Embedded Linux Development
Custom distributions, BSP development, and Linux hardening for connected devices deployed at scale.
Linux is a powerful and configurable open-source operating system. Its extensive networking, hardware and user interface support mean that it’s been ported to more computer hardware and devices than any other operating system.
For many applications, Linux is the most time- and cost-effective choice for an embedded system, far more so than using an embedded RTOS that may lack the necessary networking and device driver support.
Embedded Linux in production is harder than it looks
Linux is the right choice for a large proportion of connected device programmes. It offers unmatched networking support, a broad driver ecosystem, and flexibility that most embedded RTOSs cannot match. But that flexibility comes with complexity that has a cost if it is not managed correctly.
A developer BSP from a silicon vendor is configured for maximum functionality, not production deployment. Hardening, footprint optimisation, real-time tuning, secure boot, and filesystem configuration all need to be done deliberately before a Linux-based product is ready to ship. Done late or done poorly, these steps create security vulnerabilities, performance problems, and certification failures that are expensive to unpick.
We have been developing and hardening embedded Linux for production devices for over 20 years. Our systems run in millions of deployed consumer products managed by a global customer base.
Meeting real time requirements with Embedded Linux
We’ve used embedded Linux on a range of architectures and in a variety of secure, reliable embedded products.
Many product implementations require custom Linux distributions and board support packages (BSP). Tools that we use every day include buildroot, yocto, open embedded, bitbake and more.
For applications where deterministic real-time performance is the primary requirement, see our Embedded RTOS page.
Linux Application Environments
Linux enables a wide choice of user interface frameworks. We provide support for all these user interface approaches – and more.
QT & GTK+
One of the most powerful frameworks is Qt. It provides extensive development tools for rapid user interface design, supports sophisticated features such as animations, and uses 3D acceleration. A C-based alternative to Qt is GTK+.
Flutter, React Native & nodeJS
A popular alternative approach is to use a web-based environment, such as Flutter or React Native, or nodeJS combined with a preferred native graphics library – we’ve built and worked with all these environments.
Chromium Web Engine
For a truly web-centric approach, we can integrate a browser, such as the Chromium web engine included with Qt, or implement the WPE Webkit browser. Both browsers support a plugin framework that enables interaction with embedded features.
Linux Security and Hardening
The downside of the flexible and feature-rich environment that Linux offers is the many attack surfaces that it exposes. Embedded Linux devices are an attractive target for botnets and other cyberattacks.
Linux has numerous in-built security features. But silicon vendors usually supply their developer Linux environment or BSP with all features, developer tools and ‘root’ privileges enabled. This gives the developer maximum functionality, but it means reconfiguration and hardening must be done before a product can be deployed.
Configuring Linux requires finding the balance between the right level of security while enabling the features that the application needs. We’ve hardened the Linux systems in many premium consumer products that are deployed in their millions by major operators.
For clients who need broader device security strategy and compliance support, our Device Cybersecurity practice covers assessment, architecture, and implementation.
Frequently asked questions about embedded Linux development
-
What is embedded Linux?
Embedded Linux is a version of the Linux operating system customised and optimised to run on a dedicated connected device rather than a general-purpose computer.
It typically involves a custom kernel configuration, a minimal filesystem, a BSP tailored to the target hardware, and hardening to remove developer features and reduce the attack surface before production deployment.
-
What is a Board Support Package (BSP) for Linux?
A Linux BSP is the collection of software components that enables the Linux kernel and operating system to run on a specific hardware platform.
It includes hardware initialisation code, device drivers, memory configuration, and build system settings.
A well-developed BSP is the foundation of a stable embedded Linux system. Most silicon vendors supply a BSP configured for development that requires significant hardening and optimisation before it is production-ready.
-
What is the difference between Yocto and Buildroot?
Both are build systems for creating custom embedded Linux distributions, but they address different needs.
Yocto provides a highly flexible, layer-based framework suited to complex products requiring a rich software stack and ongoing maintainability.
Buildroot is simpler and faster to work with, suited to leaner systems where footprint and build time are priorities.
The right choice depends on the complexity of your software stack, your team’s experience, and your long-term maintenance requirements.
-
When should I use embedded Linux rather than an RTOS?
Embedded Linux is generally preferable when your device requires networking, a broad hardware driver ecosystem, complex application logic, or UI capabilities.
An RTOS is better suited to applications requiring hard real-time determinism, where response times must be guaranteed in the microsecond range.
Many modern devices use both, with an RTOS handling time-critical control tasks and Linux managing application-level functions.
-
How do you harden an embedded Linux system for production?
Linux hardening for production deployment involves disabling unused network services and kernel developer features, applying least-privilege principles to all running processes, removing unnecessary tools from the filesystem, adding containerisation to sandbox components, particularly for third-party applications, implementing secure boot, and auditing open-source software licences.
We also recommend and implement SELinux in environments that require mandatory access control, and use tools such as Black Duck and Coverity for security and license auditing.
Ready to discuss your embedded Linux project requirements?
Please enter your details to request a free consultation – learn more about our embedded Linux services or partner with us on your next project.
Related Insights
Our thoughts, ideas and views as well as in-depth technical papers. Explore our insights, get to market faster and make your digital ambitions a reality.
Case Studies
Linux-based touchscreen control device
The client needed to upgrade a limited microcontroller-based touchscreen to a full-featured Linux control system.
Case Studies
Feature development & integration for hybrid custom Linux TV platform
Consult Red has supported this operator with extensive middleware platform and feature development, including app integration, DRM support, testing and legacy platform support.
Articles
The Hidden Costs of Choosing the Wrong Product Architecture
In this article, we explore the foundations that make connected product evolution possible and successful.