KontronOS Linux® OS for Edge Devices

A security concept was developed for KontronOS before the start of development in order to make the system as secure as possible. The Yocto build environment makes it possible to add only the really necessary parts to the system and exclude all others. As a result, there are signifi cantly fewer software parts that could have potential errors. For example, the kernel is confi gured in such a way that as few parts as possible are added.

 

Our goal was to make the core the same for all customers and to customize the software so that the customer still has many confi guration options to meet their needs. This approach allows us to focus on a base while the customer can focus on their application or Docker container. We take care of the cyber security of the base system while the customer takes care of their business case. The customer therefore has time to generate digital added value with their products. Secure Boot or HAB makes it possible to ensure that only approved software is loaded. The rootfs is read-only and therefore cannot be changed.

 

It is possible to restore the delivery status at any time. Customer applications can also only be loaded onto the system after verifi cation. This ensures that only the desired software runs on the device. All system components can be updated: Bootloader, operating system or customer application including Docker container.

 

This can be done online or online – for example via a storage medium such as a USB stick or an internal update server.