emlix plans and realises embedded Linux systems and platforms that are designed from the outset for efficient, secure lifecycle management – which we are also happy to take on if desired. With a team of more than 40 Linux and kernel developers, supported by security and safety experts as well as systems engineers and software architects, we compose a hardened, maintainable system against your specific product requirements.
Embedded Linux lifecycle from a single source
If desired by our customer, we take on responsibility for the embedded Linux system as early as the concept phase. After implementation, we accompany you through to the discontinuation of the product. Our service portfolio includes:
■ Embedded Linux systems engineering: starting from the system concept, we derive the relevant requirements for the embedded Linux level with all its interfaces and track them throughout the entire development.
■ Embedded Linux security engineering: as with systems engineering, we provide support as early as the security-by-design phase (risk assessment) and track the identified security requirements through the development process.
■ Embedded Linux safety engineering: our safety experts work out a safety concept together with you, which can be based, for example, on a Supervised Linux approach or on redundant functions.
■ Board bring-up: we support you in bringing your hardware into operation under Linux through bootloader and kernel adaptations, the requirements-based composition of the user land, the commissioning of all relevant interfaces and the optimisation of, for example, boot time and performance.
■ Development of an embedded Linux system: here we take on all tasks from the qualification of the open source components for your product, through implementation, the realisation of security concepts, automated testing and also the – where applicable standards-compliant – documentation.
■ Implementation of the security concept: depending on the results of the risk assessment and the security-by-design concept, we implement the necessary mitigations, for example secure/trusted boot, secure update, logging, IP protection, permissions management, etc.
■ Lifecycle maintenance: we offer CVE security management including expert assessment, lifecycle monitoring (for example compliant with the medical device directive), secure update management and the further development of the system during the product lifecycle.
■ Embedded Linux platform strategies: where it makes sense for you, we support you in implementing a platform strategy across multiple product versions and variants.
Container segmentation for safety-critical applications
Modern industrial products today require flexible, isolatable and maintainable software architectures in order to integrate increasingly complex functions securely and efficiently in a single system. Based on runc, LXC and rkt, container-based architectures from emlix are used in a wide range of industries and application fields. Through the interplay of different containers within one product, we orchestrate, for example, a safety-critical application, a multimedia GUI application, a Java middleware, as well as web servers, cloud connectors and third-party software in separately maintainable containers on a single Linux platform.
Device-to-cloud solutions for industrial IoT applications
Integrating industrial products into cloud backends requires the seamless interplay of sensors and actuators via embedded devices through to cloud and backend applications. For this, emlix develops Linux-based edge-to-cloud platforms at device level that cover connectivity, data processing, device management, remote updates and cloud connections for public, private and hybrid clouds.
emlix device-to-cloud solutions frequently include the following properties and functions:
■ Analysis of device infrastructure requirements
■ Design and development of individual cloud connectors
■ Development of OPC UA, MQTT and REST-based systems
■ Integration of Azure, AWS and private cloud components
■ Security and maintenance of IoT device platforms
The result is hardened, documented and economically maintainable IoT platforms that are provided including AWS, Docker and update functionality, enabling development teams to concentrate on data processing, analysis and visualisation in the cloud backend.
Remote OTA updates for industrial products in the context of the CRA
The Cyber Resilience Act (CRA) and its implementing standards make differentiated OTA and remote update concepts necessary that are precisely tailored to the individual deployment context of a product, to the processes of manufacturer and operator, and to the respective business model. Updates frequently affect not only the application and operating system but also peripheral controllers, FPGA configurations and configuration data. The resulting complexity makes it particularly demanding to ensure the integrity of the overall system throughout.
emlix update concepts frequently include the following properties and functions:
■ Development of partitioning concepts
■ Functions to ensure authenticity, integrity and confidentiality
■ Concepts for securing configuration and user data
■ Implementation of power-failure safety mechanisms
■ Design and integration of a rescue system
■ Toolchains for generating update bundles
In addition to the technical requirements and the transmission channels, our services also include manufacturing planning (production concept, deployment) and the definition of processes for creating update bundles.
![[Translate to Englisch:] Software-Architektur mit Open Source-Komponenten für ein eichpflichtiges Messgerät](/fileadmin/_processed_/2/2/csm_20250407_Blockgrafik_Systems_Engineering_2f446a964f.png)