• No results found

CARRIER GRADE PROFILE FOR WIND RIVER LINUX

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "CARRIER GRADE PROFILE FOR WIND RIVER LINUX"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

Carrier Grade Profile for Wind River® Linux meets the registration requirements of the Linux Foundation’s Carrier Grade Linux 5.0 specification. As an add-on profile for Wind River Linux 6.0, this turnkey solution delivers all of the technologies essential to build-ing a powerful, flexible, responsive, stable, and secure platform.

Built on the Yocto Project Compatible Wind River Linux 6.0 platform, Carrier Grade Profile provides complete architecture support across major BSPs, with increased interoperability allowing changes to fit your future business needs while reducing switching costs and devel-opment effort. Backed by our unrivaled global support and services, Carrier Grade Profile provides essential capabilities for all industries, enabling the next generation of embedded Linux designs that require secure, standards-based, and reliable solutions.

TABLE OF CONTENTS

Technical Specifications . . . 2

Key Features . . . 2

Carrier Grade Kernel . . . 2

Carrier Grade User Space . . . 3

Broader Testing . . . 5

Yocto Project Compatibility . . . 7

(2)

TECHNICAL SPECIFICATIONS

Linux base: Wind River Linux 6.0

Supported processor architectures: Full architecture support for any BSP provided in the Wind River Linux 6.0 base

Linux Foundation’s Carrier Grade Linux registration: Specification 5.0Yocto Project version: 1.5 (Wind River Linux 6.0)

KEY FEATURES

Carrier Grade Kernel

The kernel updates in Wind River Linux 6.0 form the basis of many features to support Carrier Grade Linux (CGL) registration, including the following:

Error Detection and Correction (EDAC): A set of Linux kernel modules for reporting and handling hardware-related errors

Security Enhanced Linux (SELinux): A full-featured Linux Security Module providing a reference monitor capable of providing multilayer security and multi-category security, implementing both mandatory access control (MAC) and role-based access control (RBAC) • Integrity Measurement Architecture: Support for run-time validation of executables and

critical system files optionally using a hardware Trusted Platform Module

Interrupt threading: Configuring interrupt handling and scheduling handler routines as any other software thread, allowing for maximum flexibility and higher predictability when designing a system

Logical Volume Management (LVM): The ability to dynamically resize disks on a system according to changing needs

Low latency event monitoring: A variant of poll(2) that can be used as either an edge- or a level-triggered interface that scales well to large numbers of watched file descriptors • Open Cryptographic Framework: Transparent hardware-accelerated cryptographic

sup-port for specific BSPs

Redundant array of independent disks (RAID): Both software and hardware RAID sup-port, including striping

Reliable file system support: Various highly reliable file systems are supported (e.g., ext4, btrfs, ocfs2)

Group management: Support for grouping sets of processes together, for use with process control subsystems such as cpusets, CFS, memory controls, and device isolation; includes net traffic controller, memrlimit controller, dm-ioband bio_tracking, and group scheduling controllers

kdump: Kernel crash dump for analyzing the cause of a deployed kernel crash

kexec: A system call that provides the ability to shut down the current kernel and start another without rebooting hardware

Persistent data storage: Data storage that persists across reboots for storing debug and log information (e.g., pstore, pramfs)

(3)

Carrier Grade User Space

In addition to the kernel features, the Carrier Grade Profile for Wind River Linux user space is a hardened, reliable base on which to develop applications and systems, whether they are headless, remote systems or must support multiple concurrent users with varying lev-els of access and clearance. Supported features include the following:

SELinux and the Reference Policy

SELinux is a full-featured Linux Security Module providing a reference monitor capable of providing multilayer security and multi-category security, implementing both MAC and RBAC.

Based on the SELinux official reference policy and the Yocto Project selinux layer, the Wind River SELinux reference policy is tailored to support both strict and mcs modes out of the box.

Transparent Inter-process Communication (TIPC) Protocol

As a major contributor and one of the maintainers of the TIPC project, Wind River actively develops this cross-platform, high-speed communications technology aimed specifically at clustered computing environments. TIPC is a communications protocol that provides developers with an extremely flexible means of creating distributed, cooperative applica-tions that may migrate as required throughout the cluster seamlessly. Wind River continues to invest in TIPC, and Wind River Linux remains up to date with developments in the TIPC project.

