Cosign support in VxWorks RTOS container engine
Date: 08/11/2023
Wind River now supports Sigstore's Cosign for its real-time operating system (RTOS) container engine, providing enhanced security for VxWorks-based devices using containers for software deployment and management. VxWorks is the sole RTOS that supports Open Container Initiative(OCI)-compliant containers.
In 2022, Wind River added support for the overlay file system to their existing real-time embedded container engine. The overlay file system is an important component for application isolation. This container engine, which was first released in 2021, is designed for VxWorks and was developed based on customer feedback and the use of OCI specifications under the CNCF.
Wind River offers assistance for Kubernetes through an authentic embedded kubelet. This eliminates the need for obscure tools and workflows, allowing teams to save money and reduce risks by utilizing open standards, familiar workflows, tools, and infrastructures to deploy, operate, manage, and update real-time safe and certifiable software for an RTOS, just like they would with Linux.
“As the first and only RTOS to support OCI-compliant containers, VxWorks is simplifying software deployment and management, effectively reducing operational costs, to develop and deploy intelligent edge software better and faster, without compromising determinism and performance,” said Avijit Sinha, chief product officer, Wind River. “Our latest development in adding support for Cosign is helping teams further strengthen secure application deployment and updates. Containers are creating a major impact across mission-critical industries, such as automotive, aerospace, defense, and industrial, and are helping to further advance a software-defined approach to these markets.”
“Architectures leveraging containerized microservices have several key advantages over traditional applications and development approaches. For the integration of mixed-criticality components, containers enable a collection of microservices to be developed with multiple programming languages or have varying levels of criticality. Existing components with higher design assurance levels (DAL) can be isolated from rapidly changing ones with lower DALs — reducing recertification costs. Creating lower-DAL enclaves using containerized microservices enables the lower-criticality components of these systems to benefit from open source software and agile development techniques,” according to the Collins Aerospace white paper, “Modular Avionics Solutions: Our Microservices and Container Solutions Enable a Modular, Open Systems Approach, 2022.”
“Aptiv is fostering rapid innovation and accelerating our customers’ transition to the software-defined vehicle with groundbreaking containerization solutions like VxWorks from Wind River,” said Benjamin Lyon, senior vice president and chief technology officer, Aptiv. “By enabling developers to efficiently create new containerized applications and easily modernize existing ones, VxWorks provides incredible value to automotive Tier 1s and OEMs by significantly reducing the burden and cost of software updates and unlocking new business models.”
The VxWorks container engine already has secure access to the registry and applications. With the added support for Cosign, it can handle signed containers. Cosign provides a flexible standard for signing and verifying container images. It simplifies the signing and verification process by allowing developers to reuse existing development infrastructure like cloud-managed KMS and container registries. Wind River was recently recognized with a 2023 Platinum Innovators Award for VxWorks container support.
For more information visit: www.windriver.com/containers.
Source: Wind River
