Optimized LTS Linux Kernel with Real-Time Linux Support
ELinOS includes the LTS Linux Kernel with optimizations for embedded usage and real-time extensions. The main concept is to reduce the number of device drivers and kernel features. Unlike other Linux distributions ELinOS does not enable all features to support a wide range of applications and devices.
Instead only the device drivers and features required by the system will be enabled. This will reduce the complexity and amount of device drivers in the system to a minimum. A system configured this way reduces the surface of attacks.
Enhanced Security and Hardening Options
ELinOS provides several mechanism to secure the target system. A main advantage of ELinOS is its unique feature driven configuration approach that configures both kernel and user space at once. Similarly, the root file system will contain the selected applications and libraries only. The result is a system tailored to the individual project’s needs without any unnecessary components or functions, reducing complexity, increasing security and keeping the footprint of the Linux environment as small as possible.
Additionally, ELinOS supports several mechanisms for hardening an embedded systems:
- SELinux provides Mandatory Access Control (MAC): Read the Blog Article
- CAPP-compliant auditing support
- Address Space Layout Randomization (ASLR) in user binaries and kernel: Read the Blog Article
- ANSSI conformance
- Testsuite checking hardening level according to ANSSI rules
- No open network ports by default
- No unused libraries or kernel driver by default
- Minimize number of services
- Disable kernel module loading
- UEFI Secure Boot
- Package security fixes provided by SYSGO
- User accounts and passwords
- Restrict access to files and directories by using users and groups
- Run services and applications as a distinct user
- Disable login via root account
- Allow factory reset of the system
- Read only file system
- In-kernel memory protection
Over-The-Air Update Support
Devices and software components nowadays are getting more complex. Especially the software provides a huge set of functionality and thus is a potential security risk. Thus it is common to have an update strategy available to do a system upgrade. The easiest way is to provide software updates over-the-air (SOTA). For this purpose ELinOS provides the tool SWUpdate.
SWUpdate is a powerful tool to support the user to provide customized update strategy for its system. The tool supports multiple strategies and is highly configurable. Thus it can be used to update a single user application only or provide a full partition image with a pre and post install processes. SWUpdate uses a single CPIO image and can integrate multiple files or partition images. It is even possible to support different target boards and multiple software channels (stable, debug, ...) in a single update image.
Graphical User Interfaces: HTML5 / Wayland / Qt / GTK
ELinOS provides several graphical user interfaces depending on the user requirements. We support new interfaces based on Web technologies like HTML5 as well as classical graphic interfaces Using Qt, GTK with or /wo Wayland. The web view is based on state-of-the-art QtWebEngine/Chromium and supports latest and well-known HTML5 features.
Using a classical graphical framework allows full control and highly optimized systems. ELinOS supports the developer by easily integrating the well-known frameworks with a graphical configuration interface on the host system.
Container Support: Docker, Isolated Applications
Docker is a set of tools and services that use OS-level virtualization to execute software. The software is distributed in form of images - packages which contain the software itself, all the necessary libraries and configuration files. The host operating system/kernel executes those as so called ”containers”. While those are technically self-sufficient, it’s possible to define communication channels which can be used to orchestrate software into bigger groups of independent components.
Eclipse-based Integrated Development Environment (IDE)
With CODEO you can conveniently setup your target device via the project configurator. Here, you find all the necessary tools to manage your target and your applications. The IDE grants access to target devices for remote debugging and timing analysis for runtime information. You can focus on developing outstanding embedded applications for the intelligent edge.
CODEO is flexible: You may cross-develop for target devices within Windows and testing it with QEMU.
QEMU-based HW Emulators
The fastest way to start the development is by using a VM based on QEMU. ELinOS offers QEMU for all supported architectures and allows to easily setup a system to run in QEMU. This allows to start application development, configuration and debugging without having a real target on the desk. At the end you can simply switch from QEMU to the real target.
ELinOS provides network package filtering with nftables and iptables. nftables is part of the netfilter sub-system inside the Linux kernel. It essential for the implementation of Linux based firewalls, routers or any other kind of gateways that require control over incoming network packets. It is the successor of the iptables subsystem, but also provides the functionality of ip6tables, arptables, and ebtables under the same hood.
nftables: Read the Blog Article
Connectivity: Wi-Fi / Bluetooth / Ethernet
Connectivity features are fully integrated into ELinOS and activation can be easily done with the Feature Configurator. The necessary tools to manage the connections as well as a firewall are available as well. For Bluetooth we also offer the Clarinox Bluetooth stack.
Bluetooth: Read the Blog Article