Features
Features
Overview IGLOS Features
Software Update
We change every running system – with confidence! Changes to systems running in production are always perceived as risk to its stability, so it is a common recommendation to „never change a running system“. For this reason, numerous systems still run on decades old software that get increasingly hard to maintain. Latest the CRA, relying on this recommendation is no longer state of the art, since not being able to update systems with known security issues is fatal. Therefore, we take a radically different approach and allow the systems to be updated fast and repeatedly, while minimizing the risk of interfering with the functionality. This starts with a reliable A/B update functionality, continues with our first-class regression test center, and does not end with partitioning the system into independently updatable zones with different risk profiles. Per default, IGLOS is shipped with SWUpdate allowing for integration with systems like Eclipse hawkBit. On demand, it can be replaced with other update mechanisms, including RAUC, Uptane, Mender, or the Nix package manager.
Secure Boot
Embedded devices need to ensure their integrity and authenticity already during boot. This is not only an important security requirement of IEC 62443, but constitutes the root of trust of all other security mechanisms built on top. While hardware platforms already come with a bunch of features that support this functionality, like High Assurance Boot or TPMs, combining and configuring them correctly and securely is challenging and requires in-depth knowledge. And it does not end there: To be able to reliably sign new software images, even after critical security incidents, a stable central signing infrastructure that still ensures the confidentiality of the key material is crucial. We operate a signing infrastructure based on open source software that you can easily deploy in your own environment to maintain control over your own keys. We secure your devices from the start, so your customers can trust them every step of the way.
Embedded devices need to ensure their integrity and authenticity already during boot. This is not only an important security requirement of IEC 62443, but constitutes the root of trust of all other security mechanisms built on top. While hardware platforms already come with a bunch of features that support this functionality, like High Assurance Boot or TPMs, combining and configuring them correctly and securely is challenging and requires in-depth knowledge. And it does not end there: To be able to reliably sign new software images, even after critical security incidents, a stable central signing infrastructure that still ensures the confidentiality of the key material is crucial. We operate a signing infrastructure based on open source software that you can easily deploy in your own environment to maintain control over your own keys. We secure your devices from the start, so your customers can trust them every step of the way.
Secure Boot
Storage Integrity and Encryption
A secure boot process into the operating system is a necessary but not sufficient condition to ensure no malicious software is executed. Ideally, all executable code is split from volatile application data and resides on a read-only partition that is also verified during boot through mechanisms like dm-verity. In that case, changes to the software are only possible via software update, but on-the-fly injection of malicious code is prevented. This, so-called immutable system, is the preferred architecture for embedded systems and thus the default configuration of IGLOS. On some systems it is necessary to change executable software on the fly, like when dynamically managing containers. In this case, application-specific alternatives need to be deployed to maintain the integrity of the system. The application data, on the other hand, is encrypted with dm-crypt by default and IGLOS provides mechanisms to reset it to a well-known state (e.g. for a factory reset of the device).
Logging for Auditing and Debugging
Knowing what happens inside a device is crucial to detect and reconstruct attacks as well as to find bugs with and without security relevance. Generating and storing audit events is also an integral part of the IEC 62443 4-2. IGLOS logs internal audit events and provides an interface for application-specific audit events. Both can be forwarded encrypted to a remote logging server for integration into a Security Information and Event Management (SIEM) system like the open-source solution Wazuh for further analysis and alarming.
Knowing what happens inside a device is crucial to detect and reconstruct attacks as well as to find bugs with and without security relevance. Generating and storing audit events is also an integral part of the IEC 62443 4-2. IGLOS logs internal audit events and provides an interface for application-specific audit events. Both can be forwarded encrypted to a remote logging server for integration into a Security Information and Event Management (SIEM) system like the open-source solution Wazuh for further analysis and alarming.
Logging for Auditing and Debugging
Mandatory Access Control
As integral component of our defense in depth approach, IGLOS employs mandatory access control with AppArmor. Amongst others, this mitigates the effect of zero-day exploits, by restricting applications to the absolutely minimal set of allowed actions on the system. For example, processes that are not responsible for external connections will be denied all network connections, preventing them from phoning home or being used as a pivot in an attack. For this, IGLOS comes with several preconfigured AppArmor profiles tailored to the needs of IGLOS. Furthermore, we are able to setup profiles for your applications.
In a more and more connected world, a reliable and secure network is an important foundation. IGLOS devices support various network configuration options including static configuration, DHCP or even NETCONF / YANG, making IGLOS also suitable for Linux-based network devices like switches and routers. For mitigating network attacks, IGLOS comes with a predefined, yet adaptable, firewall, including denial of service protection.
Firewall and Networking
Firewall and Networking
In a more and more connected world, a reliable and secure network is an important foundation. IGLOS devices support various network configuration options including static configuration, DHCP or even NETCONF / YANG, making IGLOS also suitable for Linux-based network devices like switches and routers. For mitigating network attacks, IGLOS comes with a predefined, yet adaptable, firewall, including denial of service protection.
Device Lifecycle
Many security mechanisms are highly dependent on shared secrets or private and public keys deployed on the embedded system. Their deployment often requires to enable trust via an initially untrusted channel, resembling a classical „chicken or egg“ problem. The concrete process is often highly application-specific, but can be based on renowned techniques like FIDO Device Onboarding. Further topics include decommissioning, factory reset and backup / restore. For all these, IGLOS contains blueprint implementations that can be easily adapted to your requirements.
