-
Overview
-
redpesk OS releases
-
Security updates
-
Application Framework Manager
-
Application Framework Binder
-
APIs & Services
-
Security manager
-
Trusted Boot
-
Recovery features
-
redpak
-
Minimal image
- Reduce image size
- Optimizing boot time
-
kernel fragments description
- Introduction to Linux Kernel Configuration
- 01 Disable IPC, Timers and Audit
- 02 Disable Kconfig, Scheduler and Initrd
- 03 Disable Perf, Profiling and Errata
- 04 Disable EFI, Power Management Debug and Energy Model
- 05 Disable Schedutil, CPUFreq Governors and Virtualization
- 06 Disable Kprobes and Jump Labels
- 07 Disable GCC Plugins and Function Alignment
- 08 Disable Partition Parsers
- 09 Enable Inline Spinlocks and Kernel Operations
- 10 Disable Swap, Memory Hotplug and KSM
- 11 Disable Networking IPv4, IPv6, Netfilter
- 12 Disable SCTP, VLAN, TIPC, BATMAN
- 13 Disable Wireless, Bluetooth, CAN and RFKILL
- 14 Disable PCI and Firmware
- 15 Disable GNSS and ProcEvents
- 16 Disable Block Storage NBD and AoE
- 17 Disable EEPROM and Misc Drivers
- 18 Disable Network Device Drivers
- 19 Disable PHY Drivers
- 20 Disable PPP, WLAN Coexistence, and Failover
- 21 Disable Input Devices
- 22 Disable Serial, TTY and TPM
- 23 Disable I2C, Power and Sensor Drivers
- 24 Disable MFD, Display and Media Drivers
- 25 Disable USB, Sound, RTC and VirtIO
- 26 Disable Filesystem Encodings and Compatibility
- 27 Enable Minimal Cryptographic Core with SHA3 and XTS
- 28 Disable Hardware Cryptography, Keep DRBG and Jitter Entropy
- 29 Disable Kernel Debugging Features
- 30 Disable Filesystem Verity and SecurityFS
-
Zephyr in Redpesk
-
Mender redpesk (OTA)
-
Hardware support
- Download images
- Image metrics
- Trusted Boot
- Boards - ARM64
- Boards - x86_64
- Boards - Virtual
- Miscs
Overview of redpesk OS
Built based CentOS, redpesk OS is a secure Linux system embedding:
- a security framework;
- a microservice framework;
- redpesk services
Built based on CentOS
The common components of redpesk: linux kernel, shell, POSIX tools, … are based on CentOS released components. This choice ensure that these components are used by a large community and that they are maintained in the long run.
All these components are rebuilt within our OS factory. This ensures coherence, agility and fine tuning: all features required for brand tainted OS base.
A security framework
With the objectives of protecting the system, giving flexibility to the application developers and allowing security auditing, redpesk OS defines a clean security environnement enforced by a security aware application framework.
It leverages the Linux Security Module (LSM) Smack with a permission framework to grant fine grained permission to application and/or services.
A microservice framework
Generally, it is meant that applications are consuming what services are offering. But for real, things are more complicated: services may need other services and applications can provide services, for their diagnostic tools for example. So, applications and services are in fact the same thing: both require a clean communication framework.
The redpesk microservice framework provides a unified communication model for an unified running environment that emphasises the creation of functional blocks connected together. The composition of the bricks across several systems, within a single process or between several processes is left open to the system’s architects who can make the best design with their constraints.
redpesk services
redpesk OS offers already existing services ready to be integrated in new designs.
Please refer to base services chapter to get the documentation of all services.