3 min read

Secure Platform for IIOT

Jul 15, 2020 9:49:04 AM

In May 2020, I wrote a couple of blogs about what we were starting to hear about in terms of use cases for our separation kernel hypervisor, LynxSecure, in Industrial IoT (IIoT) applications. I thought it about time to provide a short update. As I mentioned previously, Lynx has a long history focused on accelerating and cost reducing the path that customers create, certify and deploy mission critical avionics’ systems. We have a set of artifacts in place that customers can reuse to simplify system certification processes etc. According to research by Rockwell Collins, DO-178C DAL A requirements represent a superset of industry specific certifications such as ISO 26262, IEC 61508 and similar certifications. As a result, we felt that Lynx could apply its extensive avionics experience and certifications into additional markets.

Earlier this year, a strategy team inside Lynx realized that a core capability of this hypervisor (the foundation of our development framework, LYNX MOSA.ic™), enabled strong isolating technology which, when added to the real-time determinism functionality provided by assigning hardware resources on a per virtual machine basis, was a strong foundation for a secure industrial platform that consolidated real-time and (relatively) latency-insensitive processing functionality on a single multicore component.

LYNX MOSA.ic™ Product Family - Industrial

I referenced Coca Cola in my prior blog as an example of a company whose equipment is now needing to adjust to manufacturing a wider set of variants than simply one specific version of drink. Lynx’s engagement has been around a manufacturer of (very large) 3D printing equipment where:

  • There are very small runs as they look to provide a customized chassis for a transportation platform
  • The OEM wishes to hold the “recipe” for implementing this custom chassis secret
  • The equipment manufacturer needs to ensure that “recipe” doesn’t put the reliability of the piece of manufacturing equipment at risk

Fundamentally, the Lynx technology provides a tamperproof partition; effectively a sandbox. This assures the OEM that their valuable intellectual property is safe and cannot be reverse engineered; it assures the equipment manufacturer that the software, once downloaded, doesn’t accidentally or deliberately crash the whole machine. Over the past month, we have demonstrated LYNX MOSA.ic for Industrial to a number of customers and partners. As mentioned on the product webpage, our initial demonstrator has been on an EPC5000 platform from Dell. At the heart of this is an Intel® Core™ i7 processor (4 cores, 8 threads)

Dell-01We mentioned at launch that we would be broadening the hardware and software options that LYNX MOSA.ic for Industrial encompasses. With our porting work to get FreeRTOS running as a guest operating system on LynxSecure coming along nicely, we will be using this as a trigger to roll out an Arm version, initially targeting a Xilinx® MPSoC platform (yes, we will get to Versal® in time), later this quarter.

We are using two NICs, one to provide connectivity to a private network, one for cloud connectivity. Remember that LynxSecure allocated CPU cores, memory and IO devices on a per VM basis, which means that certain (untrusted) applications will be unable to use the private network. We have also set up a Lynx Simple Application (LSA) as a data diode, providing one way communication of data from a real-time OS over to Azure IoT Edge (running on Ubuntu). A Kepware software suite running on Windows 10 allows data to be ingest from external devices that are connected via all manner of IO interfaces (can I hear a “Profibus” anyone? 😊

We are currently in the process of extending this demo to support

  • Multiple virtual PLCs using the CodeSys tool suite
  • Support of multiple external motors

We are early on our journey, particularly as added system to system functionality instead of simply being a software technology deployed in the box. Delivery of software in containers via Kubernetes is up and running too and we have a number of areas where we plan to enhance the capabilities that this will deliver to system builders. Of course, we welcome your inputs. One of the great things…..and the challenging things….about the industrial market is the diversity of use cases and technology. We look forward to hearing about your system design challenges to see if there is something that our system architects (and of course our technology) can do to assist you.