Boot optimisation and sustainable cybersecurity
The new ELinOS version 7.1 and the associated build environment from German embedded software specialist SYSGO now make dedicated embedded Linux images even faster and more secure.
New features that have been integrated for the first time include a target-focused and -tailored systemd system and service manager as well as a convenient upgrade tool. It automatically provides the latest security and service patches when the development environment is loaded. Providing a comfortable path to instant one-click updates also makes runtime images more secure in the long term and ensures sustainable cybersecurity.
The Linux kernel in its current Long-Term Support (LTS) version 5.10 as well as the C runtime libraries of the glibc v2.31 release have also been embedded. Thanks to the convenient ELinOS ecosystem - which includes the easy-to-use Feature Configurator, Library Dependency Resolver, and the One-Click Build & Deployment Tool - essential upgrades can be integrated quickly and easily into dedicated embedded Linux target images. Moreover, besides the precompiled ELinOS 7.1 packages, user code can now also be made reproducible with the ELinOS toolchain.
Target markets for SYSGO's embedded Linux distribution, which has been offering exceptionally high cybersecurity since release 7.0.1, are found in IIoT-connected edge systems of critical infrastructures (KRITIS) in the energy and utilities industry, industrial automation and medical technology, as well as in automotive, railway and aerospace applications. They all require a long-term and solid open source based security architecture with support from a commercial distributor.
ELinOS 7.1 increases the responsiveness of Linux images and makes them faster as systemd causes less delays by parallelizing the processes. This is especially useful in complex boot scenarios. In addition, systemd facilitates the handling of dependencies between services, with all the performance gains this enables. Within ELinOS' integrated development environment CODEO, all components of systemd can be selected or deselected as required. This is done via the Feature Configurator in order to obtain customised and hence footprint- and performance-optimised systemd configurations. To provide an example, this way, it is possible to deactivate the Google Time Server, which is both criticised by the Community and firmly merged into the code of systemd, with a simple click. Application-specific shell scripts can also be implemented easily. Users looking for an alternative to systemd can optionally use BusyBox in ELinOS 7.1.
ELinOS 7.1-based embedded Linux images are made more secure by the new Product Update Tool, which significantly simplifies and accelerates the workflow for applying new security and service patches. When starting the development environment, it automatically synchronises with the SYSGO download server and displays the available security and other package updates. These can then be installed as needed, either via the graphical user interface with just one click, or via the command line interface. Dependencies between these packages - which are of course digitally signed and verified before installation - are automatically taken into account. In combination with the Over-the-Air Update Tool for target devices, which has already been available since ELinOS release 7.0.2, security updates for dedicated Linux images can be rolled out to the target system in the field easily and without delay via the seamlessly integrated toolchain of the ELinOS ecosystem.
"In times of increasing threats from cyberattacks, fast and easy update management is crucial besides secure state-of-the-art system design. Therefore, after the support of the Security-Enhanced Linux (SELinux) kernel extension, the activation of Address Space Layout Randomisation (ASLR) and the launch of the Over-the-Air Update Tool for target devices, it was important for us to also be able to update the build environment on a daily basis with just one click," explains David Engraf, Head of Product Development Embedded Linux ELinOS at SYSGO.
Other features of the ELinOS 7.1 ecosystem include enhanced IPv6 functionality, different Linux image compression algorithms, and Raspberry Pi4 support.
ELinOS 7.1 can be used as a stand-alone embedded Linux as well as a real-time operating system (RTOS) with the aid of the Preempt RT patch, but also in combination with PikeOS 5.1/5.0 RTOS and hypervisor. The additional Docker support forms the basis for a wide-ranging variety of applications that help to simplify and standardise the system landscape. This can all be managed in an integrated manner in the Eclipse-based CODEO graphical development environment. Developers benefit from a homogeneous development environment for heterogeneous applications on hardware consolidated devices.