

Series of demos that shows how to create an isolated partition in pmode and then move it to umode, following the included guide. Intended to provide a quick introduction to SecureSMX and how to use it.

SecureSMX User's Guide Table of Contents


Patching vs. Isolating Vulnerabilities

One and Done Security

Secure RTOS Enables High Security for Microcontroller Systems

     back to top
  Register for More Info
  Get SecureSMX News

Achieving Device Security ebook

Partition Demos Download

User's Guide TOC


Is Your Thing in Danger?
Embedded devices added to the Internet are in danger of being hacked if they are not protected. Read More

Where's the Gold?
SecureSMX partitioning stops hackers dead in their tracks. Read More

What's in Your Soup?
SOUP can be put into an isolated partition to protect the rest of the system. Read More

FreeRTOS Security? Not to Worry
FRPort enables FreeRTOS applications to be ported to SecureSMX. Read More

Uptown to Umode
Unprivileged mode provides the strongest protection against hacking. Read More

Get Along Little Dogies
Corralling CWEs with SecureSMX provides strong protection. Read More

Learn how to use SecureSMX to partition embedded and IoT devices. Read More
Home       Sitemap       Contact