Security

Originally developed by the National Security Agency (NSA), SELinux is the gold standard of flexible and trusted computing environments. SELinux is both a Linux Security Module (LSM)—a piece of the kernel that arbitrates access to all system resources based on the system policy—and a collection of supporting user space tools for developing, applying, enforcing, auditing, and debugging the security policy used by the LSM. Wind River Linux includes three levels of security out of the box for SELinux-enabled configurations, based on the SELinux Reference Policy Project and configured specifically for Wind River Linux. Wind River Linux also includes advanced, preemptive security technologies such as multi-level run-time stack and buffer overflow protection and a suite of tools that together pro-vide a complete intrusion detection and prevention system.

Reliability, Availability, Manageability

Carrier Grade Profile meets the SCOPE Alliance Linux profile and addresses key SCOPE Alliance gaps. Relevant features include persistent shared memory with the system black box, coherent user and kernel tracing framework with LTTng, run-time analysis tools, and common command-line tools such as strace and ltrace for doing system call and library tracing.

(4)

The following Carrier Grade Profile features go beyond the existing CGL requirements: • Coarse resource enforcement that allows memory and scheduling limits to be enforced

on a group basis rather than per process or per object • Layer 2 Tunneling Protocol (L2TP version 3) support

• File access tracing that provides extensive logging and notification options for monitor-ing file access and recordmonitor-ing system events

• Redundant virtual routing support, based on the Common Address Redundancy Protocol, that provides the ability to create highly available dynamic routers and gateways • Feature-rich IPsec environment ranging from simple certificate creation and

manage-ment to cryptographic reliability and integrity self-tests

• Dynamic multi-category security management tools for virtual guests through libvirt and the SELinux svirt tools

• Support for advanced system architectures that leverage memory and processor latency domains with tools such as numactl and libnuma that enable application and system designers to get the best performance out of their real and virtual machines

• Reliable damage-resistant file system support, detailed in the CGL 5.0 specification, including data and metadata integrity checking mechanisms

With support for standalone and clustered systems as well as the PICMG Advanced Telecommunications Computing Architecture (ATCA) specification, Carrier Grade Profile provides highly available solutions for devices at the network core and edge.

Network-Based Storage Solutions

Carrier Grade Profile provides functionality for centralized logging servers, centralized billing and accounting servers, and share file system servers by integrating technologies such as the distributed replicated block device (DRBD), multiple redundant communication paths to external storage over fiber channel links, ATA over Ethernet, the Oracle Cluster File System version 2 (OCFS2), and Internet Small Computer System Interface (iSCSI).

IP Security (IPsec)

Carrier Grade Profile supports a number of mechanisms for establishing trust between two systems with IPsec, the most common being Internet Key Exchange (IKE, both version 1 and version 2). IKE sets up a shared session secret via a Diffie-Hellman key exchange, using either public key techniques or a pre-shared key. IKE functionality can come from the IPsec-Tools suite in the form of the racoon daemon, from the standalone Racoon2 daemon, or from a dedicated IPsec implementation provided by strongSWAN. All of the expected stan-dards (for example, X.509 for single sign-on, AH and ESP for header and payload encap-sulation, IKEv2 for mobile devices via MOBIKE RFC 4555, HMAC-SHA-256+/RFC 4868 and Suite B cryptography/RFC 4869 for IPSec) are available through IPsec-Tools, Racoon2, or the strongSWAN suite.

(5)

Broader Testing

Wind River is committed to implementing and conforming to standards wherever possible. That commitment extends well beyond the Linux Foundation’s Carrier Grade specification. As with past releases of Wind River Linux, Carrier Grade Profile for Wind River Linux provides all the necessary tools to validate conformance to the Linux Standard Base 4.1 Specification. Wind River Linux 6.0 is IPv6-Ready and certified. Carrier Grade Profile is not certified, but maintains the IPv6-Ready status and can be certified if required.

Carrier Grade Profile is the first version of Wind River Linux to undergo IPv4 conformance testing, resulting in a more complete, interoperable product, and a more complete view of platforms based on it.

Wind River has developed a robust, scalable, and automated build and test infrastructure with more than 4,000 test cases and 301,336 test runs. This infrastructure supports many processor architectures and uses a combination of commercial, open source, and propri-etary tests, including LTP Core, LTP Network, LSB, TAHI, and Open POSIX. Wind River uses coverage tools, such as gcov and lcov, to optimize test development and close gaps in existing test suites.

