wiki:general:software_arch
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
wiki:general:software_arch [2019/09/25 15:23] ghi created |
wiki:general:software_arch [2022/10/24 15:36] (current) ehe [KerOS] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Software architecture ====== | ====== Software architecture ====== | ||
| + | |||
| + | ===== Mapping ===== | ||
| + | |||
| + | {{:images:mapping_architecture_4.3.png?1000|}} | ||
| ===== Linux distribution ===== | ===== Linux distribution ===== | ||
| Line 5: | Line 9: | ||
| ==== KerOS ==== | ==== KerOS ==== | ||
| - | The Wirnet™ Productline gateways software is running on a iMx6 Solox processor (ARM processor). The Linux distribution embedded is generated by Kerlink and named KerOS. | + | The Wirnet™ i-series gateways software is running on a iMx6 Solox processor (ARM processor). The Linux distribution embedded is generated by Kerlink and named KerOS. |
| The different file systems are listed in the following table: | The different file systems are listed in the following table: | ||
| ^ Device ^ Mount point ^ Size ^ Format ^ Usage ^ Recommendations ^ | ^ Device ^ Mount point ^ Size ^ Format ^ Usage ^ Recommendations ^ | ||
| - | ^ eMMC| / | 6GB | **OverlayFS (R/W)**| system | system binaries/libraries | | + | ^ eMMC| /user | 6GB<fc #ff0000>*</fc> | ext4 (R/W)| user application | Application binaries, data files, logs | |
| - | ^ eMMC| /user | 6GB | ext4 (R/W)| user application | Application binaries, data files, logs | | + | |
| + | <fc #ff0000>*</fc>For Wirnet iZeptoCell the emmc ''/user'' size is 2GB. \\ | ||
| Rootfs is mounted using the [[https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt|OverlayFS]] file system. An overlay-filesystem tries to present a filesystem which is the result over overlaying one filesystem on top of the other.\\ | Rootfs is mounted using the [[https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt|OverlayFS]] file system. An overlay-filesystem tries to present a filesystem which is the result over overlaying one filesystem on top of the other.\\ | ||
| On KerOS, the base layer (lowerdir) is defined by ''/.rootfs.ro''. This base layer is read-only and backed-up. A second layer (upperdir), that override the base layer, is defined under (''/user/.rootfs_upper''). This second layer is customizable by the user.\\ | On KerOS, the base layer (lowerdir) is defined by ''/.rootfs.ro''. This base layer is read-only and backed-up. A second layer (upperdir), that override the base layer, is defined under (''/user/.rootfs_upper''). This second layer is customizable by the user.\\ | ||
| - | The result of these two layers is a fully customizable rootfs with a full backup containing all the original files before they are customized by the user. For further information about the customization backup mechanism, refer to the [[wiki:upgrade#configuration_management_sysupgrade| Sysupgrade process]]. | + | The result of these two layers is a fully customizable rootfs with a full backup containing all the original files before they are customized by the user. For further information about the customization backup mechanism, refer to the [[wiki:keros_custo:upgrade#configuration_management_sysupgrade| Sysupgrade process]]. |
| === Build system === | === Build system === | ||
| Line 32: | Line 37: | ||
| KerOS distribution includes the OPKG package manager to process software and firmware updates. \\ | KerOS distribution includes the OPKG package manager to process software and firmware updates. \\ | ||
| - | Update packages must respect the ''.ipk'' file format. The specific way of deploying ''ipk'' packages on the Wirnet Productline gateways is described in the [[wiki:sw_updates|Software Update page]]. | + | Update packages must respect the ''.ipk'' file format. The specific way of deploying ''ipk'' packages on the Wirnet i-series gateways is described in the [[wiki:keros_custo:sw_updates|Software Update page]]. |
| <note important> | <note important> | ||
| - | Due to security mechanisms, ''opkg install'' command must not be used on the Wirnet Productline gateways. \\ | + | Due to security mechanisms, ''opkg install'' command must not be used on the Wirnet i-series gateways. \\ |
| Package installation at runtime is not indicated. \\ | Package installation at runtime is not indicated. \\ | ||
| - | Wirnet Productline gateways dedicated software update process is described in the [[wiki:sw_updates|software update]] section. | + | Wirnet i-series gateways dedicated software update process is described in the [[wiki:keros_custo:sw_updates|software update]] section. |
| </note> | </note> | ||
| ===== TrustZone ===== | ===== TrustZone ===== | ||
| - | Wirnet Productline gateways embedds the TrustZone™ security feature provided by ARM microprocessors.\\ | + | Wirnet i-series gateways embedds the TrustZone™ security feature provided by ARM microprocessors.\\ |
| The TrustZone technology is used to run a trusted boot and a trusted OS to create a Trusted Execution Environment.\\ | The TrustZone technology is used to run a trusted boot and a trusted OS to create a Trusted Execution Environment.\\ | ||
| A Trusted Execution Environment (TEE) is a secure area inside a main processor. It runs in parallel of the operating system, in an isolated environment. TrustZone from ARM is an hardware technology that can be used to support TEE implementations. | A Trusted Execution Environment (TEE) is a secure area inside a main processor. It runs in parallel of the operating system, in an isolated environment. TrustZone from ARM is an hardware technology that can be used to support TEE implementations. | ||
| - | The Wirnet Productline gateways trusted OS is ProvenCore, from Prove&Run. | + | The Wirnet i-series gateways trusted OS is ProvenCore, from Prove&Run. |
| The OpenVPN / IPSEC local secrets are secured by the ProvenCore trusted OS. \\ | The OpenVPN / IPSEC local secrets are secured by the ProvenCore trusted OS. \\ | ||
| - | Information on VPN clients configurations are available in the [[wiki:secure_network|dedicated page]]. | + | Information on VPN clients configurations are available in the [[wiki:network_mana:secure_network|dedicated page]]. |
| TrustZone information on ARM website : [[https://www.arm.com/products/security-on-arm/trustzone]]. | TrustZone information on ARM website : [[https://www.arm.com/products/security-on-arm/trustzone]]. | ||
wiki/general/software_arch.1569417825.txt.gz · Last modified: 2019/09/25 15:23 by ghi
