Stack and Operating System

To get back to the Foundries stack, it should first be noted that the product exclusively relates to the software part of an IoT application. Foundries.io doesn't build the hardware, but the manufacturer does maintain partnerships with contractors with operations in the IoT market.

IoT devices are almost always embedded. Accordingly, devices with an ARM system on a chip (SoC) are widespread; the entire computer comprises a small circuit board with all the relevant components, which is exactly where the Foundries stack (Figure 3) comes in.

Figure 3: Foundries.io provides enterprises with a development platform for IoT applications that has a Linux kernel with a container platform and microservices at its core. © Foundries.io

The innermost core is a Linux kernel that includes support for a wide range of popular ARM boards for IoT deployment. The kernel is enriched with drivers for chips that are typically used in the IoT environment, for example, (W)LAN devices. The project's website provides a list of boards [1] that can be used directly with the software stack provided by the Foundries project.

Although this solution does not sound like much in theory, it is, in practice, a massive boost for companies looking to get started with IoT devices. Thanks to the preparatory work by Foundries.io, a basic system is available within minutes on which further development can be built, provided that a suitable SoC board is available. Without Foundries.io, just putting together a suitable Linux distribution for embedded devices would take a medium-sized team months.

More Than Linux

Linux, by the way, is not the only operating system with which the Foundries developers planned to work. During its startup phase, they dropped quite a few hints in the documentation and online that the company had its sights set on an embedded distribution based on the Zephyr real-time system. Zephyr, like the Linux kernel, is under the aegis of the Linux Foundation and specializes in real-time computing.

In the meantime, however, the references to Zephyr have disappeared from the vendor's documentation and website, and the Zephyr-based distribution is probably no longer maintained. However, it would only have appealed to a relatively small group of users anyway, because real-time computing is only likely to play a minor role given the typical use cases in the IoT environment. The developers are also aware that an operating system kernel is not the same as a functional IoT framework.

Security

For obvious reasons, the issue of security plays a major role for IoT devices. On one hand, these devices are not shielded from the outside world as much as you might assume. Recall once again the example of surveillance cameras: Because they support the Universal Plug and Play (UPnP) standard and many routers for domestic use are configured to pass automatically through ports released by UPnP to the outside world, the corresponding cameras suddenly become accessible on the web.

On the other hand, many owners would not even notice an attack on smart home devices, as long as the basic functions of the device are not affected. If an attacker were able to take control of the IoT toaster described above and a few thousand more devices with the same vulnerability to execute arbitrary code, it would even be possible to imagine a botnet populated just by toasters.

Several approaches are available to prevent this kind of attack. For example, known vulnerabilities could be repaired by patching. Another approach would be not to allow the execution of arbitrary code on the devices in the first place. What has been an established standard on desktop and server systems in the form of the Trusted Platform Module (TPM) for a long time also exists for embedded systems. But most providers do not make use of these options.

Foundries.io approaches the problem differently: It fully supports the security features of any hardware on which it can run. From the bootloader to individual drivers and programs, a chain of trust can be created that prevents the execution of arbitrary code, even if an attacker is working as root on the system. The Foundries stack scores bonus points because it can also natively use the cryptographic functions of many ARM and Intel chips on the market to enable efficient encryption. Therefore, developers can use encrypted connections instead of plain text, further contributing to device security.