Open source software is now indispensable in modern embedded products – but this comes with technical, organisational and also legal obligations. emlix supports companies in deploying open source components securely, traceably and in a long-term maintainable way. With deep Linux know-how, IEC 62443-4-1-certified processes and active community practice, we create a stable, legally sound open source basis for your products that is economically efficient throughout the entire lifecycle.

Composing embedded Linux systems on a requirements basis

The selection of the components of an embedded Linux system and their configuration follow from software requirements. This is at odds with the Linux systems often provided by hardware manufacturers, whose intention is to support the functionality of the hardware as comprehensively as possible. The task is therefore to compose the embedded Linux system against the actual product requirements.

This is required by the Cyber Resilience Act as well as by the rules on open source compliance (e.g. ISO 5230). But it is also a worthwhile investment with a view to lifecycle costs.

Benefits at a glance

■  Use of embedded Linux systems in line with current standards (ISO/IEC 5230, IEC 62443, CRA, IEC 61508, IEC 62304)
■  Requirements-based composition and configuration of the system goes hand in hand with the regulatory-required hardening
■  Efficient, traceable processes enable better control over the embedded Linux system
■  The deliberate, minimal composition of the embedded Linux system ensures reduced lifecycle costs

Flexible entry points—tailored to your project

For development projects that are just starting, the following steps are advisable:

■  Support with systems engineering as well as with security or safety engineering at system level
■  Security-by-design and architecture concepts at the software level
■  Requirements management at the level of the embedded Linux system
■  Technology/component selection and qualification
■  Setting up reproducible build workflows
■  Taking over original sources and metadata
■  Analysing and resolving dependencies
■  Requirements-based testing at the level of the embedded Linux system
■  SPDX documentation and automated SBOM generation
■  on request, the complete lifecycle maintenance for your embedded Linux system

With legacy systems the aim is often to improve them against the requirements of, for example, the Cyber Resilience Act:

■  hardening the system against security requirements
■  creating or updating the SBOM
■  updating components
■  applying security patches
■  kernel/Yocto updates

Our team combines deep embedded Linux know-how with expertise in systems, security and safety engineering. As specialists in industrial software development and an IEC 62443-4-1-certified partner, we also accompany security- and safety-critical projects – from the first architecture decision through to certification.

 

Benefit from established processes  

Take advantage of the combined expertise of an experienced team of specialists with proven expertise in embedded Linux and security.

Feel free to contact us. During an initial consultation, we’ll determine exactly how we can provide you with tailored support.

Your contact

Our experts from the emlix Solutions team
Tel. +49 551 304460
solutions@~@emlix.com