Zephyr Strengthens Security of Open-Source IoT OS

The open-source Zephyr Project has shored up some security issues with the release of Zephyr 2.3.0. The latest update integrates the Trusted Firmware M Trusted Execution Environment, which in turn supports Arm’s Platform Security Architecture. The Zephyr OS already offers support for the latter organization’s TrustZone hardware.

Zephyr Strengthens Security of Open-Source IoT OS

The Zephyr Project is part of the Linux Foundation, and is seeking to develop a real-time operating system (RTOS) designed specifically for IoT devices with limited amounts of space. The organization has been working to address a number of security issues that were uncovered in an independent NCC Group audit earlier in the year. Despite those flaws, the Group commended the Zephyr Project for the proactive steps it has taken to strengthen its security posture, and described the operating system as a mature and growing product.  

The Project community currently has more than 700 active contributors, while the OS itself has already appeared in several commercial products, including a new Phytec Distance Tracker that uses Bluetooth tech to measure the distance between two people and enforce social distancing. Laird Connectivity and teenage engineering are the two newest additions to a roster of corporate partners that already includes Adafruit, the Eclipse Foundation, Intel, Linaro, Nordic Semiconductor, NXP, Oticon, SiFive, Synopsys, and Texas Instruments.

“The Zephyr Project brings together a community of experts to participate on all aspects of the solution, from standards, policies and processes to distribution and incident response,” said Nordic Technical Product Manager and Zephyr Governing Board Chair Joel Stapleton. “This third party research and our security team’s swift and proactive response to the vulnerabilities is the strength of open source and a testament to this community.” 

Members of the Zephyr Project will be presenting at the Linux Foundation’s upcoming Open Source Summit Virtual event, which runs from June 29 to July 2.