Embedded Linux: Features outweigh footprint

August 2, 2017 Brandon Lewis, Technology Editor

       

For original equipment manufacturers (OEMs) and their customers, the features and flexibility of Linux distributions like Yocto, Android, and Ubuntu Core outweigh the limitations of their footprint in embedded and Internet of Things (IoT) system designs.

The “free” one. For development projects, this has always been a big advantage of using a Linux operating system (OS). It’s also open source, stable, and a bunch of other things you already know.

What you also probably know is that Linux was not originally intended for use in embedded systems.  In most scenarios the determinism of Linux can be described as “soft real time” at best. Tuning the Linux kernel to a specific processor or application has also traditionally required a fair amount of in-house development expertise, as building and cross compiling a system is no trivial task. Importantly, even the most conservative Linux implementations typically require at least several megabytes of RAM.

In parallel, though, embedded systems have changed. Many embedded systems today include graphical user interfaces (GUIs) and incorporate embedded web servers – features that in the past may have disqualified them as embedded systems altogether. To support these functions, and with a little help from Moore’s Law, it’s not uncommon today to find embedded systems based on multicore system on chips (SoCs) that integrate graphics processing units (GPUs), more RAM, and memory management units (MMUs). These phenomena gave embedded Linux an inch in applications like medical, transportation, robotics, digital signage, and communications, and it has taken a mile (and counting).

But now that Linux has arrived in embedded, the emphasis is on ease and efficiency so that engineers spend more time developing applications, less time tinkering with the underlying OS, and still retain the flexibility of open source. The Linux community and hardware vendors continue to push for this equilibrium with roll your own Linux distribution development environments like the Yocto Project.

“The concept of a distribution is a kind of pre-selection of packages; a pre-selection of policies, applications, and ways of working. All of those things are actually fixed by your distribution,” says Alex Gonzalez, Supervisor of Software Engineering at Digi International. “With something like Debian Linux you get a distribution that generates a binary package, and all you get as a user is a set of binary that you install with a package management tool.

“With Yocto, you are actually building all those packages,” he continues. “What that means is that you have complete control over the source.”

RYO embedded Linux distro

Although distributions like Debian, Red Hat, and Yocto are all based off similar open source components, Yocto allows software engineers to select all of the configuration options in a given build. Direct control over the source code of a Yocto distribution also means that developers don’t have to go through the intensive process of generating new binaries, attaining the source code, then modifying, repackaging, integrating, and maintaining their own version of the binary distribution. They also don’t have to rely on the greater Linux community to implement fixes tailored to embedded systems that may not be viewed as a priority.

The possibility of custom distributions in Yocto is largely thanks to semiconductor manufacturers’ intimate involvement in the project, including Intel, NXP, Texas Instruments, Renesas, Xilinx, AMD, and others. This has resulted in provisions for a lot of embedded processor functionality being integrated into the Yocto software ecosystem, which increases portability and makes for a smoother out of the box experience.

Digi International, for example, leverages a Yocto layer to enable the secure boot features of the NXP i.MX6 processor on its ConnectCore 6 module (Figure 1). As a result, a complete security framework – from bootup to secure JTAG – is available as a Yocto filesystem that is very easy to implement.


Figure 1. Silicon vendors have added support for embedded processor features to the Yocto Project. This allows users to take advantage of functionality such as secure boot on the NXP i.MX6-based ConnectCore 6 module from Digi International.

Secure updates with Ubuntu

Also along the lines of security, remote updates have become a major selling point for Internet of Things (IoT) devices. Remote firmware update capability allows device manufacturers to add features and patch vulnerabilities after devices have been deployed in the field, but the very process itself consists of its own security challenges. For instance, if an update is interrupted, firmware files could be corrupted and the OS may not boot again. On the other hand, a new firmware version or application could also introduce security loopholes.

While certain companies offer remote update solutions and others choose to develop their own, the open source Ubuntu Core OS allows them to be performed automatically. Ubuntu Core is based on a unique architecture that divides the OS kernel, the core Ubuntu OS, and applications into isolated packages called “snaps.” In connected systems, these snaps can regularly check for updates and download them individually, which helps ensure that all system components are up to date and include the latest patches.

