Since the SIGNAL launch announcement of the Twilio Microvisor, where we announced a new approach to delivering the necessary IoT foundational components, a lot has happened.
We announced Microvisor itself back in September as a new IoT Device Builder Platform which leverages the Arm® TrustZone® technology for Cortex®-M processors to offer unmatched IoT security, and provides powerful features such as remote debugging and fail-safe over-the-air (OTA) updates.
We’ve since been working hard on implementing both the device and cloud pieces of the solution as well as speaking with numerous Beta Program applicants to understand their needs and wants. As part of this, we have really started to zone in on the key careabouts when it comes to building secure IoT devices at scale. And today, we’re excited to announce Microvisor will first target the low-power STM32U5 family from STMicroelectronics.
Key IoT considerations for embedded engineers
There is obviously a big need for an approach to IoT that enables device builders to keep control of their device behaviour and application data, rather than needing to fully adopt the ways of an IoT platform. Engineers do not want to make a design decision where they run the risk of being tied in to specific ways of doing things that may in future not meet their business needs.
Directly addressing this and importantly what really makes the Twilio approach different is that Microvisor easily integrates with your OS, existing code, development environment, and toolchain. You can thus add in secure IoT foundation components with only minor code changes. Microvisor adapts to your approach to embedded development, whether it is:
- a custom bare-metal approach
- built on top of an “off the shelf” operating system, e.g., FreeRTOS or Azure RTOS
- using whatever programming language you choose
You can selectively add in the Microvisor features through calling a simple set of device side APIs.
New hardware-level performance and security features
That said, the Microvisor itself does need to run on some specific hardware and at the time of our launch, we could not say which was the first silicon device that we were targeting. During the many partner discussions and initial pilot customer calls that we have had since, I was left with saying things like:
- “an up and coming,"
- "as yet unannounced STM,"
- "ultra low power part,"
- "coming soon,"
We can now share that the first supported MCU that Microvisor will target is the STM32U585 which was announced last week by STMicroelectronics as part of the STM32U5 family press release:
The enhanced performance of this new device enables the Microvisor approach that we have pioneered to exist; in particular, the enhanced cybersecurity. It builds on the cybersecurity focus of the STM32L5 with its Cortex-M33 core that incorporates Arm’s TrustZone® technology and ST-specific security feature set. The new STM32U5 line introduces new and state-of-the-art innovations:
- AES encryption and Public Key Authorization (PKA) are now hardware resistant to side-channel attacks by Differential Power Analysis (DPA)
- Secure data storage with a Hardware Unique Key (HUK)
- Active tamper detection
- Internal monitoring that can erase secret data in the event of perturbation attacks helps meet the PCI Security Standards Council (PCI SSC) requirements for Point Of Sales (POS) applications.
Key elements of the Microvisor architecture
It is this secure architecture, along with the Trustzone component, which enables the secure partitioning of the application code running on the MCU, and the Microvisor byte code running on the TrustZone side of the house, separated by those simple APIs.
This secure hardware enabled partitioning is what effectively enables this new approach of a “hypervisor for microcontrollers” – what we call the microvisor.
The Microvisor element runs ‘alongside’ the application code on the same M33 MCU but with different security privileges, thanks to the TrustZone split. The Microvisor wraps a layer of security and connectivity around the application code space.
Crucially, the ST Microelectronics SFI (Secure Firmware Install) enables the secure boot operation and solves the factory provisioning challenge. Ensuring that devices can be securely manufactured is so often one of the forgotten challenges of IoT. There is little point in working hard on ensuring that you have a secure communications link between device and cloud, when the manufacturing process is so easily compromised. Having secure boot and factory provisioning built in by design – to both the underlying silicon and the software approach – means that the application and the factory / ODM are protected against any factory based attack vectors (e.g. rogue employees).
Frequently asked Microvisor Questions
Besides the hardware question, there have been a number of other Microvisor questions coming up so far in the context of our Beta Program (that you can still sign up for):
Who is responsible for management of the communications stacks and comms devices in a Microvisor enabled device?
The simple answer is that the Microvisor takes care of all communications, whatever the transport.
For Wi-Fi and Bluetooth/BLE, we make use of a low cost ESP32 comms co-processor attached to the general IO that is assigned to Microvisor on boot.
For cellular connectivity, we will support a range of cellular modems in the future, but to start with, we will be supporting a Quectel BG96 LTE Cat M1/Cat NB1/EGPRS modem and the Twilio Super SIM in order to provide end-to-end global cellular connectivity.
Essentially, the comms co-processor and modem, their onboard software components, as well as the device drivers and host stacks for Wi-Fi, Cellular and Bluetooth/BLE are all part of the Microvisor code base. We are therefore taking responsibility for the security of these, as well as for managing and maintaining them over time. All this is part of the lifetime of support and services that the Microvisor offering provides.
“Microvisor takes care of all comms whatever the transport and Twilio are responsible for the security, the managing, and the maintenance of these communications stacks”
What about pricing?
As part of the U5 announcement, STM shared the following:
STM32U5 MCUs are sampling now to lead customers and will be in full production in September 2021. Budgetary pricing starts at $3.60. A broad choice of packages including a 4.2mm x 3.95mm WLCSP and 7mm x 7mm UQFN48 and UFBGA169 will be available.
Which is pretty cool – in terms of pricing for the Microvisor capabilities, these will remain true to Twilio’s pricing philosophy of being easy, transparent and accessible. We will be announcing a simple “one fee for 10 years of service." Detailed pricing will be shared when the public beta release of Microvisor is available, which we expect by mid 2022.
How do I get started ahead of the actual Microvisor code being released?
We are currently working to deliver a development kit which combines the STM32U585, the ESP32, and the BG96 together as well as the initial API documentation for the device side software. We are looking to launch a “getting started” documentation pack towards the middle of this year with the pilot release, which will be followed by the first software release, our private beta, by late 2021.
As ever, to get access to all of the above, we are encouraging people to sign up to the Beta Program. We are looking forward to hearing from you!
Jonathan Williams is a Product Manager for IoT and Wireless at Twilio. Having worked in both the semiconductor industry as well as in cloud video communications, he has a focus on building developer friendly platforms that solve real world problems. When not working on bringing IoT products to market, he can be found tinkering with his 1970’s rally car. Jonathan can be reached at jowilliams [at] twilio.com