Optimized LTS Linux Kernel with Real-Time Linux Support
ELinOS includes the LTS Linux Kernel with optimizations for embedded usage and real-time extensions. The main concept is to reduce the number of device drivers and kernel features. Unlike other Linux distributions ELinOS does not enable all features to support a wide range of applications and devices.
Instead only the device drivers and features required by the system will be enabled. This will reduce the complexity and amount of device drivers in the system to a minimum. A system configured this way reduces the surface of attacks.
Enhanced Security and Hardening Options
ELinOS provides several mechanism to secure the target system. A main advantage of ELinOS is its unique feature driven configuration approach that configures both kernel and user space at once. Similarly, the root file system will contain the selected applications and libraries only. The result is a system tailored to the individual project’s needs without any unnecessary components or functions, reducing complexity, increasing security and keeping the footprint of the Linux environment as small as possible.
Additionally, ELinOS supports several mechanisms for hardening an embedded systems:
- SELinux provides Mandatory Access Control (MAC): Read the Blog Article
- CAPP-compliant auditing support
- Address Space Layout Randomization (ASLR) in user binaries and kernel: Read the Blog Article
- ANSSI conformance
- Testsuite checking hardening level according to ANSSI rules
- No open network ports by default
- No unused libraries or kernel driver by default
- Minimize number of services
- Disable kernel module loading
- UEFI Secure Boot
- Package Security fixes provided by SYSGO
- User accounts and passwords
- Restrict access to files and directories by using users and groups
- Run services and applications as a distinct user
- Disable login via root account
- Allow factory reset of the system
- Disk Encryption (single partitions or full disk encryption)
- Read only file system
- In-kernel memory protection
ELinOS as an immutable operating system serves as a secure foundation with container support. The core system files remain unchangeable, ensuring stability. User applications and services operate within containers, promoting a clear separation. Updates can be independently applied to both the base system and containers, enhancing flexibility. This approach increases Security by isolating components and simplifies management. Setting up the system is very user-friendly, facilitated through a template in the simple new project wizard, streamlining the deployment of a consistent and secure environment.
Over-The-Air Update Support
Devices and software components nowadays are getting more complex. Especially the software provides a huge set of functionality and thus is a potential security risk. Thus it is common to have an update strategy available to do a system upgrade. The easiest way is to provide software updates over-the-air (SOTA). For this purpose ELinOS provides the tool SWUpdate.
SWUpdate is a powerful tool to support the user to provide customized update strategy for its system. The tool supports multiple strategies and is highly configurable. Thus it can be used to update a single user application only or provide a full partition image with a pre and post install processes. SWUpdate uses a single CPIO image and can integrate multiple files or partition images. It is even possible to support different target boards and multiple software channels (stable, debug, ...) in a single update image.
Graphical User Interfaces: HTML5 / Wayland / Qt / GTK
ELinOS provides several graphical user interfaces depending on the user requirements. We support new interfaces based on Web technologies like HTML5 as well as classical graphic interfaces Using Qt, GTK with or /wo Wayland. The web view is based on state-of-the-art QtWebEngine/Chromium and supports latest and well-known HTML5 features.
Using a classical graphical framework allows full control and highly optimized systems. ELinOS supports the developer by easily integrating the well-known frameworks with a graphical configuration interface on the host system.
Container Support: Docker, Isolated Applications
Docker is a set of tools and services that use OS-level virtualization to execute software. The software is distributed in form of images - packages which contain the software itself, all the necessary libraries and configuration files. The host operating system/kernel executes those as so called ”containers”. While those are technically self-sufficient, it’s possible to define communication channels which can be used to orchestrate software into bigger groups of independent components.
wolfSSL stands out as a top-tier, portable, and embedded Security software creator, specializing in SSL/TLS libraries. Distinguishing itself from OpenSSL, wolfSSL offers a compact size, professional support, and flexible licensing options. With ELinOS, users can seamlessly switch between wolfSSL and OpenSSL, tailoring their security solutions.
For PikeOS customers, a convenient entry point begins with a user-friendly Linux personality, exploring the rich feature set of wolfSSL. As needs evolve, a smooth transition to the native PikeOS environment is facilitated, allowing for a flexible and adaptive Security strategy.
ELinOS provides network package filtering with nftables and iptables. nftables is part of the netfilter sub-system inside the Linux kernel. It essential for the implementation of Linux based firewalls, routers or any other kind of gateways that require control over incoming network packets. It is the successor of the iptables subsystem, but also provides the functionality of ip6tables, arptables, and ebtables under the same hood.
nftables: Read the Blog Article
Connectivity: Wi-Fi / Bluetooth / Ethernet
Connectivity features are fully integrated into ELinOS and activation can be easily done with the Feature Configurator. The necessary tools to manage the connections as well as a firewall are available as well. For Bluetooth we also offer the Clarinox Bluetooth stack.
Bluetooth: Read the Blog Article
Eclipse-based Integrated Development Environment (IDE)
With CODEO you can conveniently setup your target device via the project configurator. Here, you find all the necessary tools to manage your target and your applications. The IDE grants access to target devices for remote debugging and timing analysis for runtime information. You can focus on developing outstanding embedded applications for the intelligent edge.
CODEO is flexible: You may cross-develop for target devices within Windows and testing it with QEMU.
QEMU-based HW Emulators
The fastest way to start the development is by using a VM based on QEMU. ELinOS offers QEMU for all supported architectures and allows to easily setup a system to run in QEMU. This allows to start application development, configuration and debugging without having a real target on the desk. At the end you can simply switch from QEMU to the real target.
License Scanning Tool
The License Scanning Tool is a pivotal host tool designed to assist customers in analyzing source code closely, identifying licenses, and tracking copyrights. Its versatility extends to handling diverse packages, encompassing license information within OSS archives or individual source files. With the capability to generate SPDX reports, this tool provides comprehensive insights into software licensing compliance. Leveraging the robust foundation of the ScanCode Toolkit, it empowers users with an efficient and reliable means to navigate and manage licensing complexities, ensuring transparency and adherence to legal obligations in software development.