Security Overview

FreeRTOS follows a strict coding standard, and has undergone a number of code quality checks including MISRA-C compliance and Coverity static analysis to ensure code safety, portability, and reliability in embedded systems (see the list in the LTS Code Quality Checklist). Non-trivial updates to the FreeRTOS libraries must pass AWS Application Security (AppSec) and AWS Penetration Testing (pentest) reviews prior to release.

Memory Safety

FreeRTOS is designed for resource-constrained devices that do not provide all the hardware mechanisms richer operating systems utilize to protect the system from external adversaries. On such small devices, security depends on simpler memory protection and execution privilege level hardware, and on the operating system code itself. We work with the Automated Reasoning Group at AWS to apply mathematically driven, provable security techniques to FreeRTOS. FreeRTOS libraries have been validated for memory safety with the C Bounded Model Checker (CBMC) automated reasoning tool to mitigate code security issues such as buffer overflow.

To learn more >> read the blogs "Ensuring the Memory Safety of FreeRTOS": (Part 1, Part 2.)

Threat Model

See the FreeRTOS Kernel Threat Model page on this website.

Security Certification

FreeRTOS provides foundational connectivity libraries such as FreeRTOS-Plus-TCP and coreMQTT that help developers confidently and securely connect IoT devices to the cloud. FreeRTOS has demonstrated safety and security through the Security Evaluation Standard for IoT Platforms (SESIP™) Level 2 and PSA Level 1 certifications. SESIP™ derives its fundamental tenets from the industry established Common Criteria framework. PSA Certified offers a framework for securing connected devices, from analysis through to security assessment and certification.

Learn more >> SESIP Level 2, PSA level 1.