Microsoft's edgy Open Enclave SDK goes cross platform
Arm TrustZone now a thing for Azure IoT Edge devs
Microsoft's Azure IoT team has made available a cross-platform version its Open Enclave SDK with an eye to securing devices at that mysterious entity, the Edge.
These days, Microsoft is all about the Intelligent Edge, where the likes of cameras and sensors lurk. In the past, these devices were relatively simple, with all processing being done on centralised servers.
Microsoft's Azure IoT Edge vision, on the other hand, is geared up toward shovelling more intelligence locally, with Azure AI, services and custom code finding their way onto devices at the Edge where poor connectivity or latency issues might have prevented a constant connection to the cloud.
Hence Intelligent Edge.
However, making these devices smarter increases the risk of tampering. Redmond has pitched Azure Sphere as a way of securing things and making operations more trustworthy at the Edge, but having to build devices with a Sphere-compliant MCU is not always an option which, of course, increases the threat surface.
Engineers striving to stay secure at the Edge need fear no more, however, because Azure is here to save the day. The Azure IoT Edge security manager exists to protect the IoT Edge device by abstracting the secure silicon hardware, and onto this platform Microsoft has welcomed OEMs and their hardware security modules.
However, with the emergence of the Intelligent Edge comes the need to protect the data lurking at the Edge, which complicates matters further. To this end Microsoft launched the Open Enclave SDK a couple of months ago, aimed at creating a single enclaving abstraction for developers building Trusted Execution Environment (TEE)-based apps.
An enclave application has two components: the host, which is untrusted and runs unmodified on the untrusted OS, and the enclave, a trusted component which runs in the protected containers of the TEE. Microsoft refers to the securing of workloads within TEEs as Confidential Computing.
The goal of the SDK is that devs can build once and then deploy over multiple platforms, from cloud to Edge, and on Linux or Windows.
Unfortunately, the first version of the SDK only supported TEE hardware based on the Intel Software Extension Guard (SGX) and Linux. Today's announcement continues the cross-platform vision and allows Azure IoT Edge devs to write Trusted Applications (TA) that root trust in any secure silicon TEE built on the likes of Arm TrustZone, Intel SGX and embedded Secure Elements using Windows or Linux.
Microsoft has also released a preview of the integration of its Azure IoT Edge security manager with Open Enclave. ®