What should a developer look for in a Linux distribution that makes it suitable for deployment in an IoT world? First, check the builder is a participant in the Yocto Project, writes Davide Ricci, Director of Open Source Platforms at Wind River.

The disruptive force of the Internet of Things (IoT) is making itself visible in almost every market sector. Promising to deliver the myriad of data on which organisations will structure transformative business models, IoT and its associated hardware and software elements will become truly “mission-critical.” Such critical business functions and systems are the norms for providers of enterprise IT systems. However, the reach of IoT extends well outside the physically secure, environmentally controlled and managed world of the data centre.

Before data gets to the world of the cloud, it has to go through a variety of real-time systems, gateways and network devices, not forgetting the edge node that created the data. Many or all of these parts of the IoT architecture will be embedded systems where today’s development pressures are on providing flexibility and scalability. Additionally, the variety as to how each IoT application or architecture is designed means that no one vendor is likely to build the complete solution. Single-vendor, closed systems have no place in the IoT; open source has become a sought-after. This is partly because of the need to support many open standards and network protocols and partly because many suppliers are no longer developing all the hardware components themselves.

Linux has become the de facto operating system for a growing number of hardware platforms

The rise in popularity of compact, small form factor, single-board computers, many with pre-certified wireless communications, has drastically cut the development budget and timescales. Such boards are readily available and allow developers to concentrate on integrating the necessary sensors and peripherals or whatever other features the design requires. This approach will enable developers to consider running their application on a commercially available hardware platform that meets the specific design’s compute, connectivity, and size criteria. It is of little surprise that open-source Linux has become the de facto operating system for a growing number of hardware platforms. The open-source route gives developers of IoT applications far more flexibility and interoperability from edge devices all the way through to the cloud. Especially for the IoT, Linux is very scalable and, thus, perfectly designed for IoT needs. The cloud computing servers typically running IoT analytics and business operational systems increasingly use an open-source Linux-based operating system.

Linux clearly has many benefits serving the IoT. However, with many different Linux distributions available in the market, developers and system architects are faced with the support challenges and potential for incompatibility issues that come with having multiple distributions to manage. The ability to use the same distribution builder for an edge device on one type of processor architecture with a multi-core server on a different architecture is an attractive, common-sense offering.

So, what should a developer look for in a Linux distribution that makes it suitable for deployment in an IoT world? When it comes to promoting open standards, the Yocto Project provides an open-source collaboration to create Linux-based systems regardless of the hardware architecture. The Yocto Project is recognised as the most powerful and flexible build system framework today and fully supports the need to scale one common runtime across any architecture and footprint. It is highly recommended that developers check that a selected Linux builder is a participant in the Yocto Project since it is not only an excellent technical choice but also drives development and ongoing support efficiencies. By working with a great network of partners, the Yocto Project provides well-maintained and up-to-date layers supporting all major architectures. Using a compatible base allows IoT devices with very different hardware requirements to leverage the same software upon a common platform. Yocto is supported and nurtured by the major players in the industry, allowing for an open-platform, open-project supported ecosystem that makes it a great way to go with Linux in the IoT space.

Security in the always-connected world of IoT

The next key criterion a developer in IoT needs to assess is security, particularly for the always-connected world of IoT. The developer needs to have faith and confidence that the distribution builder is taking a proactive, 24/7 approach to security checking, updates, regression testing and responding to potential security vulnerabilities and security threats. For example, Wind River security teams responded in under 24 hours with hot patches to Wind River Linux, a Yocto Project-compliant Linux. This was in response to recent threats such as HeartBleed and ShellShock, but the security monitoring and remediation practices never stop. Every year thousands of vulnerabilities are analysed by the security team. Typically, 10% of these vulnerabilities must be fixed. Some require the expertise of a highly experienced, reliable and responsive team to ensure risk reduction for businesses as they adopt an IoT infrastructure.

Another security feature that should be present in your selected Linux should include a secure boot. Secure boot establishes a “root of trust” when a system is initially booted through a sequence of steps to validate the integ¬rity of a downloaded Linux kernel by verifying its cryptographic signature. Also present should be features that (a) implement an integ¬rity measurement architecture that provides a tamper-proof file system that allows only authorised applications to run on the device and (b) a secure package management approach that ensures software updates issued in the form of secure packages do not expose the system to external threats. The GRsecurity set of Linux kernel patches is key, as it enhances system security by adding role-based access control policies and system resource management capabilities. Encrypted storage, an intelligent firewall and various methods of encrypting data being transported over the IP stream are also crucial components of a Linux distribution. Many of these security features are covered by the Common Criteria for Protection Profiles as covered by the internationally recognised ISO/IEC 15408 standard, a Wind River Linux security offering.

In order to further accelerate a Linux-based IoT deployment, developers might also investigate any additional applications or frameworks the distribution builder might have tightly integrated with their Linux. An example of this is Wind River Edge Management System. Edge Management System is a cloud-based platform that helps sensors, devices, and machines connect securely to the network or cloud, enabling connectivity to facilitate capabilities such as data capture, rules-based data analysis and response, configuration, file transfer and other features. Using the industry-standard RESTful protocol, Edge Management System is seamlessly integrated into Wind River Linux and uses the industry-standard RESTful connectivity protocol.