Enhanced Security – SELinux

• Extends ELinOS Security concept by using in-kernel security modules
• Enforces Mandatory Access Control (MAC) with security policies
• Limit privileges of user programs, system services, file access and network resources
• Root user limited as well
• Set of kernel modifications and user space tools
• ELinOS provides the SELinux reference implementation by providing a ready-to-use feature

Read the blog post about SELinux

Enhanced Security – ANSSI Conformance

• French National Cybersecurity Agency
• Guideline for “Configuration recommendations of a GNU/Linux system”
• Multiple hardening levels: Minimal, Intermediary (49 rules), Enhanced (69 rules) and High (81 rules)
• Provides a feature to reach a specific security level
• Testsuite for checking conformance to ANSSI rules and security level
• Generates a summary for the user
• Tool can be adapted to other local security guidelines, e.g. BSI – IT Grundschutz

Enhanced Security – Audit

• Linux Auditing System collects certain types of system activities
• CAPP-compliant (Controlled Access Protection Profiles) auditing system
• Monitors password changes or system call activities
• Provides daemon to monitor and log events (auditd)

Enhanced Security – Address Space Layout Randomization (ASLR)

• Security measure against the abuse of buffer overflows in processes
• Uses random locations for ELF sections
• Compiler generates Position Independent Code (PIC/PIE)
• Enabled by all shipped ELinOS binaries
• Automatically enabled in Cross Toolchain for self compiled source code
• Enables ASLR in kernel (KASLR) on supported platforms

Learn more about ASLR

Over-the-Air (OTA) Update / System Upgrade

• Tool to create and install system update images based on SWUpdate
• Supports customized update strategies
• Update of single user application only
• Full partition update with A/B or Rescue partitions
• Highly configurable by supporting version check and pre-/post installation scripts
• Update image can be prepared on the development machine
• Single image delivery
• Supports image validation and authentication
• Integrated Web-Server to upload the image and execute update
• API to integrate into user provided application

Learn more about Over-the-Air Software Updates

Boot to Qt

• Feature to automatically boot a Qt application
• Documentation how to integrate ELinOS into Qt Creator

BSP Updates

• i.MX6 and i.MX8 updated to NXP 1.1.0 release
• VMWare BSP updated to support SATA and 64bit

Minor Features

• New Feature for early user space init
• New autostart feature
• P4Linux optimization for reading the TSC clock in userspace on x86_64
• New Python v3 feature

Bugfixes

• CVE-2021-33909 aka Sequoia fixed
• Linux kernel update to v4.19.205
• more than 100 security related CVEs fixed
• Multiple improvements for the PikeOS Virtual Clock Manager driver
• ltrace on ARMv8 support
• P4Linux MSI-X interrupt detection fixed

Learn more at www.sysgo.com/elinos