ARM mbed

IoT Device Platform

June 2017
Why ARM in IoT?
ARM mbed IoT Device Platform

3
IoT deployments are starting to scale out
2016 mbed device software and services deployment highlights

4
 mbed Cloud
Trust in the Internet of Things

29.12.2019 5
The Chain of Trust
Requirements
Connecting chip to cloud

7
 mbed security architecture
mbed security architecture
Cloud application platforms

Lifecycle Data Flow Management Deployment Management

security
Connectivity Provisioning Update
mbed TLS
Service Service Service
mbed Cloud
Communication Service
security Connectivity Provisioning Update
mbed TLS
Client Client Client mbed OS

mbed uVisor
Device Crypto TL Conn TL Prov TL Update TL
security
Device Hardware

18 ©ARM 2015 CONFIDENTIAL

mbed Cloud: Trust built in from development to deployment

29.12.2019 9
mbed Cloud Update

 Secure updates of device firmware

 Cost-effective sucre and reliable software update
 Ensuring long product lifetime
 Key features
 End-to-end update orchestration – Managing and monitoring
the update process
 Fail safe protection from accidental updates and recovery
from failed update
 Secure authenticity, integrity and confidentiality firmware
protection
 Flexible workflow support
 Separate publication, distribution and application flows,
 Broadcast and mesh network friendly
10
 mbed OS 5
Unified security and connectivity

29.12.2019 11
mbed OS 5
A platform OS for IoT devices

12
mbed OS stack
mbed OS - Licensing
mbed OS core

 Enables application and component libraries to work unchanged across MCUs

 Provides portability for developers and helps to deliver network effects for
contributors

 Consistent boot and C/C++ runtime across MCUs

 Including support across different toolchains, std library integrations

 RTOS kernel
 Built on the established, widely used, open source CMSIS-RTOS RTX
 Very small kernel optimised for constrained memory devices

 Peripheral driver APIs

 Common Driver APIs for all common peripherals, supported across all
MCUs
mbed OS 5 - mbed RTOS

 Includes CMSIS-RTOS RTX

 Based on the Keil RTX Real-Time Operating System
 Multi-Thread & pre-emptive scheduler

 mbed RTOS is a C++ wrapper over the Keil RTX code

 Thread
 Mutex
 Semaphores
 Queue and MemoryPool
 Mail
 RTOS Timer
 ISR
mbed OS 5 - Event Queue

 The mbed-events internal library provides a flexible queue for scheduling events
 Can be initialized within an mbed RTOS task
 Available functions for easily composing independent event queues
 Thread & IRQ safe

 mbed-events library can

 Act as drop-in scheduler
 Provide synchronization between multiple threads
 Act as a mechanism for moving events out of interrupt contexts.

 Targeting power constrained applications

mbed OS - mbed library internals
mbed API / mbed HAL

 mbed library provides abstractions for the

microcontroller (MCU) hardware
 mbed API is providing the actual friendly, object
oriented API to the final user.
 Target independent HAL API is our foundation for the
mbed target independent library
 CMSIS-CORE headers provides a suitable data
structure to access these low level CPU registers
 mbed OS
Networking

29.12.2019 19
mbed OS Connectivity

 Supports broad range of IoT connectivity

 mbed Partner & Community contributions

 Development Hardware
 Software Libraries
 Tutorials and Examples
 Commercial Products and Support

 Future standards on the radar

 Next-gen Industrial 802.15.4 Mesh
 NB-IoT
BLE
 BLE has huge potential beyond its current application areas
 Trusted robust radio, low cost chips, roadmap to longer
range and IP

 mbed OS has established BLE APIs, already used widely and

successfully
 Added support for RTOS, portability across different vendors
 Examples demonstrating functionality e.g. Google
Eddystone

 Expanding support for BLE across more platforms

 ST Bluetooth already supported
Wi-Fi

 Support for integrated Wi-Fi modules

 Working with partners to support Wi-Fi chipsets and
stacks

 Supports MAC and Network Processor integration

 Flexibility in supported architectures

 Preferred modules include both Wi-Fi+BLE

 Enables use of BLE for side-band configuration and
control
 Maybe SoC or Wi-Fi/BLE MCU chipset
 e.g. ODIN-W2 module based on chipset solution
mbed 6LoWPAN

 6LoWPAN can be utilized in big commercial

networks where can be several hundres of
nodes

 Network archictecture supports also very

deep networks, where hop count can be over
15

 mbed 6LoWPAN stack is currently used in

large commercial networks with +800 nodes
Thread

 A secure wireless mesh network technology for home and

beyond – analogous to Wi-Fi
 Thread is a network and transport level stack
 Thread is “application-layer agnostic”
 Thread can support multiple application layers

 Built on proven, existing internet technologies

 mbed Thread stack provides leading support

built into mbed OS
Thread Technical Features

 Direct addressability – device-to-device, device-to-application, device-to-cloud

 Battery operated devices with years of life – door locks, security sensors etc.