Though automatic remote updates may be disconcerting for some, Ubuntu Core provides a two-fold advantage in terms of security. First, during the OS update process, Ubuntu Core actually downloads full copies of the new kernel and core OS snap versions, which are verified before the existing OS is replaced. This helps ensure that even if connection is lost or the download is interrupted, the system can fall back to the OS that’s running without corrupting the system.

The second advantage is that the isolation of components helps maintain the integrity of the overall system should an application be compromised.

“Ubuntu Core pioneered AppArmor, and that allows for a lot of application confinement,” says Mark Featherston, Embedded Engineer at Technologic Systems. “If an app does happen to get broken into, it’s going to be very hard to do a whole lot with the system running as just a single application. It limits the effectiveness of an attack on the system.”

For its part, Technologic Systems’ TS-7970 single-board computer (SBC) runs Ubuntu Core, which provides rich networking support and secure upgrade capability for platforms such as Industrial Internet of Things (IIoT) gateways (Figure 2).


Figure 2. The TS-7970 is an NXP i.MX6-based SBC that runs the Ubuntu Core OS to provide rich networking support and secure remote updates for connected embedded systems in the industrial sector.]

Training and tools get Linux off the ground

Understanding and appropriately configuring development tools for a Linux-based system design can be as challenging as selecting the distribution itself. Open source development tools come with the same challenges as open source OS distributions in terms of documentation and reliance on the community for fixes, which can be a significant hurdle when facing the time to market pressures of a commercial product release.

The Android ecosystem in particular is one area where embedded developers can encounter problems with development tools, as most of the available tools and documentation focus on creating applications rather than working with the underlying OS itself. As Andrew Girson, Co-Founder and CEO of embedded training firm Barr Group explains, “One of the big challenges of Android is just, ‘How do I set up the computer to do this?’”

“When it comes to open source projects you’re often dealing with open source tools,” Girson says. “So it’s not just Linux or Android. It’s the compiler, it’s the linker, it’s the builder, it’s these other utilities, and some of it is very command-line oriented and not very user friendly. Depending on what’s being used, some of this is not very well documented.”

Barr Group provides technical training courses for prospective Android developers through its “Embedded Android Bootcamp,” a four-day immersion course on the ins and outs of Android bringup on embedded hardware. Scheduled trainings are taking place August 21-24 and November 6-9 in Germantown, MD and Detroit, MI, respectively.

“The course is for people who want to get Android up and running on their device, which means setting up a build environment for the Android OS,” Girson says. “Running the tools, working with the bootloader, working with the device drivers, loading the OS, and creating an environment so that your embedded device can run Android.

“Configuring all of those tools and setting all of that up is a challenge,” Girson explains. “The more you understand about these things ahead of time, the less likely you are to end up in a bad place later.”

Certain embedded hardware vendors also offer development tools that help software engineers more easily interface OS distributions with their products. For example, the Digi ConnectCore Smart IOmux is a graphical, distribution-agnostic development application that simplifies pin muxing on modules like the ConnectCore 6UL (Figures 3A and 3B).


Figures 3A and 3B. The Digi ConnectCore Smart IOmux is a distribution agnostic Eclipse-based pin mux configuration tool for ConnectCore 6UL modules and other embedded hardware from Digi International.

Embedded Linux: Features over footprint

As processing capabilities, connectivity, and user expectations advance, the features of Linux will begin to outweigh its footprint in the decision-making process for many embedded system. In some cases, Linux variants can even be viewed as a reliable option for embedded systems.

“It does add a larger footprint, but it grants you reliability though,” says Featherston. “That seems to be far more important than a smaller footprint to many people.”

10 years ago embedded Linux was in the proverbial playground. It has officially reached production.

Previous Article
Deception networks: Reducing alert fatigue and increasing security through an alternate reality
Deception networks: Reducing alert fatigue and increasing security through an alternate reality

Deception networks provide an upgrade over honeypot technology to reduce alert fatigue and increase cyber s...

Next Article
E-Sim cards are coming, whether the operators want them or not
E-Sim cards are coming, whether the operators want them or not

Embedded SIM cards hold lots of potential. The operators may not favor them, but they may not have a choice.

×

Stay updated on security-related design topics with the security edition of our Embedded Daily newsletter.

Subscribed! Look for 1st copy soon.
Error - something went wrong!