Automated and manual tests include the following:

Automated boot login: This tests the booting process of any target architecture for a given kernel and rootfs. The process is completely automated for a set of targets, which helps in determining the boot sanity of the target.

CD sanity: This automation suite covers CD installation on a new release, followed by building the rootfs for various target combinations using prebuilt RPMs. It boots the tar-get with the prebuilt kernel and rootfs and executes KGDB and user-mode tests on the target, then reports the results to the database.

Linux Test Project (LTP): This test suite validates the reliability, robustness, and stability of the Linux kernel and its network components.

Open Hardware Platform Interface (HPI): The Open HPI is an abstracted interface for managing computer hardware, typically chassis and rack-based servers. It includes resource modeling; access to and control over sensor, control, watchdog, and inventory data associated with resources; abstracted System Event Log interfaces; hardware events and alarms; and a managed hotswap interface.

Open POSIX: This test suite is for POSIX 2001 APIs not tied to specific implementations. It provides conformance, functional, and stress testing, with an initial focus on threads, clocks and timers, signals, message queues, and semaphores.

Real-Time Feature Testing with Lmbench Realfeel: Real-Time Feature Testing tests performance. Lmbench is used to measure I/O of the kernel. Realfeel tests scheduler behavior.

(6)

Saftest: Saftest tests the Open HPI package.

Kernel Feature Test Package (kftp): This package tests kernel features against architec-ture and hardware configurations.

User space: User space tests verify that user packages have compiled and operated cor-rectly in target run-time systems.

Toolchain: This verifies that toolchains comply and operate correctly in target run-time systems.

nmap: This is a network exploration tool and security scanner.Netperf: This tool tests networking performance.

CGL compliance: This tests more than 120 P1 requirements.

kexec and core-dump, server-based install: This tests CGL features.

TAHI IPv6 conformance: The TAHI Project is a joint effort to develop and provide verifi-cation technology for IPv6. The TAHI IPv6 conformance tests ensure interoperability with IPv6 protocols.

iozone: This is a file system performance test tool.nbench byte: This tests CPU calculation performance.Footprint: This tests the static kernel footprint.

Static rootfs footprint: This tests the static rootfs footprint size.Dynamic footprint: This tests the run-time system footprint.Boot-time: This measures board boot-up time.

Coverity: The system is tested using Coverity static analysis software.

Board-specific: Along with new BSPs, there are board-specific tests mentioned in the board readme file.

Documentation: Documentation for Wind River Linux 6.0 was tested to make sure all steps are properly recorded.

Host OS: Installation is tested on various host operating systems supported for Wind River Linux 6.0, as well as sample application build and debugging from Wind River Workbench and platform build.

HRT regression: HRT features for previous releases were tested for regression on the supported platforms.

Install bundle: Installation testing was done for various product structure bundles.Regression testing (RT) regression: RT features in previous releases were tested for

regression on the supported platforms.

Use case: The use cases for Workbench, run-time analysis tools, and build system were tested on supported hosts and platforms.

Workbench integration: Wind River tests the feature integration of Workbench with Wind Manage, System Viewer, and run-time analysis tools.

(7)

Yocto Project Compatibility

Similar to an OpenEmbedded metadata layer, Carrier Grade Profile for Wind River Linux builds on top of the Yocto Project Compatible base of Wind River Linux 6.0.

The OpenEmbedded meta-networking layer is the foundation layer between the Yocto Project and Carrier Grade Profile. Meta-networking provides common services required in carrier grade systems (e.g., File Transfer Protocol (FTP) daemons and network configuration, and authentication tools like autofs and Network Information Service (NIS)). Carrier Grade Profile provides more complex components (e.g., Cluster management services like the Corosync Cluster Engine) that assume the presence of such infrastructure in the underlying layers.

Carrier Grade Profile also draws upon the meta-selinux layer, leveraging the work done by the OpenEmbedded community to integrate SELinux features into the Yocto base. Carrier Grade Profile also extends meta-selinux upward in order to fully provide the features required by the Security Requirements Definition of the CGL specification.

