Products       Learn       Buy       Support       Company
  Home > Products > SecureSMX
  SecureSMX®  Secure RTOS

SecureSMX®, our next generation, secure RTOS enables OEMs to incorporate effective security protection into their devices within reasonable time and cost constraints. It enables dividing software for Cortex-M microcontroller-based embedded systems into isolated partitions. This achieves high security by limiting hacker invasions so they cannot reach sensitive data, keys, passwords, and other vital information, nor access code or I/O in other partitions. Furthermore, it allows focusing scarce programmer talent on strengthening the most critical partitions. It protects your company and officers with these benefits:

Avoids company and C-suite liability. Failure to demonstrate that a company and its management have taken reasonable steps to avert harm to people and property due to hacking is expected to become a basis for future lawsuits. The reasoning is that hacking has become so prevalent and so well-known that a failure to adopt protective measures against it constitutes negligent behavior. SecureSMX enables OEMs to incorporate effective security protection into their devices within reasonable time and cost constraints.

Allows sales to the Federal Government. The Executive Order on Improving the Nation's Cybersecurity requires Software Bills of Materials (SBoM) for all systems purchased by the Federal Government and its contractors. No longer can weak software hide in obscure devices within large systems. No security, no sale.

Gives a safety net for secure coding techniques. Adhering to standards such as MISRA and writing secure code are laudable and should be done. But how much can you rely on them? It takes only one small flaw in an unpartitioned system to open it up to exploitation. Partitioning greatly limits the scope of the intrusion and reduces the attack surface to a manageable size. It allows focusing secure coding efforts on the most critical partitions.

Gives full hacker protection. The partial isolation offered by other RTOSs does not provide the protection you need. Only fully isolated partitions will stop a hacker. No other RTOS provides the following full set of features necessary to achieve this:

  • Effective privileged mode (pmode) / unprivileged mode (umode) processor control.
  • Efficient, flexible task-based Memory Protection Unit (MPU) control.
  • Software Interrupt (SWI) API for system services.
  • Partition portals for full isolation.
  • Multi-heap support to permit dedicated partition heaps.

Ports from FreeRTOS. Our FRPort porting layer helps migrate FreeRTOS-based systems to SecureSMX. In addition to a major security upgrade, it gives a more powerful kernel and middleware that is superior to free packages and is already integrated and uses portals for full isolation.

Offers a step by step approach for existing systems: First run the entire application in privileged mode (pmode) with the MPU turned on; then put vulnerable code into a pmode partition with its own MPU regions; switch it to use the SWI services interface; create one or more portals for communication with the rest of the system; and finally move the partition into umode, where it is fully isolated from the rest of the system.

Improves system structure. Partitioning software enforces a more disciplined design. This gives better plug-in modularity and offers the possibility to do updates and recovery on a partition basis rather than to the whole system.

SecureSMX partitioning is similar in concept to Arm's Platform Security Architecture (PSA) and can be used with Arm's PSA RoT on Cortex-v8M processors or in place of it on Cortex-v7M processors. The following white papers provide details about how SecureSMX works and how to use it in your system. The full manual is available to qualified prospects under NDA (see below).

Questions are welcome!   714-437-7333


Is Your Thing in Danger?

We have found that through careful, innovative design techniques, IoT software can be divided into isolated partitions that provide strong security against hacker invasions on Cortex-M systems

Read More

Where's the Gold?

Many IoT Things are embedded systems to which networking has recently been added. As such, hackers can overcome the weak defenses of such systems and gain access to critical data. There is a solution to prevent this using SecureSMX.

Read More

What's in Your SOUP?

SOUP (Software of Unknown Pedigree) is often incorporated into embedded system projects due to schedule pressure or lack of in-house expertise. This paper outlines a step-by-step approach using SecureSMX to put SOUP into an isolated partition to protect the rest of your system.

Read More

FreeRTOS Security? Not to Worry

It is now possible to greatly increase the security of FreeRTOS projects by porting them to SecureSMX, which facilitates dividing an application into isolated partitions. This limits a hacker to just the partition entered. This paper shows porting from FreeRTOS to SecureSMX.

Read More

Moving Uptown to Umode

Most software starts off running in privileged mode, but to improve security, it should run in unprivileged mode. This paper shows the steps to achieve this with SecureSMX and discusses tradeoffs.

Read More

Get Along Little Dogies

In a recent report, 918 CWEs have been identified and documented by MITRE, and more are being identified regularly. Granted there are tools and standards to help programmers avoid these weaknesses, but this is a lot to worry about when trying to create and debug software that does something useful. This paper shows an alternate approach using SecureSMX.

Read More

Technical Papers

Achieving Full MCU Partition Isolation

Part 1: Fundamentals

Full partition isolation is the strongest system security for MCUs, because there is very little a hacker can do from inside of a partition that is fully isolated from the rest of the system. This can be achieved using memory protection units (MPUs), but it comes with some difficulty.


Part 2: MPU Management

In this part we get into the details of MPU management, including the relationship between Task Control Blocks (TCBs), Memory Protection Arrays (MPAs), and MPA templates.


Part 3: Heaps

In this part we cover the need for multiple heaps and the heap features that are useful in partitioned embedded systems. The right heap is important for achieving full MCU partition isolation.


Part 4: Portals

In this part we cover the need for portals between partitions in order to achieve full partition isolation. Two types of portals are discussed: free-message portals and tunnel portals. These convert function call APIs to message APIs, to eliminate common regions.


Part 5: Wrap Up

In this part we cover remaining topics to achieve fully isolated partitions, such as SWI API, ISRs, critical sections, memory efficiency, and debugging. It also offers suggestions for chip vendors to improve the MPU hardware.


  SecureSMX User's Guide Peek (Excerpts)

For more information, please register or email
Indicate your interest in SecureSMX. Full documentation will be supplied under NDA to qualified prospects.

Solution Papers


eheap Information and Technical Papers

     back to top
  Register for More Info
  Sign Up for News


SecureSMX User's Guide Peek

eheap  Embedded Heap Papers

eheap vs. dlmalloc

Part 1:  Configuration

Part 2:  Enhanced Debugging

Part 3:  Self-Healing

Home       Sitemap       Contact