A project to create embedded versions of Gentoo Linux has achieved preliminary releases on x86, MIPS, PPC, and ARM. The releases include native core system binaries, cross-platform toolchains, and, for x86, an optional hardened toolchain. The year-old project needs developers to help add cross-compile awareness to source packages.

Gentoo is a popular desktop and server Linux distribution, in which core system components are distributed as architecture-specific, native binaries, while all non-essential software packages are compiled from source, using a “portage” system similar to the “ports” system in FreeBSD. (Most Linux distributions install both core and non-essential software from pre-built packages of binaries, using convenient tools such as dpkg, rpm, yum, and others. Gentoo partisans say compiling is better, since compiler flags can be set to optimize builds for specific hardware.)

The preliminary release of Embedded Gentoo includes the core system components, pre-built as native binaries, for the four supported architectures. The components for each architecture are distributed in three compressed tar files called “stages” that correspond loosely to system complexity. These native components have been tested “fairly extensively,” according to project instigator Ned Ludd. What remains to be done is to add cross-compiler awareness to the 9,000-odd optional source packages in Gentoo, in order to create an embedded-specific “portage” system for Embedded Gentoo. “Gentoo Linux is slightly understaffed in the embedded area. New embedded developers are welcomed and encouraged,” says Ludd.

In addition to native binaries and source packages, Embedded Gentoo includes toolchains for each of the target architectures that aim to support cross-platform development. Toolchain developer Mike Frysinger says that “for all intents and purposes,” the toolchains are ready for normal and for cross-compiling use.

C libraries are especially important in a distribution where much software is built from source. Embedded Gentoo uses uClibc, a small-footprint library for embedded systems, rather than the full GNU C libraries. Ludd explains, “The consensus is pretty much that glibc has no place in embedded environments. The advantages of uClibc simply outweigh those of glibc.” And, Ludd adds, “If [you're] using glibc, you're using standard Gentoo. So technically it's already supported.”

The preliminary releases are based on uClibc 0.9.26+cvs, with patches and bugfixes applied on some architectures. Since the upstream uClibc developers have not yet achieved a major 1.0 release number, future ABI (application binary interface) changes could break backwards binary compatibility. “Any uClibc work should be considered experimental, until such time as uclibc-1.0 is released,” states Ludd.

The preliminary releases are intended for MMU-ful embedded systems (systems equipped with memory management units), although uclinux-sources is available in the portage tree for those working with MMU-less processors and microcontrollers.

Embedded Gentoo project background

The Embedded Gentoo project was instigated by Ludd, with assistance from Chris PeBenito. Ludd's company, Southern Linux Solutions (SLS), initially developed a minimalistic uClibc build system in the course of creating customer premise equipment for wireless cable networks (no oxymoron intended). The project progressed further when SLS was hired to convert Soekris boards into carrier-class wireless infrastructure for a provider in Savannah, Georgia. “SLS deemed [it to be] in our best interest to merge our changes back into the Gentoo distribution, to make it easy to rapidly develop new embedded products in the future. What used to take weeks now only takes a few hours,” says Ludd.

Ludd says the preliminary releases were created primarily by three core developers, including himself, Frysinger, and hardened toolchain developer Peter S. Mazinger. However, others are “waiting in the wings” and likely to contribute more, now that an actual release exists. These include Thierry Carrez ([email protected], documentation), David Bryson ([email protected], catalyst tool), Brian Jackson ([email protected], IRC help, testing, feature enhancements), Tom Billman (low-level software, nslu2-linux), and others on the “embedded-at-gentoo-dot-org” alias list.

Special hardening features

In addition to a standard version of uClibc, the x86 version of Embedded Gentoo offers a hardened version developed for carrier-class wireless infrastructure by Mazinger, Ludd, and the team at PaX, a project that researches ways to prevent software bug exploitation. Ludd says, “We pulled together, and feature- and bug-tested, filling each others' inboxes worse than a bad month of spam.”

The hardening features include:

• PIE (Position Independent Executables) — Executables that, like shared libraries, are relocated by the dynamic linker to a virtual address chosen by the host operating system at runtime, providing “position independence” aimed at stopping exploits that rely on predictable address spaces.
• ASLR (Address Space Layout Randomizations) — A kernel feature that helps PIE executables load in random locations, useful for protecting against the return-to-libc style attacks.
• SSP (Stack Smashing Protection, aka ProPolice) — A sophisticated yet simple protective compiler technology that makes use of canary values by rearranging local variables and function pointers. It can prevent many forms of the common return-to-libc attack.

Embedded Gentoo's hardening features may be added to the MIPS and PPC architectures, depending on interest, according to Mazinger.

Roadmap

In the future, Ludd says Embedded Gentoo would like to support the SuperH-5 architecture. And Frysinger, who also serves ably as Gentoo's ARM architect, according to Ludd, is willing to “fully support” ARM-based handhelds, if testing models are provided.

Additional project details, and links to downloads of the preliminary releases, can be found on the Embedded Gentoo homepage.

LinuxDevices.com welcomes Embedded Gentoo to the embedded Linux community!

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.