Fusion is RIoT Secure’s hardware sandbox architecture, designed to give device developers full, unrestricted control over their own execution environment, while preserving secure communication and lifecycle management through an independent system component. At its core, Fusion enables a strict separation of concerns by dedicating a microcontroller exclusively to the customer’s application logic. This dedicated microcontroller is fully owned and controlled by the developer or device manufacturer - free from interference, shared resources, or runtime constraints imposed by the communication and lifecycle management stack.
True Hardware Separation - Not Time Slicing
Unlike software-based sandboxes or shared-runtime approaches, Fusion enforces isolation at the hardware level. Customer applications run on their own microcontroller, with guaranteed access to CPU, memory, peripherals, and real-time scheduling - entirely independent of the RIoT Secure client. This means:
- No competition for CPU cycles
- No shared memory or runtime contention
- No impact on real-time behavior
- No restrictions on programming models or toolchains
Developers are free to use any programming language, framework, RTOS, or bare-metal approach that best suits their application - from hard real-time control loops to advanced signal processing or AI acceleration.
Independent Communication & Lifecycle Control
While the customer application runs independently, the RIoT Secure client executes on a separate communication module or microcontroller. This component is responsible for secure communication, provisioning, identity, and lifecycle operations - and operates entirely independently of the customer’s execution environment. This architectural split ensures that:
- Communication and security updates never interfere with application timing
- Lifecycle management can evolve without impacting customer firmware
- Application failures cannot compromise device identity or connectivity
The result is a robust system where long-lived device control and fast-evolving application logic coexist safely, without forcing trade-offs between security and determinism.
Designed for Real-World Embedded Systems
Fusion is purpose-built for real-world embedded deployments where determinism, reliability, and long-term maintainability are non-negotiable. By isolating responsibilities across dedicated hardware components, Fusion avoids the complexity and fragility often introduced by monolithic firmware designs. This approach is particularly valuable in environments that require:
- Hard real-time guarantees
- Safety- or mission-critical behavior
- Long operational lifetimes
- Heterogeneous hardware and peripherals
Fusion allows device makers to evolve communication stacks, security mechanisms, and lifecycle features independently — without requiring invasive changes to application firmware.
A Foundation for Scalable Lifecycle Management
Within the RIoT Secure Platform, Fusion acts as the hardware foundation for secure lifecycle management. It ensures that provisioning, updates, and fleet-wide operations can be performed reliably across large deployments, while preserving complete autonomy for customer applications. For teams that prefer a portable, software-defined execution model instead of a dedicated application microcontroller, Fusion can be complemented or replaced by Brawl, RIoT Secure’s WebAssembly-based execution environment - without changing the surrounding lifecycle infrastructure.
Arduino Shield for Rapid Prototyping & Evaluation
To simplify evaluation and early development, RIoT Secure has created an Arduino-compatible Fusion shield that demonstrates the hardware sandbox architecture in a practical, hands-on form. The shield integrates a dedicated communication and lifecycle management microcontroller alongside an Arduino-compatible application processor, clearly illustrating the separation of concerns enforced by Fusion. Using the shield, developers can:
- Prototype applications using familiar Arduino tools and workflows
- Run application code on a fully independent microcontroller
- Observe real-time behavior without interference from communication or security tasks
- Evaluate secure communication, provisioning, and lifecycle management in a controlled environment
Importantly, the Arduino shield is a reference platform, not a constraint. Production systems are free to use any microcontroller architecture, toolchain, or programming environment - from bare-metal C to RTOS-based designs - while retaining the same Fusion-based hardware separation.
Native Support for Arduino UNO R4
Fusion also supports platforms where the separation of concerns is already present at the hardware level. A notable example is the Arduino UNO R4, which integrates an ESP32-based communication subsystem alongside a Renesas Cortex-M4 application processor. On the Arduino UNO R4, Fusion can be deployed without an external shield, leveraging the existing dual-processor architecture to maintain the same separation between communication, security, and customer-controlled application logic. The ESP32 handles secure communication and lifecycle operations, while the Cortex-M4 remains fully dedicated to application execution, real-time behavior, and peripheral control.
This native support demonstrates that Fusion is not tied to a specific form factor or board design. Whether implemented using a reference Arduino shield or a modern dual-processor platform like the UNO R4, Fusion consistently enforces hardware-level isolation and predictable execution - from prototyping through to production.
Fusion - absolute control for developers, hardware-rooted isolation for security, and a clean foundation for long-term device lifecycle management.
