Embedded Linux

Linux is a powerful and configurable open-source operating system. Its extensive networking, hardware and user interface support mean that it’s been ported to more computer hardware and devices than any other operating system.

About Embedded Linux

For many applications, Linux is the most time and cost-effective choice for an embedded system – much more so than using an embedded RTOS that may lack the networking and device drivers support required.

But embedded Linux is considerably more complicated to use than most embedded RTOSs. It requires a specialist boot loader, such as uBoot, and a file system. It has complex configuration and hardening requirements, and typically needs an application environment and upgrade system.

Curious about Embedded Linux? Get in touch.

Meeting real time requirements with embedded Linux

We’ve used embedded Linux on a range of architectures and in a variety of secure, reliable embedded products. Low-level tasks that we’ve implemented to meet real-time requirements include:

  • Adding device drivers
  • Optimising cache performance
  • Introducing zero copy optimisations
  • Configuring scheduling to the appropriate policies (SCHED_xx)
  • Optimising memory usage and swapping
  • Adding low-level instrumentation using probes and other tools
  • Using tools such as busybox for file system optimisation
  • Hardening and optimising footprint by removing unused features
  • Securing Linux boot loaders
  • Building Linux filesystems
  • Adding secure upgrade and disaster recovery features

Many product implementations require custom Linux distributions and board support packages (BSP). Tools that we use every day include buildroot, yocto, open embedded, bitbake and more.

logo logo logo logo

Curious about Embedded Linux? Get in touch.

Linux Security and Hardening

The downside of the flexible and feature-rich environment that Linux offers is the many attack surfaces that it exposes. Embedded Linux devices are an attractive target for botnets and other cyberattacks.

Linux has numerous in-built security features. But silicon vendors usually supply their developer Linux environment or BSP with all features, developer tools and ‘root’ privileges enabled. This gives the developer maximum functionality, but it means reconfiguration and hardening must be done before a product can be deployed.

Configuring Linux requires finding the balance between the right level of security while enabling the features that the application needs. We’ve hardened the Linux systems in many premium consumer products that are deployed in their millions by major operators. Our configuration work includes:

  • Disabling all unused network services
  • Disabling the kernel developer features
  • Applying the principle of least privilege and ensuring all processes run with minimum user privileges and access in order to function
  • Removing unnecessary tools and programmes from the filesystem and disabling debug such as ptrace
  • Limiting access by adding containerisation such as Docker, LXC, and runc & crun OCI compliant runtimes to sandbox components, especially when running third-party applications or for network-facing components
  • Adding intruder detection when appropriate
  • And a lot more…

When appropriate, we recommend using a security-enhanced version of Linux such as SELinux.

We can audit software for security and provide auditing and guidance on open-source software (OSS) licence requirements and use in projects, using tools such as Black Duck and Coverity.

logo logo logo logo

Curious about Linux Security? Get in touch.

Linux Application Environments

Linux enables a wide choice of user interface frameworks.

QT & GTK+

One of the most powerful frameworks is Qt. It provides extensive development tools for rapid user interface design, supports sophisticated features such as animations, and uses 3D acceleration. A C-based alternative to Qt is GTK+.

logo logo

Flutter, React Native & nodeJS

A popular alternative approach is to use a web-based environment, such as Flutter or React Native, or nodeJS combined with a preferred native graphics library – we’ve built and worked with all these environments.

logo logo logo

Chromium Web Engine

For a truly web-centric approach, we can integrate a browser, such as the Chromium web engine included with Qt, or implement the WPE Webkit browser. Both browsers support a plugin framework that enables interaction with embedded features.

logo logo

We provide support for all these user interface approaches – and more.

Insights

Our thoughts, ideas and views as well as in-depth technical papers. Explore our insights, get to market faster and make your digital ambitions a reality.

Get in touch

Send an enquiry below and a member of our friendly team will get back in touch with you shortly.

  • We would like to send you updates and news relating to the products and services provided by Consult.Red that may be of interest to you. Are you happy to receive news and updates from Consult.Red?
  • This field is for validation purposes and should be left unchanged.