Jump directly to main navigation Jump directly to content Jump to sub navigation

Crinit – shell-free, secured and tiny startup deamon for embedded Linux systems

Crinit is published to the open source community, strengthening the activities towards open and free software.

Crint is a resource efficient startup deamon that starts all processes, services and tools needed to configure and operate an embedded Linux system. It brings security features that allow secured boot designs without relaying on filesystem restrictions.

Start up daemons are a crucial part of each Linux system. They have a tremendous influence on the startup- or boot-time.

Crinit allows parallelizing of all the tasks needed to be done during the start-up, up to the limits given by dependencies, thus using all computation resources made available by modern processors. Other startup daemons also work like this, but Crinit has a far smaller code base and is reduced to the features relevant to an embedded system.

The startup daemon can be operated shell-free, so that no script interpreter needs to be integrated further reducing the attack surface, resulting in a more hardened system.

Possible attacks to the Linux system via manipulating the config files is countered by cryptographic signature checks. Crinit can be configured to always check the signature of config files before making use of them. Hence a modified config file will be detected and the attack thwarted. This is an effective aid in the design of secured systems without requiring dm-verity and a read-only filesystem.

Configuration of crinit is done in INI-style files using one file per task. With less than 10 available configuration parameters crinit proves that it was kept small and simple (KISS design principle).

Available as open source

Crinit comes with a set of tools to control runtime behaviour, checking its current status and the status of processes under its control.

The test suite of Crinit and its documentation are an integrated part of the open source package allowing others to get involved by using Crinit or improving its code base.

Together with Crinit the Cominit tool is shared with the opensource community. Cominit is used in the initial ramdisk to prepare execution of crinit or other boot daemons from the final rootfs. Cominit addresses security features necessary to implement trusted boot designs.

elos (https://github.com/elektrobit/elos) and Crinit are enabled to cooperate. Events from elos can be handled by Crinit and each event occuring in Crinit is made available in elos.

Crinit and Cominit were designed by Elektrobit in the course of development of EB corbos Linux - built on Ubuntu which is a highly optimized automotive Linux-based operating system and infrastructure.

Elektrobit made the decision to invest in such a framework together with emlix. In doing so, the Crinit/Cominit architecture and requirements were defined together with emlix.

emlix was in charge of the implementation and now supports the maintenance of Crinit and Cominit in the open source community - still powered by Elektrobit.

The software is placed under MIT license and will be hosted on github.

Crinit: https://github.com/Elektrobit/crinit

Cominit: https://github.com/Elektrobit/cominit

You will also find some additional info at crinit-boot.org.

Their mascot is a swift since it is one of the speediest birds.

Crinit and Cominit boot process