D



IGL Software

The software stack of IGL combines a variety of proven open source components to offer you an optimal solution. With the open source build tool ELBE you can easily, efficiently and reproducibly make your own changes and adaptations and thus create your own distribution.

Linux Kernel LTS

We are using the latest longterm stable (LTS) kernel from mainline.org. Optionally supplemented with security features and, where necessary, with current software from the chip manufacturer.
With the build system ELBE you can adapt the kernel exactly to your requirements, rebuild it or create your own tree.

 

Debian

Our IGL root file system is built by using the Debian distribution. For you this means that you get a distribution that is available for the long term.

Customized changes to the user space are possible at any time or can be done with the help of the build tool ELBE on your own.

If you need a version without GPLv3 software, just ask us.

 

U-Boot

Our usual boot loader for non-x-86 architectures. Allows secure booting (secure / measured boot) and the creation of a root of trust (supported by HW). Because of its flexibility also suitable for fastboot.

If supported by the SoC, the bootloader can also be part of an OTA update.

 

ELBE

Build system to reproducibly build an optimal embedded distribution from Debian, LTS kernel, bootloader and other components. ELBE makes it possible to compile and debianize each component if required. So also 3rd party products and own applications can be used as Debian package. By means of the integrated OTA update capability the distribution always remains on the most current security and performance level.

Our optimized memory layout allows the separation of operating system, configuration, applications and persistent user settings. Bootloader, operating system and applications can therefore each be updated independently.

 

podman

Container runtime, compatible with Docker, but due to smaller code base and higher security level much better suited for the embedded area. Enables applications to be separated from the operating system quickly and easily by using containers and thus, for example, to build edge controllers. Optional profile of IGL, is therefore not always part of IGL.

 

OP-TEE

Open Portable Trusted Execution Environment is an open software for using a TEE available on ARM SoCs in the form of the Trusted Zone (TZ). OP-TEE supports numerous platforms from Raspi to the latest ARM architecture. Trusted Apps (TA) developed against the OP-TEE API are executable on all of these platforms.

The combination of TZ, OP-TEE, TA and special eMMC memories allows the realization of firmware TPMs (fTPM) according to the TPM2.0 standard. This makes it possible, for example, to create a root of trust, but also to ensure secure certificate handling. OP-TEE belongs to the optional profile Security and is therefore not always part of IGL.

 

WireGuard / openVPN

These two packages enable secure, encrypted communication via VPN tunnel. IGL includes full support for these two packages in the optional Security profile. The associated VPN server is not part of our IGL.

 

 

Cloud Connection

In addition to the standard communication protocols, we also support OPC UA (and PubSub) and MQTT in the cloud profile. Thus it is easy to establish connections to the majority of major cloud providers. This works particularly well together with our optional onboarding/provisioning services. We also offer preconfigured accesses on request.

 

 

Security

This optional profile hardens our IGL and can be specifically adapted to your requirements. Always included though are features like Secure or Measured Boot, fTPM or TPM support for root of trust and key/certificate handling. Linux Security Module (LSM) like apparmor, Capabilities and Linux Container support allow a fine granular definition of the behavior. Mandatory Access Control (MAC) allows whitelisting of applications. Monitoring of user applications is done by Linux modules like IMA/EVM. An update mechanism with at least signed modules allows continuous and secure maintenance of the system with fixes for security and bugs.

Your application can be linked to the hardware and stored in encrypted form so that it can run on this hardware exclusively. This prevents unauthorized duplication as well as the readout and analysis of your know-how.

 

 

License Compliance

Standard license metadata simplify the handling on license compliance. We use open source files for our IGL from the most widely used distribution in the world, and we list all licenses used for each component. This saves you a lot of work.