search.noResults

search.searching

saml.title
dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
EMBEDDED TECHNOLOGY Linux-based operating system for the critical


infrastructure use of embedded devices In a progressively interconnected world where cyber threats are ever-present, companies are increasingly challenged to protect their systems and data from cyberattacks. KontronOS is an operating system for IoT security, says Johannes Gasde, corporate product manager Embedded & Wireless at Rutronik; and Jennifer Lachky- Busch and Marc Roeder, both Kontron AIS GmbH


T


he breakthrough and increasing prevalence of the Internet of Things (IoT) mean that IoT applications are managing more and more highly sensitive data and processes, prompting a stricter legal framework.


The changed requirements will be taken into account in Europe in 2024 by adapting the Radio Equipment Directive and the Network and Information Security Act (NIS2). The EU RCE directive focuses on the resilience and physical security of critical infrastructures, and member states are required to implement appropriate measures by October 2024 at the latest. Suppliers, integrators, and operators of IoT products in the critical infrastructure environment must meet comprehensive requirements in the IT security sector. This issue particularly affects suppliers and customers in the Rutronik Embedded sector. To satisfy these demands, Kontron has developed a secure, hardened Linux-based operating system. By integrating KontronOS, the edge devices AL i.MX8M Mini Box PC, KBox-A-151 with 3.5” SBC-EKL and 3.5” SBC- AML/ADN, or the SMARC-sXEL E2 module (Fig. 1), for example, become a secure platform against cyberthreats.


The boxes offer high processing power and reliability for demanding applications in areas like industrial automation, transportation, and medical technology. The core element is the same for all customers. However, the software has been customised to offer customers a wide range of configuration options to meet individual needs. The Yocto build environment enables you to include only the components you really need in the system while excluding all the unnecessary ones.


This significantly reduces the number of software components that could potentially contain errors. For instance, the kernel is configured to include only the minimum necessary components. This approach allows you to focus on the application or


22 MAY 2025 | ELECTRONICS FOR ENGINEERS


your existing Docker container.


Docker container and secure boot for greater security


An application example: a supplier of sawing machines monitors the status of their production using a self-developed algorithm that is encapsulated in a separate Docker container. This tracking enables the company to increase the production capacity of its saws and improve service for its customers.


The use of KontronOS permanently ensures that the IoT-enabled device on which the algorithm is located can be operated securely. The specific configuration of the operating system is adapted entirely to the existing preconditions (e.g. modified interfaces (IO), modified package, BIOS modifications, or secure boot). Various integration levels and the containerisation of the software ensure that the interaction between the operating system and the customer application functions smoothly in every possible setting. Thanks to this customisation, the supplier’s other applications can also be executed on the basis of KontronOS from this point onward – and benefit from its security and the advantage that the application level


and the operating system level operate separately from each other.


If, for example, a new operating system update is installed, the switch is simply flipped to another partition. Docker, with its containerised approach, enables smooth transitions and ensures that the applications remain intact and operational. The key to this is that Docker keeps the applications in a separate environment. There is, therefore, no need to regularly change system settings or run the risk of losing files during updates. In addition, Docker containers offer an alternative to traditional application installation. They can be easily moved from one device to another, simplifying the deployment process.


Secure boot (or HAB) can be used to ensure that only approved software is loaded. The root file system (RootFS) is write-protected and, as a result, cannot be altered. The delivery status can be restored at any time.


Customer applications can also only be loaded onto the system once they have been verified. This ensures that only the approved software operates on the device. All the system components can be updated: bootloader, operating system, or customer application, including Docker container.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42