LynxSecure Safety Bundle is an open system architecture that unlocks the potential of multi-core to deliver 2nd generation Integrated Modular Avionics (IMA) solutions.

LSB integrates the complete range of system development services for platform suppliers in order to build, deploy and sustain their IMA platform. It enables system integrators to leverage modern multi-core hardware to significantly reduce SWaP (size weight and power) by consolidating multiple Line Replaceable Units (LRUs) onto a single platform.

This revolutionary solution securely integrates four key capabilities:

  • LynxSecure, the world’s only truly secure-by-design separation kernel hypervisor
  • LynxOS-178, a DO178C DAL A certified RTOS to run safety critical application workloads
  • Embedded Linux based on the Buildroot technology for non-critical application workloads
  • Luminosity, an Eclipse based Integrated Development Environment

LynxSecure Safety Bundle allows developers to create sophisticated modular avionics designs that consolidate mixed-criticality applications, RTOS’s, Embedded Linux, and bare metal applications onto multi-core processors and across federated and networked systems. The LynxSecure Separation Kernel is the unique foundation that keeps these modules completely independent from each other, only allowing them to utilize defined hardware resources such as cores, memory, and devices.

Developers can update each secure and safe module independently without affecting the other modules, even when certified.

This second generation IMA approach allows the creation of safer, more complex systems, using multi-core hardware while reducing overall certification costs of the entire system. Moving traditional single core avionics applications to a multi-core cpu has never been easier than with LSB.

Our 2nd generation IMA development platform facilitates rapid technology insertion and modular system component refreshes, enabling suppliers to deliver and monetize system upgrades well into the future, while reusing existing code and rehosting legacy applications in the IMA environment.

IMA’s have traditionally required non critical functions or applications to be hosted on ARINC 653 APEX (Application Executive), requiring these developers to invest in expensive ARINC platforms and associated tooling. With LynxSecure Safety Bundle that is no longer a requirement. Non critical functions and applications can be hosted on the OS of your choice or even on bare metal and can be developed with the tooling of your suppliers choice. This enables significant cost removal from the supply chain and opens up the supply chain to a far wider set of suppliers from virtually any aspect of the application market.

The LynxSecure Safety Bundle has many options for streamlining communication between avionics applications. Each physical network interface can be directly assigned to a module such as LynxOS-178 or Buildroot Linux for dedicated networking use by that OS. Additionally, LynxSecure offers a virtual device server that can take ownership of a physical NIC and provide virtualized instances to each module that needs a network interface. LynxSecure supports Single Root Input/Output Virtualization (SR-IOV) based network devices which allow multiple modules to have a virtual function network interface through a single piece of hardware. Finally, LynxSecure offers an even more secure and performant form of communication between modules using dedicated shared memory regions.

Many IMA platforms are gravitating towards using some form of Linux for their less critical modules of the mixed criticality safe system. Lynx has made this incredibly simple by including a fully supported Embedded Linux based on the industry open standard “Buildroot” technology (see This complete Linux distribution can be run as a module on top of LynxSecure alongside critical modules based on LynxOS-178. Buildroot is a simple, efficient and easy to use tool to generate embedded Linux systems through cross compilation. Buildroot Linux is very easy to use and supports hundreds of popular Linux packages and utilities. This version of Buildroot Linux has been para-virtualized to run at peak performance as a module on LynxSecure.

LynxOS-178 is the only commercial RTOS which has been approved by the Federal Aviation Administration (FAA) as a Reusable Software Component (RSC). Up to 80% of the OS certification costs that developers would normally have to bear to achieve DO-178B/C is removed, even as they move to the latest generation of their selected multi-core processors. LynxSecure assured separation means that only software in the LynxOS-178 partition needs to go through certification even though it resides on the same multi-core processor as non-critical applications with no safety requirements. The LynxOS-178 RTOS has been certified to Design Assurance Level (DAL) A, and provides native POSIX API’s, ARINC 653 services, and FACE compatibility.

The Luminosity Development tools are based on the Industry open standard Eclipse Integrated Development Environment (IDE). The Luminosity IDE provides the ability to build and debug complex 2nd generation IMA systems using LynxOS-178 project wizards. The system includes C and C++ compilers, an assembler, a linker, debuggers and performance assessment tools – everything needed to build and deploy applications and OS’s using the LynxOS-178 RTOS, Buildroot Linux, and bare metal applications.

The LynxSecure Safety Bundle includes support for most Intel based x86 architectures. The Separation Kernel takes advantage of Intel virtualization support in the form of the VT-x and VT-d instructions.

Lynx has fully tested the following reference targets:

  • Curtiss Wright VPX3-1220 Xeon D
  • Extreme Engineering XES XPedite 7672 / 7674 Xeon D
  • SuperMicro X10SDV-TLN4F Xeon D

The LynxSecure Safety Bundle runs out of the box on the majority of Intel VT-x/VT-d capable processors (Atom, Core i5, Core i7, Xeon). Lynx is validating new targets all the time.


Please contact us to learn more about our LynxSecure Safety Bundle target validation program.

* These fields are required.