All the security features are not worth anything with the part that actually brings value to the embedded system: Your application. Historically, the preferred way to deploy applications is as binary-package, allowing the most flexible integration. Packaging customer applications is one of our daily chores. But there are also other options: With IGLOS Secure Beacon (see Certification), we have demonstrated how container technology can be used to deploy for example containerized web applications to immutable embedded systems. Also virtualization technologies like KVM or Xen are a common way to deploy applications. With Jailhouse we also support a hardware partitioning virtualization solution that is especially suited for realtime or safety applications. Besides the deployment itself, IGLOS provides several interfaces to integrate the application with the operating system. Per default, systemd is used for managing the services on the system and D-Bus is used for secure inter-process communication.
Application Integration
Application Integration
All the security features are not worth anything with the part that actually brings value to the embedded system: Your application. Historically, the preferred way to deploy applications is as binary-package, allowing the most flexible integration. Packaging customer applications is one of our daily chores. But there are also other options: With IGLOS Secure Beacon (see Certification), we have demonstrated how container technology can be used to deploy for example containerized web applications to immutable embedded systems. Also virtualization technologies like KVM or Xen are a common way to deploy applications. With Jailhouse we also support a hardware partitioning virtualization solution that is especially suited for realtime or safety applications. Besides the deployment itself, IGLOS provides several interfaces to integrate the application with the operating system. Per default, systemd is used for managing the services on the system and D-Bus is used for secure inter-process communication.
Application Integration
All the security features are not worth anything with the part that actually brings value to the embedded system: Your application. Historically, the preferred way to deploy applications is as binary-package, allowing the most flexible integration. Packaging customer applications is one of our daily chores. But there are also other options: With IGLOS Secure Beacon (see Certification), we have demonstrated how container technology can be used to deploy for example containerized web applications to immutable embedded systems. Also virtualization technologies like KVM or Xen are a common way to deploy applications. With Jailhouse we also support a hardware partitioning virtualization solution that is especially suited for realtime or safety applications. Besides the deployment itself, IGLOS provides several interfaces to integrate the application with the operating system. Per default, systemd is used for managing the services on the system and D-Bus is used for secure inter-process communication.
User Interfaces
While we are convinced that you are the expert for your application, while we focus on the operating system layer, we were involved in the development of numerous embedded systems and have collected experience in application and user interface development from X11, Wayland and Qt to embedded web applications. Our craft is reliable software. The art of aesthetics belongs to someone else.
Machine to Machine Interfaces
Not only users will interact with your embedded system, but also other devices. In particular for industrial automation systems, OPC UA is a common choice and with the open62541 project we have a proven solution in our toolbox. On field level, OPC UA FX is emerging and we are actively involved in its realization. We have years of experience in Time Sensitive Networks (TSN) and Deterministic Networking (DetNet) to implement real time communication according to internationally recognized IEEE and IETF standards. But also other communication architectures were realized by our experts like MQTT communication with public cloud infrastructure. Of course, everything aligned with state-of-the-art security mechanisms, like authentication and transport encryption.
Not only users will interact with your embedded system, but also other devices. In particular for industrial automation systems, OPC UA is a common choice and with the open62541 project we have a proven solution in our toolbox. On field level, OPC UA FX is emerging and we are actively involved in its realization. We have years of experience in Time Sensitive Networks (TSN) and Deterministic Networking (DetNet) to implement real time communication according to internationally recognized IEEE and IETF standards. But also other communication architectures were realized by our experts like MQTT communication with public cloud infrastructure. Of course, everything aligned with state-of-the-art security mechanisms, like authentication and transport encryption.
Machine to Machine Interfaces
User and Credential Management
Many embedded systems rely on an application-specific user and credential management that is decoupled from the operating system users. While this is, of course, possible with IGLOS as well, we also promote an architecture that reuses the operating system users also for the external interfaces, like an embedded web interface as demonstrated with our certified IGLOS Secure Beacon. This has the big advantage that all the internal security mechanisms of Linux can be relied on to enforce separation of concerns and to minimize the attack vector. It can be combined with state-of-the-art FIDO2 authentication, either to realize multi-factor authentication or completely avoid the use of passwords for a more convenient, yet much more secure, login.
IGLOS is based on the Embedded Linux Build Environment (ELBE) that is widely used, especially in industrial automation. ELBE allows to build an embedded system based on Debian, to leverage it’s (security) maintenance, but provides tooling to define a reproducible, yet flexible system similar to what is possible with other build systems like Yocto. We can support you to transfer your Yocto system to ELBE or – if you want to stay with it – Linutronix also provides Yocto support outside of the IGLOS offering. As core maintainers of ELBE, we know about every detail of ELBE and can even extend it with additional features, if needed.
Build Environment
Build Environment
IGLOS is based on the Embedded Linux Build Environment (ELBE) that is widely used, especially in industrial automation. ELBE allows to build an embedded system based on Debian, to leverage it’s (security) maintenance, but provides tooling to define a reproducible, yet flexible system similar to what is possible with other build systems like Yocto. We can support you to transfer your Yocto system to ELBE or – if you want to stay with it – Linutronix also provides Yocto support outside of the IGLOS offering. As core maintainers of ELBE, we know about every detail of ELBE and can even extend it with additional features, if needed.
Linux Kernel
Last, but not least, the Linux kernel is the central component of IGLOS. Unlike most vendor BSPs, which often diverge significantly from mainline Linux and rely on numerous proprietary patches, we make it a priority to stay as close as possible to official Linux mainline releases. This approach allows us to integrate upstream security fixes and new features much faster, while also benefiting from the extensive testing contributed by the wider Linux community across diverse use cases. If you are worried about missing support for your hardware, we have you covered: We are regularly one of the companies with the most contributions to an official Linux kernel release, so you can confidently rely on us to bring hardware support into the mainline kernel, where the driver benefits from regular maintenance by the Linux community.