News Archive (1999-2012) | 2013-current at LinuxGizmos | Current Tech News Portal |    About   

Wind River preps secure, EAL4+-compliant Linux distro

Jul 12, 2010 — by Eric Brown — from the LinuxDevices Archive — 1 views

Wind River announced that an upcoming, security-hardened version of its commercial embedded operating system, Wind River Linux Secure, is being evaluated by the National Information Assurance Partnership (NIAP) for Common Criteria Evaluation Assurance Level 4+ (EAL4+) certification. In addition, Wind River Linux Secure has been accepted by the National Institute of Standards and Technology (NIST) as a cryptographic module for evaluation to the FIPS 140-2 standard, says the company.

A specialized, hardened version of Wind River Linux, Wind River Linux Secure is expected to be available in the first half of 2011, pending certification completion, says the Intel subsidiary. Once certified for EAL4+, Wind River Linux Secure would conform to NIAP's General Purpose Operating System Protection Profile, says the company. Atsec Information Security has been chosen by Wind River as its Common Criteria Test Lab to conduct the independent evaluation of Wind River Linux Secure, says the company.

First open source Linux distro supporting EAL4+ and FIPS 140-2

Wind River Linux Secure will offer companies with government-mandated security certification requirements, such as Common Criteria EAL4+ and FIPS 140-2, with what is likely to be the first secure, commercial, general-purpose embedded Linux operating system, says Wind River. The software will enable Linux to be deployed securely on x86, PowerPC, and ARM-based hardware from vendors including Freescale, Intel, and Texas Instruments, says the company.

Wind River Linux Secure will also be the first certified, open-standards platform supporting EAL4+, with full traceability to source code for all Linux modules, says Wind River. As a result, developers will enjoy greater flexibility, interoperability, and transparency in developing secure software systems, adds the company. The software is said to enable developers to avoid the time, money, and risk involved with undertaking Common Criteria and FIPS security certification on their own.

In addition to conforming to Common Criteria requirements for EAL4+, Wind River Linux Secure provides an additional layer of security through mandatory access controls, or MAC, says the company. Other security features are said to include identification and authentication, audit, discretionary access control, cryptographic services, security management, and security function protection tools, says Wind River.

SELinux support

The software is also said to enable the use of the NSA-developed, multilevel Security Enhanced Linux, or SELinux distribution. Run-time memory protection is offered through grsecurity and several system recovery tools.

MontaVista Software claimed to be the first carrier-grade OS to include the SELinux recommendations created by the National Security Agency (NSA) with the release of its MontaVista Linux Carrier Grade Edition (CGE) 5.0 in 2007. Red Hat Enterprise Linux also supports SELinux, although it is not typically used on embedded platforms.

In March, Wind River announced it had expanded its partner validation program for Wind River Linux and VxWorks to the aerospace and defense market. Wind River said it will work with a number of partners to develop integrated solutions that will meet mil-aero safety standards including RTCA DO-178B and EUROCAE ED-12B Level A, as well as the Common Criteria EAL4 and EAL6+ security standards.

Wind River also announced today that its VxWorks MILS Platform has been listed by NIAP as being in evaluation to EAL6+/NSA High Robustness under the Common Criteria Evaluation and Validation Scheme.

Stated Chip Downing, director for aerospace and defense at Wind River.,"As the first and only commercial Linux vendor to produce an embedded Linux solution in evaluation to Common Criteria EAL 4+, Wind River will be providing customers with a wide choice of hardware platforms for secure applications such as military communications and software-defined radio systems. Additionally, with security mandates and tighter regulations on the rise across industries, the potential to use embedded Linux in secure solutions for networking infrastructure, energy and medical systems is tremendous."


Wind River Linux Secure will initially be available on selected platforms of Intel architecture, Power Architecture, and ARM in the first half of 2011, says Wind River. The company is also said to offer customizations for embedded hardware platforms to support advanced security certification needs for customers and partners.

Wind River Linux Secure's listing on NIAP's site may be found here, and on NIST's site, in a PDF file, here. More information about Wind River's aerospace and defense solutions may be found here.

This article was originally published on and has been donated to the open source community by QuinStreet Inc. Please visit for up-to-date news and articles about Linux and open source.

Comments are closed.