In the one-year project, emlix advised and supported Schenck Process in all key areas of the project, from hardware bring-up and cloud connection to the production and update concept.
In the project, Schenck Process relied on robust industrial PCs with an x86 architecture. emlix customized the Yocto Board Support Package (BSP) according to the product-specific requirements in a bottom-up process on Yocto Kirkstone LTS. This achieved a hardening of the system with high transparency and minimal dependencies. This enabled Schenck Process to gain complete control over the security chain and the level of security became verifiable. Finally, the BSP was no longer a black box, but was composed transparently and hardened.
In addition, emlix supported the project team in defining a Linux-based system architecture with a view to the entire software lifecycle. Requirements regarding reproducibility, maintainability, security and certifiability were already taken into account at the beginning of the project.
The IoT edge device CONiQ® Monitor is functionally located between machine and cloud. Therefore, security-relevant aspects - also with regard to the IT Security Act 2.0 - immediately come to the fore. emlix created and implemented an end-to-end security concept in the project, including secure boot, disk encryption and read-only filesytem. This also included TPM-supported security for communication with Amazon Web Services (AWS) via PKCS11. In order to implement the system in the best possible way, both manual activation via a corresponding configuration of the TPM in the BIOS and automatic activation for configuration in large-scale production and in the update process were implemented during activation of the TPM on the edge device in addition to pure commissioning.
Schenck Process is increasingly informing end customers about software parts lists as well. Therefore, in addition to security-relevant aspects, legal issues with regard to open source licenses had to be taken into account. emlix implemented license documentation of the open source components with SPDX 2 for this purpose.