Rust CDK
- Fully integrated in the ELinOS installation
- Application development on host machine and cross compilation for the target
- No additional software packages on the host machine required
- Includes Rust compiler (rustc) and Cargo as build system and package manager
- Tools are available for Linux hosts
- Supported targets: ARM, x86, RISC-V and PowerPC e500mc
TPMv2
- TPMv2 tools and libraries
- Auto encryption of hard disk support via systemd
- Read/write values in the non-volatile RAM, protected by e.g. secure-boot state or password(s)
- Encrypt/Decrypt data using built-in TPM algorithms
- Hardware RNG functionality
- Lock-out in case of suspicious behavior
ANSSI v2.0
- French National Cybersecurity Agency
- Guideline for “Configuration recommendations of a GNU/linux system”
- Multiple hardening levels: Minimal, Intermediary (40 rules), Enhanced (58 rules) and High (80 rules)
- Provides a feature to reach a specific security level
- Testsuite for checking conformance to ANSSI rules and security level
- Generates a summary for the user
- Tool can be adapted to other local security guidelines, e.g. BSI – IT Grundschutz
- Update feature and testsuite to v2.0
Harden Linux Kernel and User Space
- New features to setup sudo and disable root login
- New feature to include common Mozilla CA certificates
Security
- Linux kernel security update to v6.1.114 fixing more than 600 CVEs
- 45 packages have been updated to fix more than 180 security related CVEs
RISC-V Architecture Support
- Support for RISC-V rv64 architecture
- Includes CDK and debugging tools
- QEMU emulator and BSP
- Microchip PolarFire SoC Icicle BSP
Year 2038 Timer Overflow Error
- Affects x86_i686, arm_v7hf and ppc_e500mc
- ELinOS glibc switched to 64-bit time
- All ELinOS packages updated to use 64-bit time
- User source code needs to be recompiled with the ELinOS toolchain
ELinOS SPDX License Manifest
- Tool generates a summary of involved licenses
- Analyzes the current ELinOS project including packages and libraries
- SPDX v2.3 compliant licenses
License Scanning Tool
- Host tool to support customer to analyze source code and detect the licenses and copyrights
- Usable on any package including license information like OSS archives or single source files
- Generates SPDX reports
- Based on ScanCode toolkit
Additional User Space Hardening Options
- Affects all packages provided by ELinOS and user space source code
- Compiler automatically enables additional hardening options
- Stack Smash Protector (SSP) support
- Intel's Control-flow Enforcement Technology (CET) support
- Read-only relocation support
Miscellaneous
- Simplify using the PikeOS console with ELinOS
Toolchain Updates
- GCC v12.2, binutils v2.40
Target Package Updates
- Linux v6.1 LTS
- glibc v2.36
- Python 3.11 with pip support
BSP Updates
- New Microchip PolarFire SoC Icicle BSP
PikeOS Compatibility
- PikeOS 5.1 and 5.0
Immutable OS
- Immutable base system with container support
- User applications and services are separated in containers
- Updates of the base system and containers can be applied independently
- Increases security due to separation
- Easy to setup via a template in the new project wizard
wolfSSL
- Focus on creating high quality, portable and embedded security software
- SSL/TLS library
- Alternative to OpenSSL: smaller in size, professional support and licensing
- Switch between wolfSSL and OpenSSL
- PikeOS customer can start with an easy-to-use Linux personality looking into the feature set of wolfSSL and later switch to a native PikeOS
License Scanning Tool
- Host tool to support customer to analyze source code and detect the licenses and copyrights
- Usable on any package including license information like OSS archives or single source files
- Generates SPDX reports
- Based on ScanCode Toolkit
Security
- Linux kernel security update to v5.10.196
- 13 packages have been updated to fix the latest security issues
- More than 100 security related CVEs fixed
Disk Encryption
- Single partition or full disk encryption support
- Filesystem independent
- Automatically unlock and mount encrypted volumes
- Based on Linux Unified Key Setup (LUKS) to encrypt a block device
Secure Boot on x86 and uefi64 boot strategy
- Support for creating UEFI BIOS compatible boot images with digital signature
- Provide UEFI secure boot signing host tool
- Separate boot loader like grub not required
New Feature for kdump and kexec
- Integrates kexec to allow booting a new Linux kernel from the running one
- Bootloader is not involved
- Useful for system updates when a separate kernel and root file system shall be used
- Add kdump feature to easily debug a crashed Linux kernel
BSP Updates
- 64bit support for the Freescale T1040RDB board
- VirtIO input device support for QEMU x86 BSP
- WAN support in NXP QorIQ T1040 and LS1043ardb boards
Minor Features
- New feature for systemd nameserver resolver
- Simplify import/export of ELinOS projects
- Add systemd emergency shell feature
- Add support for Debian/Ubuntu x86_64 binaries
- New feature to configure the initramfs disk size
- QML support for Qt Linguist host tool on Linux
Bug and Security Fixes
- Linux kernel security update to 5.10.165
- 48 packages have been updated to fix the latest security issues
- More than 350 security related CVEs fixed
- Kernel memory protection on P4Linux ARM SMP
Boot Optimization (systemd)
- Integrates systemd as system and service manager
- Tailored and optimized configuration of the systemd unit and service files
- Faster boot up times in complex setups
- Better handling of dependencies between services
- Simplifies configuration and maintenance
- Easy integration of user provided start scripts
- Fully integrated into the ELinOS feature database
- Replaces SysV Init
Product Upgrade Tool
- GUI tool to show available security and package updates
- Synchronizes with the SYSGO download server on startup
- One-click solution to update the product installation
- Package dependencies automatically handled
- Packages are digital signed and verified before installing
- Support to add additional features and add-on packages
- Support for command line interface
Reproducible Builds for precompiled Packages
- Precompiled packages provided by ELinOS are binary reproducible
- Deterministic compilation removes dependencies to the build time and environment
- ELinOS toolchain provides options to make user code reproducible
Miscellaneous
- New feature for IPv6 support
- Support for various Linux kernel image compression algorithms
Toolchain Updates
- GCC v10.2, binutils v2.35
Target Package Updates
- Linux v5.10 LTS
- glibc v2.31
- 180 package updates
- 60 new packages
BSP Updates
- New Raspberry Pi 4 BSP
- New TQ-Systems i.MX8QXP TQMa8XQP on MBa8Xx BSP
PikeOS Compatibility
- PikeOS 5.1 and 5.0