Security Overview
FreeRTOS follows a strict coding standard, and has undergone a number of code quality checks including
MISRA-C
compliance and Coverity
static analysis to ensure code safety, portability, and reliability in embedded systems (see the list
in the LTS Code Quality Checklist). Non-trivial updates
to the FreeRTOS libraries must pass AWS Application Security (AppSec) and AWS Penetration
Testing (pentest) reviews prior to release.
Memory Safety
FreeRTOS is designed for resource-constrained devices that do not provide all the hardware mechanisms
richer operating systems utilize to protect the system from external adversaries. On such small devices,
security depends on simpler memory protection and execution privilege level hardware, and on the
operating system code itself. We work with the
Automated Reasoning Group at AWS to apply mathematically driven, provable security techniques
to FreeRTOS. FreeRTOS libraries have been validated for memory safety with the C Bounded Model Checker
(CBMC) automated
reasoning tool to mitigate code security issues such as buffer overflow.
To learn more >> read the blogs "Ensuring the Memory Safety of FreeRTOS":
(Part 1,
Part 2.)
Threat Model
See the FreeRTOS Kernel Threat Model page on this website.
Security Certification
FreeRTOS provides foundational connectivity libraries such as
FreeRTOS-Plus-TCP and
coreMQTT that help developers confidently and securely connect IoT
devices to the cloud. FreeRTOS has demonstrated safety and security through the
Security Evaluation
Standard for IoT Platforms (SESIP™) Level 2 and PSA Level 1 certifications. SESIP™ derives its
fundamental tenets from the industry established
Common
Criteria framework.
PSA Certified
offers a framework for securing connected devices, from analysis through to security assessment and
certification.
Learn more >> SESIP Level 2,
PSA level 1.
Copyright (C) Amazon Web Services, Inc. or its affiliates. All rights reserved.