 Simple network joining

 Intuitive – no mysterious button sequences or jargon

 Scalable to 250-300 devices per network

 Latency less than 100 milliseconds for typical interactions

 Multiple border routers

 Seamless connectivity to user interaction devices – phone, tablet, wall

controller
mbed OS 6LoWPAN 802.15.4 and Thread

 Continue to lead in Thread implementation and standardisation

 Also supporting generic 6LoWPAN 2.4 and Sub-GHz

 mbed OS 5.1 brings MAC abstractions, simple transceiver support

 Enables easy porting of SoCs and MCU + transceivers to support Thread/6LoWPAN
 Multiple transceivers now working, can be used with any suitable mbed Enabled MCU

 Focus is use in commercial building, industrial and smart city environments

 Border router and early Access Point references available
 Tracking future industrial Thread development
LoRa
 We invested early and have good support for LoRa in mbed
 7 LoRa hardware devices already in platform/component
database
 mbed LoRa examples imported 1000's times
 Planning to increase investment in LoRa with interested
partners

 Raising investment to be #1 LoRa development platform

 mbed OS 5.3: Standard mbed LoRa APIs, examples and
showcase demos
 2017: Services support, widespread deployment of low
cost mbed Enabled modules
 Low-cost modules, support for operator "starter kits",
events and demos
 mbed OS
Security

29.12.2019 28
mbed OS - Security

 The ARM mbed IoT Device Platform addresses

security at multiple layers:

 Communication
 The lifecycle of the device from production,
through deployment, commissioning,
service, and eventual retirement
 The device itself
mbed TLS
 Light-weight open source cryptographic and SSL library written
in C
 Apache 2.0 license, the GPL 2.0 license or under mbed
partnership

 Supports a number of different cryptographic algorithms

 SSL/TLS communication
 TCP/IP communication
 Hashing
 Random number generation (RNG)
 Symmetric cipher (Cipher)
 Public Key cryptography (PK)
 X.509 public key infrastructure (X.509)
What is uVisor?
 Provide modular security blocks for common security problems
 Software security sandbox targeting existing Cortex-M3/M0+ core customers
 Protect secrets and memories from unprivileged or malicious code
 from broken or untrusted code (Stack, Code, RAM, data)
 against leakage of information (Code, Registers, Keys)
 against implementation errors (Stack manipulation)
 Simplify security assessment of embedded devices
 Turn complex security functions into simple and safe API’s: stop people from reinventing broken
wheels (Secure Identity, Firmware over the Air, Encryption, Randomness, Secure
Manufacturing)
 Prepare customers for upcoming v8-M security concepts based on ARM TrustZone for Cortex-
M processors
 The uVisor Boot Process on ARMv7-M

 uVisor initialized first in boot process

 Private stack and data sections
 Private data sections in flash for storing secrets
 Relocation of interrupts vector table into
secure memory
 Initialization of memory protection unit based
on box ACL’s
 Whitelist approach – only necessary peripherals
are accessible to each box
 Each box has private .bss data and stack
sections
 De-privilege execution, continue boot
unprivileged to initialize C/C++ libraries
 Thank you!

29.12.2019 33
Thread/6LoWPAN Border Router and Access Point

 Reference hardware and software for Border Router and Linux Access Point
Backha
Access Point
ul
Cortex-A Linux
Node IEEE 802.15.4
Configurat
Networ
k
Access Point Reference
ion, UI, IT
(e.g.
Admin
VPN, Ethernet USB I2C
Cellular UART
Border Tunnelling , SPI
IEEE 802.15.4
Router , Ethern ID with
I/O,
Translatio et)
Extras flow
Router n control
Loggin Cellular network
Node IEEE 802.15.4 Firewall
g Cortex-M
DAPLink SW
Border Router
D
UART
SP I2
I C
 Off the shelf solution to connect IPv6 6LoWPAN mesh nodes 2.4GHz
802.15.4 Tx
 Contains both hardware (RPi + RPi HAT) and open source software reference
 Access point is based on OpenWRT
https://developer.mbed.org/platforms/mbed-6LoWPAN-Border-Router-HAT/