Foundries.io emerged from stealth with the notion that tight integration and instant software updates are the best security for edge, embedded, and IoT devices.
That philosophy is behind the company’s “microPlatforms” software that target devices running Linux or Zephyr distributions for the embedded, IoT, connected device, and edge markets. The Foundries.io platform allows for security and bug fix updates to be immediately sent to those devices. The software includes firmware, kernel, services, and application support, with Foundries.io handling the engineering, testing, and deployment of those updates.
“Rather than original software builds being maintained for product lifetimes that can reach 10 years or more, the microPlatforms are built from the ground up to enable product manufacturers to always and immediately selectively deploy the latest security updates, bug fixes, and new features to their customers, ensuring the safety of the internet of things and the security of data throughout the network,” explained Foundries.io CEO George Grey.
The software can run customer-specific services and applications natively or in containers using Kubernetes as an orchestration layer. This allows remote management of the product software from private or public cloud device management platforms on edge devices using standard enterprise tools such as Ansible and Kubernetes.
The platform is also cloud agnostic so a company can plug into their current management platform. This would include something like Amazon Web Services‘ (AWS) Greengrass platform.
Grey said that every embedded product today serving the IoT space is different in terms of its core platform software. This has led to fragmentation in the market and that puts strain on the security of the platform.
“Historically the process has been very proprietary in terms of the software stack used in these devices,” Grey said. “This was done with the hope that once deployed that device would never have to be touched again.”
However, the edge and IoT ecosystem includes devices deployed in remote locations that can be challenging to access. Foundries.io tackles this issue by using open source as the basis for its long-term support and targeting the core operating system.
“We can’t guarantee that you can continue to put more complex applications on a legacy device, but the core operating system will always be able to handle a security or bug fix,” Grey said.
He also noted that the IoT ecosystem has evolved to the point where more complex software and hardware systems are needed. And this requires the ability to update those systems in case of a new security or bug fix.
“Look at Spectre and Meltdown or the more recent Foreshadow bugs. That makes it obvious that you have to be able to update all pieces of the software in a connected device,” Grey said. “We are unique in that we are providing continuous delivery to software to keep it up to date so if there is a security problem it can be deployed and fixed immediately. We do all of the engineering work so it’s ready to go.”
This engineering work is helped by the use of a single source code across the platform. Grey said that this allows for every update to be easily migrated across the core platform. “It’s a network effect in that every contribution makes the platform better,” he explained.
Linaro Base
Foundries.io was spun out of and is financially supported by software provider Linaro. That company provides open source software for the ARM ecosystem. Grey said Foundries.io is the for-profit version of that business.
The model uses a low-cost software platform that Foundries.io maintains (the for-profit part) and that a customer can then build IP and apps on top of. Foundries.io charges a per-project fee for the platforms. The Linux platform runs $25,000 per year, per project, while the Zephyr project runs $10,000 per year, per project. The Linux platform is targeted at more complex devices, while the Zephyr platform is designed for more basic devices.
Grey said this per-project models means that a company could use the same “internals” for different devices that would all be covered under the same fee. “It really does make it less expensive for those companies than having to commit their own resources to trying to handle the updating, especially over the long term,” he said.