Linux is a powerful and configurable open-source operating system. Its extensive networking, hardware and user interface support mean that it’s been ported to more computer hardware and devices than any other operating system.
About Embedded Linux
For many applications, Linux is the most time and cost-effective choice for an embedded system – much more so than using an embedded RTOS that may lack the networking and device drivers support required.
But embedded Linux is considerably more complicated to use than most embedded RTOSs. It requires a specialist boot loader, such as uBoot, and a file system. It has complex configuration and hardening requirements, and typically needs an application environment and upgrade system.
Curious about Embedded Linux? Get in touch.
Meeting real time requirements with embedded Linux
We’ve used embedded Linux on a range of architectures and in a variety of secure, reliable embedded products. Low-level tasks that we’ve implemented to meet real-time requirements include:
Adding device drivers
Optimising cache performance
Introducing zero copy optimisations
Configuring scheduling to the appropriate policies (SCHED_xx)
Optimising memory usage and swapping
Adding low-level instrumentation using probes and other tools
Using tools such as busybox for file system optimisation
Hardening and optimising footprint by removing unused features
Securing Linux boot loaders
Building Linux filesystems
Adding secure upgrade and disaster recovery features
Many product implementations require custom Linux distributions and board support packages (BSP). Tools that we use every day include buildroot, yocto, open embedded, bitbake and more.
Curious about Embedded Linux? Get in touch.
Linux Security and Hardening
The downside of the flexible and feature-rich environment that Linux offers is the many attack surfaces that it exposes. Embedded Linux devices are an attractive target for botnets and other cyberattacks.
Linux has numerous in-built security features. But silicon vendors usually supply their developer Linux environment or BSP with all features, developer tools and ‘root’ privileges enabled. This gives the developer maximum functionality, but it means reconfiguration and hardening must be done before a product can be deployed.
Configuring Linux requires finding the balance between the right level of security while enabling the features that the application needs. We’ve hardened the Linux systems in many premium consumer products that are deployed in their millions by major operators. Our configuration work includes:
Disabling all unused network services
Disabling the kernel developer features
Applying the principle of least privilege and ensuring all processes run with minimum user privileges and access in order to function
Removing unnecessary tools and programmes from the filesystem and disabling debug such as ptrace
Limiting access by adding containerisation such as Docker, LXC, and runc & crun OCI compliant runtimes to sandbox components, especially when running third-party applications or for network-facing components
Adding intruder detection when appropriate
And a lot more…
When appropriate, we recommend using a security-enhanced version of Linux such as SELinux.
We can audit software for security and provide auditing and guidance on open-source software (OSS) licence requirements and use in projects, using tools such as Black Duck and Coverity.
Curious about Linux Security? Get in touch.
Linux Application Environments
Linux enables a wide choice of user interface frameworks.
QT & GTK+
One of the most powerful frameworks is Qt. It provides extensive development tools for rapid user interface design, supports sophisticated features such as animations, and uses 3D acceleration. A C-based alternative to Qt is GTK+.
Flutter, React Native & nodeJS
A popular alternative approach is to use a web-based environment, such as Flutter or React Native, or nodeJS combined with a preferred native graphics library – we’ve built and worked with all these environments.
Chromium Web Engine
For a truly web-centric approach, we can integrate a browser, such as the Chromium web engine included with Qt, or implement the WPE Webkit browser. Both browsers support a plugin framework that enables interaction with embedded features.
We provide support for all these user interface approaches – and more.
Insights
Our thoughts, ideas and views as well as in-depth technical papers. Explore our insights, get to market faster and make your digital ambitions a reality.
The contribution provides a secure, flexible way for operators to dynamically deploy and manage services on their router stack based on open industry standards, an […]
We are pleased to announce that Consult Red is strategic sponsor of the IX Ultramarathon Zielonogórski Nowe Granice this year as we continue to support […]