WIND RIVER PROFESSIONAL SERVICES

Wind River has the proven expertise to customize Carrier Grade Profile for Wind River Linux platforms to your unique device requirements and maintain the stack for the long term. Our embedded Linux experts can help you plan, build, and manage even the most advanced and mission-critical Yocto Project Compatible software. Take your product to the next level with these solutions:

• Embedded Linux architecture and design • Yocto Project Compatible BSP factory

– BSP creation, compatibility submission, and maintenance – Support for ARM, IA, PPC, MIPS

• Yocto Project Compatible and carrier grade middleware and kernel development – Networking, security, medical

– Real-time, graphics

• Migration from roll-your-own or hardware vendor provided Linux to Carrier Grade Profile for Wind River Linux

• Acceleration of embedded multi-core Linux designs using open source and Wind River Hypervisor–based virtualization

• Benchmark, functional, and performance testing and documentation

• IP compliance and results documentation and analysis based on the Linux Foundation’s Software Package Data Exchange (SPDX) specification

• Long-term support and maintenance of your Yocto Project Compatible custom software Wind River Professional Services can help you meet your robustness, functionality, and security requirements to rapidly and cost-efficiently deliver your next-generation embed-ded Carrier Grade Linux device.

(8)

SUPPORT CONTACTS

North America, South America, Asia/Pacific

[email protected]

Toll-free tel.: 800-872-4977 (800-USA-4WRS) Tel.: 510-748-4100

Fax: 510-749-2164

Hours: 6:00 a.m.–5:00 p.m. (Pacific time)

Japan

[email protected] Tel.: +81 3 5778 6001 Fax: +81 3 5778 6003

Hours: 9:00 a.m.–5:30 p.m. (local time)

Europe, Middle East, Africa

[email protected] Toll-free tel.: +800 4977 4977 France tel.: +33 1 64 86 66 10 France fax: +33 1 64 86 66 66 Germany tel.: +49 899 624 45 444 Germany fax: +49 899 624 45 999 Italy tel.: +39 011 2448 411 Italy fax: +39 011 2448 499

Middle East Region tel.: +972 9741 9561 Middle East Region fax: +972 9746 0867 Nordic tel.: +46 8 594 611 20

Nordic fax: +46 8 594 611 49 UK tel.: +44 1793 831 393 UK fax: +44 1793 831 808

References

Download now ( PDF - 8 Page - 363.26 KB )

Related documents

Evaluation of Updated MPIPOM-TC Ocean Model Initializing and Sea-State Dependent Mixing Scheme

Recent studies suggest that the latter two can be significantly modified by different sea states (surface wave fields) and that accurate upper ocean modeling requires coupling of a

Correlation analysis of Parkinson's disease in the acoustic field

Parkinsonova choroba, hypokinetická dyzartria, predspracovanie signálu, parametre rečo- vého signálu, post–processing parametrov, Pearsonov a Spearmanov koeficient, bloková schéma

Comorbidities associated with higher von Willebrand factor (VWF) levels may explain the age-related increase of VWF in von Willebrand disease

FVIII:C, factor VIII coagulant activity; ns, not significant; VWD, von Willebrand disease; VWF:Ab, von Willebrand factor activity as measured by a monoclonal antibody assay; VWF:Ag;

Voronoi State Management for Peer-to-Peer Massively Multiplayer Online Games

1) Regular arbitrators. Each arbitrator selects a random user node as its backup arbitrator to store a copy of its game states. If the user node fails, the backup arbitrator

Effects of planting times and plant densities of top-shoot cuttings on multiplication of breeder seed potato

On the other hand, planting large seed tubers is advanta- geous under certain circumstances such as unfavorable soil and weather conditions at planting, if the growing season is

SPARKS: Social and Psychological Aspects of Replacement Knee Surgery - A Prospective Longitudinal Study

Y = yes, the authors in each study examined the effect of baseline psychological factors and found that they did have an effect on postoperative outcomes related to pain, function and

The correlation between extroversion and speaking skill in English education department students (a study at intermediate speaking class of English education department of UIN Walisongo in the academic year of 2014/2015)

The objectives of the study are (1) to describe students’ Extoversion of English Education Department students at intermediate speaking class of UIN Walisongo in the

The Correlation between Students’ Motivation and Their Speaking Achievement at English Department of Halu Oleo University

Therefore, this study is going to answer the research question: ‟Is there any significant correlation between students‟ motivation and their speaking achievement