IGLOS – Industrial Grade Linux Operating System: A focus on virtual control systems and cyber security

With the (Debian-based) Linux distribution IGLOS?, Linutronix offers an enterprise solution for the industrial, embedded sector. The focus here is on security, longevity and scalability.

By using Linux, the hardware can be abstracted and the control system can be virtualized at the same time. This means that the existing infrastructure can continue to be used and the controller can be scaled in parallel. Depending on the approach chosen, scaling can be done in the single controller, with multi-core CPUs, or with multiple single controllers.

Security remains a key issue. Linutronix has long invested in the development of cybersecurity features. This includes a security system such as apparmor, an audit system that also meets the requirements of IEC 62443-4-2, a firewall, secure boot and other features such as a secure over-the-air (OTA) update system. The provision of updates with security patches and bug fixes over the lifetime of the product is also part of the service offering. Customers also receive a Software Bill of Materials (SBOM), a detailed list of all software components used, which is very helpful in the event of potential vulnerabilities as it enables a quick and accurate response.

This is especially important in view of the European Cyber Resilience Act (CRA). Linutronix product development has long been certified according to IEC 62443-4-1.

IGLOS?-based devices can be equipped with Zero Touch Onboarding (ZTO). This allows for easy commissioning and initial configuration in the field. Security patches and continuous updates can be easily rolled out via a device management tool. IGLOS ? devices have a local atomic update system with integrated roll-back mechanism to ensure continuous availability.

As a real-time operating system, IGLOS? integrates all the elements needed to develop modern control systems. This includes the integration of protocols such as OPC UA or MQTT, which can be used to aggregate and route machine and application data in real time. OPC UA supports the OPC UA Pub Sub publish-subscribe standard. In the context of TSN, this results in a vendor-independent solution for connecting the IT and OT worlds.

Outlook: Where is the journey taking us?

?The next steps for IGLOS are already clearly defined. Dr. Wessner, Head of Development at Linutronix, says: "In the future we will present our IGLOS? distribution with TSN mechanisms". This new architecture, based on new Ethernet hardware, enables unprecedented synchronization of axes and processes and opens up new possibilities in the convergence of OT and IT networks. At the same time, we are working to integrate DetNet into the Linux kernel.

Why Debian for embedded?

?Debian is a non-commercial enterprise-class Linux operating system that has been around since the early days of Linux operating systems. It is very mature and is increasingly used in embedded devices today. Debian is very stable, with new core releases occurring approximately every two years. With over 60,000 pre-built packages that work well together, Debian offers developers the ability to extend the operating system using package feeds.

Debian has a well-documented development policy, provides high quality documentation, and a security and patch management system. Unlike the Yocto project, each package contains the kernel, OpenSSL, including Qt for creating graphical user interfaces, and other cross-platform applications. Features can be added via patches or separate packages.

Enterprise-class distributions for mission-critical processes and embedded hardware have not been a natural fit. To make such distributions usable on resource-constrained hardware, such as embedded systems, they have been stripped down to the bare essentials. While this may seem like a simple solution, the devil is in the details. Dependencies could be lost, consistency with the original distribution could be lost, and reproducibility was not always guaranteed. Issues such as variant or version management could not be addressed with this approach.

To get around these limitations, Linutronix has developed E.L.B.E., a build system that allows you to create your own Debian-based distribution, tailored to your specific needs.

The result: IGLOS? - a distribution with the key benefits of an enterprise-class operating system, but with the size, configurability and performance of an embedded OS. It also offers native support for cloud connectivity and capabilities for IoT solutions.