====== Software architecture ====== ===== Mapping ===== {{:images:mapping_architecture_4.3.png?1000|}} ===== Linux distribution ===== ==== KerOS ==== The Wirnet™ i-series gateways software is running on a iMx6 Solox processor (ARM processor). The Linux distribution embedded is generated by Kerlink and named KerOS. The different file systems are listed in the following table: ^ Device ^ Mount point ^ Size ^ Format ^ Usage ^ Recommendations ^ ^ eMMC| /user | 6GB* | ext4 (R/W)| user application | Application binaries, data files, logs | *For Wirnet iZeptoCell the emmc ''/user'' size is 2GB. \\ Rootfs is mounted using the [[https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt|OverlayFS]] file system. An overlay-filesystem tries to present a filesystem which is the result over overlaying one filesystem on top of the other.\\ On KerOS, the base layer (lowerdir) is defined by ''/.rootfs.ro''. This base layer is read-only and backed-up. A second layer (upperdir), that override the base layer, is defined under (''/user/.rootfs_upper''). This second layer is customizable by the user.\\ The result of these two layers is a fully customizable rootfs with a full backup containing all the original files before they are customized by the user. For further information about the customization backup mechanism, refer to the [[wiki:keros_custo:upgrade#configuration_management_sysupgrade| Sysupgrade process]]. === Build system === The build system is Yocto. The Yocto Project is a Linux Foundation workgroup whose goal is to produce tools and processes that will enable the creation of Linux distributions for embedded software.\\ Kerlink doesn’t provide the build system to compile KerOS. === User partition === Applications are recommended to be installed in ''/user'' directory. === Cross toolchain === To develop software, Kerlink provides a cross toolchain, libraries and headers necessary to the compilation of customer applicative software. ==== IPK files ==== KerOS distribution includes the OPKG package manager to process software and firmware updates. \\ Update packages must respect the ''.ipk'' file format. The specific way of deploying ''ipk'' packages on the Wirnet i-series gateways is described in the [[wiki:keros_custo:sw_updates|Software Update page]]. Due to security mechanisms, ''opkg install'' command must not be used on the Wirnet i-series gateways. \\ Package installation at runtime is not indicated. \\ Wirnet i-series gateways dedicated software update process is described in the [[wiki:keros_custo:sw_updates|software update]] section. ===== TrustZone ===== Wirnet i-series gateways embedds the TrustZone™ security feature provided by ARM microprocessors.\\ The TrustZone technology is used to run a trusted boot and a trusted OS to create a Trusted Execution Environment.\\ A Trusted Execution Environment (TEE) is a secure area inside a main processor. It runs in parallel of the operating system, in an isolated environment. TrustZone from ARM is an hardware technology that can be used to support TEE implementations. The Wirnet i-series gateways trusted OS is ProvenCore, from Prove&Run. The OpenVPN / IPSEC local secrets are secured by the ProvenCore trusted OS. \\ Information on VPN clients configurations are available in the [[wiki:network_mana:secure_network|dedicated page]]. TrustZone information on ARM website : [[https://www.arm.com/products/security-on-arm/trustzone]].