Root of Trust

Welcome

Article from Issue 211/2018
Author(s):

Every day, things seem to happen that I never thought I'd see, but one recent announcement was particularly striking if you've been around the FOSS community anytime in the last 20 years: Microsoft just proclaimed they are creating their own custom version of the Linux kernel.

Dear Reader,

Every day, things seem to happen that I never thought I'd see, but one recent announcement was particularly striking if you've been around the FOSS community anytime in the last 20 years: Microsoft just proclaimed they are creating their own custom version of the Linux kernel. A Linux kernel from Microsoft is big news if you remember the old times, when they used to say Linux was a "virus," and they used all their monopoly power in an attempt to squelch and obliterate the Linux menace.

As I write this column, the curious news is trickling out onto the high-tech blogs and news sites. Most of the stories paraphrase or quote from the original announcement in a blog at the Microsoft Azure website [1]. What they are really announcing is a new IoT system with three components:

  • the cloud-based Azure Sphere Security Service
  • a new class of Azure-certified microcontrollers (MCUs) to go in IoT devices
  • Azure Sphere OS, which is actually the Linux kernel with Microsoft modifications

They needed a new operating system for their new IoT environment, and instead of choosing Windows IoT or some spin of their embedded Windows OS, they chose to use Linux instead. Does that mean they admit Linux is better? Not out loud at least: They say Windows IoT is too big to run at the small scale they need for the Azure Sphere environment. (Hmmm … does that seem real, or do you think maybe they think Linux is better?) In any case, Linux is obviously better at scaling down to the size they need.

Is Microsoft part of the team now? Well, before you uncork the champagne, better to look a little deeper. The Azure Sphere program isn't really about selling software; Microsoft's profit model appears to center around the cloud service and the "Azure Sphere Certified" IoT devices. That shouldn't be a surprise to anyone. (If your profit model depends on selling Linux as a software product, you're in a lot of trouble, since most people are giving it away).

But Microsoft has lots of other ways to make money in the Azure Sphere. Cloud services, certification for hardware, consulting … all this does sound a little more like the open source environment, where the software is free and revenue comes from the surrounding services. Open source means open, right? Can anyone get involved with this promising new market?

That's where you have to remember with whom you're dealing. A closer look at the announcement offers a more nuanced view of this brave new space. The Azure Sphere announcement is strongly focused on the topic of security. The term "secure" and "security" appear a total of 35 times in the single blog post announcing the new initiative. It is obvious they plan to use security as a way to help distinguish themselves from other IoT platforms. To find out what they mean by "security," click the link in the announcement that goes to another page entitled "Seven Properties of Highly Secure Devices" [2].

Leading off the list of the properties for secure devices is something they call "Hardware Based Root of Trust." This "root of trust" refers to the work of the Trusted Computing Group (TCG), a consortium started by Microsoft and some hardware vendors several years ago that now consists of around 100 companies. TCG has a standard for the Trusted Platform Module (TPM), which is now included with many computer hardware systems. The TPM theoretically gives the hardware vendor complete control over what software can run on the system.

The result of the TCG controls is that you could have a completely free operating system running in a completely closed, vendor lock-in style computing environment. As a result, TCG and the "Trusted Computing" paradigm has come under fire from many corners of the Free Software community – most colorfully, perhaps, from Free Software Foundation founder Richard Stallman, who refers to "trusted computing" as "treacherous computing" [3].

The fact that Microsoft lists "root of trust" as the first property on their "Seven Properties of Highly Secured Devices" gives the strong impression that they intend to employ TCG technologies to maintain tight control over what software runs in their Azure Sphere IoT system. If so, the question is: Is Azure Sphere an example of Microsoft getting to be more like Linux? Or are they just getting Linux to be more like Microsoft?

Joe Casad, Editor in Chief

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

SINGLE ISSUES
 
SUBSCRIPTIONS
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News