Products       Learn       Buy       Support       Company
 
  Home > Products > SecureSMX
   
 
  SecureSMX®  Next Generation RTOS

for ARM Cortex-M Memory Protection Unit


SecureSMX®, our next generation RTOS, enables dividing software for Cortex‑M microcontroller-based embedded systems into isolated partitions. This achieves high security by limiting hacker invasions so they cannot reach sensitive data, keys, passwords, and other vital information, nor access code or I/O in other partitions. Furthermore, it allows focusing scarce programmer talent on strengthening the most critical partitions.

In order to accomplish this, SecureSMX provides the following:

  • Effective privileged mode (pmode) / unprivileged mode (umode) processor control.
  • Efficient, flexible task-based Memory Protection Unit (MPU) control.
  • Software Interrupt (SWI) API for system services.
  • Partition portals for other services.
  • Multi-heap support.

SecureSMX partitioning is similar, in concept, to Arm's Platform Security Architecture (PSA) and can be used with Arm's PSA RoT on Cortex-v8M processors or in place of it on Cortex-v7M processors.



 
Solutions



Is Your Thing in Danger?



We have found that through careful, innovative design techniques, IoT software can be divided into isolated partitions that provide strong security against hacker invasions on Cortex-M systems

Read More



Where's the Gold?



Many IoT Things are embedded systems to which networking has recently been added. As such, hackers can overcome the weak defenses of such systems and gain access to critical data. There is a solution to prevent this using SecureSMX.

Read More



What's in Your SOUP?



SOUP (Software of Unknown Pedigree) is often incorporated into embedded system projects due to schedule pressure or lack of in-house expertise. This paper outlines a step-by-step approach using SecureSMX to put SOUP into an isolated partition to protect the rest of your system.

Read More



FreeRTOS Security? Not to Worry


It is now possible to greatly increase the security of FreeRTOS projects by porting them to SecureSMX, which facilitates dividing an application into isolated partitions. This limits a hacker to just the partition entered. This paper shows porting from FreeRTOS to SecureSMX.

Read More



Moving Uptown to Umode



Most software starts off running in privileged mode, but to improve security, it should run in unprivileged mode. This paper shows the steps to achieve this with SecureSMX and discusses tradeoffs.

Read More



Get Along Little Dogies



In a recent report, 918 CWEs have been identified and documented by MITRE, and more are being identified regularly. Granted there are tools and standards to help programmers avoid these weaknesses, but this is a lot to worry about when trying to create and debug software that does something useful. This paper shows an alternate approach using SecureSMX.

Read More




Technical Papers





Achieving Full MCU Partition Isolation

Part 1: Fundamentals

Full partition isolation is the strongest system security for MCUs, because there is very little a hacker can do from inside of a partition that is fully isolated from the rest of the system. This can be achieved using memory protection units (MPUs), but it comes with some difficulty.

Read More  (embedded.com)

Part 2: MPU Management

In this part we get into the details of MPU management, including the relationship between Task Control Blocks (TCBs), Memory Protection Arrays (MPAs), and MPA templates.

Read More  (embedded.com)

Part 3: Heaps

In this part we cover the need for multiple heaps and the heap features that are useful in partitioned embedded systems. The right heap is important for achieving full MCU partition isolation.

Read More  (embedded.com)

Part 4: Portals

In this part we cover the need for portals between partitions in order to achieve full partition isolation. Two types of portals are discussed: free-message portals and tunnel portals. These convert function call APIs to message APIs, to eliminate common regions.

Read More  (embedded.com)

Part 5: Wrap Up

In this part we cover remaining topics to achieve fully isolated partitions, such as SWI API, ISRs, critical sections, memory efficiency, and debugging. It also offers suggestions for chip vendors to improve the MPU hardware.

Read More  (embedded.com)






  SecureSMX User's Guide Peek (Excerpts)

For more information, please register or email sales@smxrtos.com.
Indicate your interest in SecureSMX. Full documentation will be supplied under NDA to qualified prospects.

Solution Papers






eheap Information and Technical Papers


     back to top
 
  Register for More Info
 
  Sign Up for News
 



SecureSMX User's Guide Peek


eheap  Embedded Heap Papers

eheap vs. dlmalloc

Part 1:  Configuration

Part 2:  Enhanced Debugging

Part 3:  Self-Healing


 
Home       Sitemap       Contact