Products       Learn       Buy       Support       Company
  Home > Products > SecureSMX
  SecureSMX®  Next Generation RTOS

for ARM Cortex-M Memory Protection Unit

SecureSMX®, our next generation RTOS, enables dividing software for Cortex‑M microcontroller-based embedded systems into isolated partitions. This achieves high security by limiting hacker invasions so they cannot reach sensitive data, keys, passwords, and other vital information, nor access code or I/O in other partitions. Furthermore, it allows focusing scarce programmer talent on strengthening the most critical partitions.

In order to accomplish this, SecureSMX provides the following:

  • Effective privileged mode (pmode) / unprivileged mode (umode) processor control.
  • Efficient, flexible task-based Memory Protection Unit (MPU) control.
  • Software Interrupt (SWI) API for system services.
  • Partition portals for other services.
  • Multi-heap support.

SecureSMX partitioning is similar, in concept, to Arm's Platform Security Architecture (PSA) and can be used with Arm's PSA RoT on Cortex-v8M processors or in place of it on Cortex-v7M processors.


Is Your Thing in Danger?

We have found that through careful, innovative design techniques, IoT software can be divided into isolated partitions that provide strong security against hacker invasions on Cortex-M systems

Read More

Where's the Gold?

Many IoT Things are embedded systems to which networking has recently been added. As such, hackers can overcome the weak defenses of such systems and gain access to critical data. There is a solution to prevent this using SecureSMX.

Read More

What's in Your SOUP?

SOUP (Software of Unknown Pedigree) is often incorporated into embedded system projects due to schedule pressure or lack of in-house expertise. This paper outlines a step-by-step approach using SecureSMX to put SOUP into an isolated partition to protect the rest of your system.

Read More

FreeRTOS Security? Not to Worry

It is now possible to greatly increase the security of FreeRTOS projects by porting them to SecureSMX, which facilitates dividing an application into isolated partitions. This limits a hacker to just the partition entered. This paper shows porting from FreeRTOS to SecureSMX.

Read More

Moving Uptown to Umode

Most software starts off running in privileged mode, but to improve security, it should run in unprivileged mode. This paper shows the steps to achieve this with SecureSMX and discusses tradeoffs.

Read More

Get Along Little Dogies

In a recent report, 918 CWEs have been identified and documented by MITRE, and more are being identified regularly. Granted there are tools and standards to help programmers avoid these weaknesses, but this is a lot to worry about when trying to create and debug software that does something useful. This paper shows an alternate approach using SecureSMX.

Read More

Technical Papers

Achieving Full MCU Partition Isolation

Part 1: Fundamentals

Full partition isolation is the strongest system security for MCUs, because there is very little a hacker can do from inside of a partition that is fully isolated from the rest of the system. This can be achieved using memory protection units (MPUs), but it comes with some difficulty.


Part 2: MPU Management

In this part we get into the details of MPU management, including the relationship between Task Control Blocks (TCBs), Memory Protection Arrays (MPAs), and MPA templates.


Part 3: Heaps

In this part we cover the need for multiple heaps and the heap features that are useful in partitioned embedded systems. The right heap is important for achieving full MCU partition isolation.


Part 4: Portals

In this part we cover the need for portals between partitions in order to achieve full partition isolation. Two types of portals are discussed: free-message portals and tunnel portals. These convert function call APIs to message APIs, to eliminate common regions.


Part 5: Wrap Up

In this part we cover remaining topics to achieve fully isolated partitions, such as SWI API, ISRs, critical sections, memory efficiency, and debugging. It also offers suggestions for chip vendors to improve the MPU hardware.


  SecureSMX User's Guide Peek (Excerpts)

For more information, please register or email
Indicate your interest in SecureSMX. Full documentation will be supplied under NDA to qualified prospects.

Solution Papers

eheap Information and Technical Papers

     back to top
  Register for More Info
  Sign Up for News

SecureSMX User's Guide Peek

eheap  Embedded Heap Papers

eheap vs. dlmalloc

Part 1:  Configuration

Part 2:  Enhanced Debugging

Part 3:  Self-Healing

Home       Sitemap       Contact