As Cybersecurity concerns intensify globally, industries seek robust and secure solutions for their embedded systems. ELinOS, SYSGO's industrial-grade embedded Linux, emerges as a critical player in this landscape. Here we explore ELinOS, its advanced security features, and its alignment with upcoming regulatory requirements like the Cyber Resilience Act (CRA) and the NIS2 directive.
What is ELinOS?
ELinOS is SYSGO's own embedded Linux solution, providing a sophisticated toolbox tailored for developing secure embedded Linux systems. It is designed with Security-by-Design in mind, offering users the flexibility to modify and compile the Linux kernel to generate a final image tailored to specific hardware requirements. Unlike traditional Linux distributions, users cannot deploy ELinOS directly on a board; instead, a project is required to setup the features and components. The final image is generated by compiling the BSP specific Linux kernel and combine with the user space target binaries.
Current Security Features in ELinOS
For state-of-the-art embedded systems, ELinOS is strengthened with a wide range of security features. These include:
- Supply Chain Security: Through the ELinOS file system license manifest and forthcoming SBOM (Software Bill of Materials), users can trace and verify the software components' origins and licenses.
- Vulnerability Management: ELinOS Security services provide detailed vulnerability reports, ensuring users are informed of potential risks.
- Vulnerability Disclosure Program (VDP): https://www.sysgo.com/vulnerability-report
- Fixes and Patch Management: SYSGO provides fixes and security patches for the whole lifetime of the product, including detailed release notes.
- System Updates: OTA (Over-The-Air) tools, facilitate seamless updates, ensuring vulnerabilities are promptly addressed.
- Risk Assessment: ELinOS aligns its risk assessments with Debian and other Linux distributions, ensuring robust vulnerability management.
- Cryptography: The inclusion of cryptographic libraries such as the Linux kernel Crypto API, GnuTLS, libgcrypt or OpenSSL, along with options for hard disk encryption, ensures data security.
- Container Solutions: These provide secure separation of applications, enhancing overall system security.
- Secure Network Protocols: ELinOS supports essential security protocols like HTTPS, SSH or SCP.
- Customer Support with responses within two business days.
ELinOS also integrates numerous mechanisms to harden embedded systems:
- SELinux: Implements Mandatory Access Control (MAC) for enhanced security.
- Auditing: Supports CAPP-compliant auditing for comprehensive security tracking.
- Address Space Layout Randomization (ASLR): Enhances security by randomizing memory addresses used by system and application processes.
- ANSSI Conformance: Meets stringent French cybersecurity agency standards with an embedded test suite for ANSSI rule compliance.
- Minimizing Attack Surface: By default, ELinOS has no open network ports, unused libraries, or kernel drivers, minimizing vulnerabilities.
- Kernel Security: Features such as UEFI Secure Boot, restricted kernel module loading, and in-kernel memory protection provide robust system integrity.
- User Management: Implements strict user account controls, restricts root access, and enforces running services under distinct user accounts.
- Disk Security: Supports both full disk and single partition encryption, alongside read-only file systems.
- System Resilience: Includes options for factory resets, ensuring systems can be quickly restored to a secure state if compromised.
Accessing ELinOS Security Information
For detailed Security guidance and updates, customers can refer to the ELinOS User Manual, ELinOS Security Services, the SYSGO website, and wide range of detailed application notes. These resources provide comprehensive support for maintaining and enhancing system security.
SYSGO's Company-Level Security Activities
SYSGO demonstrates its commitment to security through several initiatives:
- ISO 27001 Certification: This international standard for information security management underscores SYSGO's dedication to protecting customer data.
- Risk Assessment: Continuous risk assessments ensure proactive identification and mitigation of potential threats.
- Customer Information: Security bulletins and ELinOS Security reports are available to customers.
- Public Information: Via the SYSGO website we give out updates on product and security information with press releases or blog articles, including vulnerability reports and acknowledgements from industry leaders like Intel for identifying critical vulnerabilities such as Spectre.
NIS2 and CRA: Regulatory Landscape
The Network and Information Systems Directive (NIS2) and the Cyber Resilience Act (CRA) represent significant regulatory efforts to enhance cybersecurity across Europe.
- NIS2: A directive aimed at operators of critical infrastructure, affecting medium and large companies. Member states must convert NIS2 into national law.
- CRA: This upcoming regulation aims to bridge security gaps for all companies, including small enterprises, by setting stringent requirements for products with digital elements. Scheduled for implementation in the second half of 2024, the CRA will standardize cybersecurity practices across the European Union.
Conclusion
As the Cybersecurity landscape evolves, SYSGO and ELinOS are well-positioned to meet the stringent requirements of NIS2 and the CRA, ensuring secure embedded systems for industrial applications. SYSGO adhers to ISO 27001 and is conducting continuous risk assessments.
The CRA's implementation will further necessitate standardized Cybersecurity practices in the European Union, highlighting SYSGO's critical role. With our resources and services, SYSGO equips customers to maintain and enhance system Security effectively. Our commitment to Security at both the product and company levels positions SYSGO as a reliable partner in the digital age, ensuring secure, compliant embedded systems solutions.
More information at www.sysgo.com/elinos
Free Test Version Download at www.sysgo.com/get-elinos