Real-Time All the Time: The Zephyr Project Secures Security


The growing Zephyr Project, hosted by the Linux Foundation that aims to build an open-source real-time operating system (RTOS) for the IoT, was recently evaluated by the NCC Group, experts in cybersecurity and risk mitigation. The research was driven by interest from NCC’s clients found that Zephyr is a mature and highly active project with increasing market share.

The Zephyr Project is a small, scalable real-time operating system for use on resource-constrained systems supporting multiple architectures.

The NCC Group issues a report in May 2020 outlining the issues discovered in detail and acknowledged the proactive work of the Zephyr Project Security Committee to fix these issues.

The Zephyr community has attracted over 700 contributors in just a few years, with the most recent release, including integration with the Trusted Firmware M, open-source Trusted Execution Environment framework, which implements Arm’s Platform Security Architecture specification.

According to the foundation, Zephyr has long included support for Arm’s TrustZone hardware, including being able to target the secure side of the firmware. Still, by adding integration with the standard Trusted Firmware M project, it now also offers the option to combine TF-M and Zephyr to create a PSA-certified solution.

“The Zephyr Project brings together a community of experts to participate on all aspects of the solution, from the standards to adopt, policies and processes to follow, and methodologies for build, test, maintenance, distribution and incident response,” said Joel Stapleton, Zephyr Project Governing Board Chair and Technical Product Manager at Nordic Semiconductor. “Our aim is to make a solution that developers can trust for the lifecycle of their products. This third-party research and our security team’s swift and proactive response to the vulnerabilities is the strength of open source and a testament to this community.”

The Zephyr RTOS is unique as it is vendor-neutral, with a scope from multi-architecture board support packages, to cloud connectivity for IoT products. Several high-profile products have leveraged Zephyr, including Intellinium Safety Shoes, ProGlove, and HereO Core Box.

The Zephyr Project also welcomed Laird Connectivity and teenage engineering in June, expanding its ecosystem. The new members join Adafruit, Antmicro, Eclipse Foundation,, Intel, Linaro, Nordic Semiconductor, NXP®, Oticon, SiFive, Synopsys, Texas Instruments and more to create an open hardware and software ecosystem using the Zephyr OS.

"Developers have many options when it comes to selecting an RTOS for embedded microcontrollers, but the Zephyr Project is one of the fastest-growing open-source and broadly contributed RTOS projects of its kind,” said Jonathan Kaye, Senior Director, Product Management at Laird Connectivity. “Joining the Zephyr Project allows Laird Connectivity to deliver more design flexibility than ever across our wireless modules, IoT Devices, and Gateways. Our customers can leverage community support, better device security, high performance in resource-light environments, and license-free use for commercial applications. And by using one shared platform, they can build a highly reusable code base that rapidly accelerates their IoT development with Laird Connectivity products."

“teenage engineering is developing embedded products in a wide range of complexity: from single-core Cortex-M0 to multicore and multiprocessor systems with totals of up to 5 different MCU's from various vendors,” said David Eriksson Head of Hardware at teenage engineering. “Our goal is to build the perfect multi-chip system where we capture what each breed of processor does best and allow them to work together in harmony. With Zephyr, we can develop anywhere. We make sure that code can run on a host as well as device and that interconnectivity is platform-agnostic, allowing a mix of real hardware and desktop emulation. We prefer to develop with open tools, so Zephyr is really the only sane choice for an RTOS where it is possible to achieve true transparency on all layers of the stack. We are happy to become members of The Linux Foundation and the Zephyr Project and to take part in shaping and influencing the future of embedded systems."

In April, Zephyr celebrated 40,000 commits on Github and has now completed more than 41,000 to date with support for more than 200 boards.

The Zephyr Project will be present at the Linux Foundation’s Open Source Summit Virtual event on June 29-July 2. Several members will be giving presentations that include Zephyr, including a keynote by Kate Stewart about open source in safety-critical applications on July 1 at 9 am CST. Additional talks will be given by Zephyr project members from the Eclipse Foundation, Intel, and Linaro. Learn more here.

Additionally, on July 2 from 2-3:30 pm, Zephyr will host a Mini-Summit that will offer an overview of the RTOS, introduction to west, how Bluetooth works with Zephyr and insight into security, safety certification, and a product use case. Registration is free for OSS + ELC attendees. Learn more here.

Arti Loftus is an experienced Information Technology specialist with a demonstrated history of working in the research, writing, and editing industry with many published articles under her belt.

Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Special Correspondent

Related Articles

Saving More Lives: NOVELDA Expands Safety Applications of its UWB In-Cabin Sensors with Multi-Target Occupancy Detection

By: Alex Passett    4/8/2024

Earlier this morning, NOVELDA (a Car Connectivity Consortium member and an innovator in ultra-wideband, or UWB, solutions) announced new multi-target …

Read More

FOSSA Systems and Microsoft Research Explore the Exciting Reach of Satellite IoT

By: Alex Passett    4/4/2024

FOSSA Systems and Microsoft Research are collaborating to advance the discovery potential for next-gen, low-power, low-rate industrial satellite IoT c…

Read More

What You Need to Know: Microchip Technology's ECC608 TrustMANAGER with Kudelski IoT keySTREAM

By: Alex Passett    4/2/2024

Earlier this morning, Microchip Technology confirmed that it has added the ECC608 TrustMANAGER (with Kudelski IoT keySTREAM SaaS) to its platform of a…

Read More

A Powerful Triple Bottom Line: With Energy Automation Innovations, Providers, Building Owners, and Consumers Win

By: Matthew Vulpis    4/2/2024

Though emissions from electricity generation only grew by a modest 1.1% in 2023 compared to the 6.2% recently in 2021, which was driven by the rapid e…

Read More

A Smart Direction for Business in IoT: Kyle Okamoto Joins floLIVE's Advisory Board to Deepen Growth Strategies

By: Alex Passett    4/2/2024

Earlier this morning, floLIVE announced that Kyle Okamoto, the former General Manager of IoT at Ericsson (and the former General Manager of IoT at Aer…

Read More