LTS Kernel is a barrier to building sustainable secure IoT and edge devices

IoT has experienced large levels of hype over recent years but is now turning into a reality with over 30 billion* IoT devices expected to be connected by 2020. This has moved IoT from early installs to full production and ongoing maintenance.

Manufacturers face challenges maintaining and updating software to cope with the demands of a connected world exposed to greater risks from security intrusions and evolving standards. This is driving the need for Over-The-Air (OTA) update capabilities and the ability to continuously evolve product software to ensure maximum security, working on the principle that the best, most tested, most stable release is the latest release.

One of the key blocks to enabling this is the embedded industry current approach to LTS Kernel support. Approximately once a year the Linux Kernel community designates a particular kernel release as a long term support (LTS) - these kernels are supported with bug fixes and security patches for 2-4 years after release. The challenge is that there is a long supply chain between the Linux developers and the final product build. Developers can be starting with kernels that are already 1-2 years old. By the time the kernel has reached the final product there have been numerous changes made by multiple parties, with the development process itself taking a further year or more. This delays time to market and results in different kernels for every embedded product. Scale this to hundreds of thousands of products and billions of devices and interoperability and security issues become severe.

As an industry we have created a fragmented software ecosystem that delays time to market, reduces interoperability, increases the cost of lifetime maintenance, and makes end products more expensive and less secure. Connected devices should be as easy to update as an iPhone.

So how can it be done differently? We need to be able to immediately update end products, at scale, to fix security flaws and bugs after they have been installed. This needs to be done OTA since the number of endpoints means manual updating is not feasible.

Firstly we need to be able to separate the application code from the core platform - currently for many embedded products the two are closely coupled. In the embedded world separation can affect the software footprint. However, for Linux based products, using containers can simplify the provisioning and orchestration of devices, updates and new features, and can separate the core OS platform from the use case applications and services.

Next we need to build in security and a secure update capability into the core platform. Finally we need a common platform, using the latest software, supported by a range of component vendors. These economies of scale improve the time to quality, stability, performance and range of features available. Many of today’s Linux distributions were not designed for embedded devices, which have key needs including:

  • Minimal size and complexity
  • Securable
  • OTA updatable
  • Support for multiple architectures and devices enabling flexibility and scalability across product ranges resulting from increased vendor choice
  • Stable long term APIs to build services and applications microPlatforms are designed to support the specific needs of connected devices. The Zephyr and Linux microPlatforms offer minimal firmware and OS, designed to meet the needs of a wide range of embedded devices from smart sensors to autonomous vehicles. Developers can easily configure the microPlatforms to match their hardware, security requirements and updating approach. For devices such as smart sensors, tags and lights the Zephyr RTOS is suited for communications and control. For more complex devices a Linux Kernel is offered with minimal supporting software to enable customer applications and services to be delivered using Docker or other container technologies. A single open source code base reduces software fragmentation and enables scaling to address the dynamics and scale of the IoT industry.

* IoT connected devices installed base worldwide from 2015 - 2025 (billions) — Statista 2019