Traditionally, if there was an electronic sensor in your refrigerator, the manufacturer installed it and it was there for the life of the appliance, never updated even if security vulnerabilities cropped up 10 years later.
These days, as IoT devices proliferate, vendors are more aware of the need to be able to secure, update and manage these devices throughout the product life cycle. At the same time, hiring engineers to do so remains difficult.
“The problem that we’re setting out to solve is essentially that when you think about IoT and edge devices, every device is different. The number of applications is very, very wide. You’ve got everything from smart appliances in your home to robotics, to manufacturing lines, to autonomous vehicles, to even spaceships, and everything in between. So it’s very difficult to imagine a single operating system single platform that can run all these devices,” said CEO George Grey, Foundries.io.
Historically, vendors have created their own operating systems, which are expensive. And “it’s hard to get things complex things like security right, as we as we’re starting to find out,” Grey noted.
The idea is to create a standard platform with “the ability to do secure updates, because we know that we’re going to find things that we don’t know about yet. And so in the future, how do you maintain all of these devices for 10-15-20 years?” he said.
An IoT Development ‘Airframe’
CTO Tyler Baker likened its platform, called FoundriesFactory, to the airline industry where manufacturers like Boeing and Airbus build the basic airframes for planes, leaving the airlines to customize the interior layout. After all, airlines are in the business of transportation, not manufacturing. Device manufacturers, similarly, are in the business of selling devices’ innovative capabilities.
FoundriesFactory provides security firmware, a Linux operating system, device and fleet services, public and private cloud interfaces and a secure update backend.
Its basic component, which it calls a factory, is essentially a sandbox that enables its vendor customers to build their own IP on top of this basic “airframe.”
It consists of a number of open source components, projects that its engineers have been contributing to. They include Yocto to build the Linux microPlatform (LmP) operating system for IoT and edge devices, OSTree-based over-the-air update support, the U-Boot boot loader to provide secure firmware for Arm and other systems on a chip (SOCs), Unified Extensible Firmware Interface (UEFI) firmware using the Tianocore project to offer secure boot for the Linux microPlatform OS on Intel architecture SoCs, and WireGuard VPN tunnel technology for secure encrypted remote access to development or production devices. It isolates customers’ technology from its own using Docker containers.
It also provides secure interfaces to all the major public cloud vendors, as well as protocols for private cloud and on-premises configurations.
It supports a range of standard development boards including Arm, Nvidia, NXP, Raspberry Pi and others.
“Our customers are the people building products. They can get their products to market faster, the products are more secure, they save time, and they save a lot of money,” Gray said.
“We’re enabling customers to focus their investment, their money on their own application and their own IP, rather than all of this complex underlying infrastructure.”
In the traditional process, a developer working on a local machine builds an operating system, flashes that onto a board on their desk, puts the code on some servers and a team has to reproduce that build and figure out how to distribute it to other developers’ boards, Baker explained.
If you push changes, there’s a central repository and everything needs to be rebuilt, and then reflashed throughout the organization to keep everything in sync.
“We’ve said, ‘OK, let’s get away from that. Let’s build a cloud tool that provides you everything that you need to get to this point where you can flash, and once you flash one time, you’ll never have to flash again.’ And now you can just push code to the cloud, it’ll be built for you, we’ll figure out what the deltas are as far as the software goes and will deliver an incremental update to your device,” he said.
It allows users to build collaboratively and create reproducible builds in the cloud, with Foundries handling the automation. It adds a device-management framework on top.
“Once they go into production as well, they’re able to basically prescribe what version of the software those devices should be running, which applications are there, what’s in and what’s out, and they control all of that,” Baker said.
Concentric Rings of Security
Baker refers to its approach to security as concentric rings. Security beings in the planning stages, he said, though it’s hard to always run the latest software, which would be the most secure. With that in mind, it ensures that every bit of software can be updated.
It provides options for setting the Root of Trust of your device into the hardware. You can fuse the device so that the SOC will only boot software that is signed properly; then those keys live inside the SOC, though there have been cases where the SOC has been compromised in meltdown-level attacks.
You also could embed the Root of Trust inside an external hardware security element, and offload hardware security measures (HSMs). For a secure boot, it also employs userspace so the update daemon uses those hardware security element backends for key derivation and secure key storage. It uses the TUF framework for update security.
The third ring involves educating users about how to employ best practices to build in greater security.
“We’re using a horizontal platform that everybody can use to build their products … then each customer can customize it and add their own special sauce, their own IP. But because the core platform is open source, everybody who uses it is adding to its efficacy. … It’s all in the open; how we do it corresponds to best industry practices. We’re using the latest crypto algorithms, and we’re updating the software for all of our customers as new things are found,” Grey said.
Making IoT Development Easy
Grey was CEO at Linaro, an engineering organization advancing deployment in the Arm ecosystem when he saw the business possibilities for Foundries. He teamed up with Ian Drew, a serial entrepreneur and former executive with Arm and Intel and non-executive director at Linaro on the project, which launched in 2017.
The company recently announced an $8 million Series A, led by IQ Capital, bringing its total funding to $11.5 million.
“Foundries’ Linux MicroPlatform (LmP) as a service overcomes several obstacles when working with rich IoT nodes, easing the development of new products and reducing the time to market,” said Quentin Cabrol, head of IoT at Aeler.
“The platform bundles together the different elements of our operating system like the air solution, the regular platform security updates and the fleet management tool to allow us to control the progressive deployment of releases to our IoT devices out in the field.
“The other advantage of working with Foundries is their reduced cost, as they distribute the cost of supporting new embedded system architecture in the form of generic Linux board support packages [BSPs] between multiple using companies instead of just one, like more traditional custom BSPs.”
Foundries also recently announced a partnership with Arduino, which manufactures open hardware development boards. Users will be able to access a FoundriesFactory for the Arduino Portenta X8 hardware platform.
One of their collaborative projects, Arduino Pro, provides a low-code application development environment targeted at industrial IoT users.
“What they’re doing is trying to make it really easy for industrial companies who don’t understand the details of building IoT and edge products — they just want to get data from the sensors and operate some machinery from it,” Grey said. “So Arduino is using our software to make that very easy for customers. Arduino is managing the hardware on the platform. And they’re enabling customers to build their own applications and business logic very simply in containers.”
Analyst firm Moor Insights & Strategy noted that IoT plug-and-play techniques unify application development the same way iOS and Android unified mobile apps and Windows and Linux unified PC applications. However, dealing with the power, computational needs, security, networks, ruggedness, reliability, over-the-air (OTA) updates, long-term support, and cost for such a small form factor have hindered innovation in this area and generally require bespoke tailoring.
In addition to providing security, updates and the ability to customize, developers can create containerized, platform-independent applications with Foundries. “Developers focus on applications, not OSes or platform code,” it said.
“FoundriesFactory is not a ‘black box’ development system. The code is open source, built on industry-standard components and does not lock projects into specific chips, modules or boards. It’s about as future-proof as you can get,” it added.
The New Stack is a wholly owned subsidiary of Insight Partners, an investor in the following companies mentioned in this article: Docker.