Terminology

Aktualizr-lite

Default Update agent for FoundriesFactory.

Reference Manual, Aktualizr-lite

Bitbake

Similar in purpose to Make. Part of Open Embedded/Yocto Project. It bakes recipes into packages/images.

Board Support Package

Software/data needed for specific hardware such as firmware and device drivers. May come from a vendor or the community.

Within the Yocto Project, a “meta-bsp” layer provides a BSP. These generally follow the convention of meta-<board-name>. You can read more about BSP layers in the Yocto Project’s BSP developer guide

CA

Certificate Authority

Creates and signs certificates which certifies public keys. Frequently used by browsers.

Root of Trust, Managing Factory PKI

CI Targets

TUF Targets created during the CI builds and delivered to non-production devices during an OTA update.

Reference Manual, CI Targets

CSR

Certificate Signing Request

Protocol to securely issue an X.509 certificate, if provided attributes.

Device Fleet

The set of all devices in a Factory.

Device Gateway

Through which devices connect to OTA services. Configured with mutual TLS.

Device Tag

Instructs the Device Gateway to return the corresponding set of TUF metadata. A tag (string value) gets set in a device config.

OTA Reference manual, Device Tags

Distro

Distribution

A collection of tools/files/software along with a Linux Kernel, which form an Operating System to meet a given use case. FoundriesFactory provides the LmP distro.

In the context of the Yocto Project, it also refers to the file containing the description of what the Linux Distribution should be. The variable for setting the distribution is DISTRO, which defaults to lmp.

Docker-Compose App

Compose App

Also referred to as app. A folder in containers.git, containing a docker-compose.yml. The name of this folder is the name of your Docker-Compose App.

ECC

Elliptic Curve Cryptography

An approach in public-key cryptography based on elliptic curves over finite fields. This allows for smaller keys than otherwise, but with an equivalent security level.

ECIES

Elliptic Curve Integrated Encryption Scheme

Protocol to securely encrypt data using an EC public key that can only be decrypted by the private key owner. Used by FoundriesFactory to provision configuration changes to devices.

EVK

Evaluation kit. A board/hardware used for evaluating and developing before production.

Factory

An instance of FoundriesFactory tailored to your device and needs. Created to support a specific machine. A Factory produces Targets.

factory-config.yml

A file in the ci-scripts.git repository of the Factory which controls all configurable aspects of a Factory. Such as Advanced Tagging, Container Preloading and email alerts.

Reference Manual, Factory Definition

FIO

Foundries.io Git development tags used for upstream patches.

Understanding FIO Development Tags

Fioconfig

Simple daemon designed to manage configuration data for an embedded device. Based on a customized OTA Community Edition device-gateway endpoint.

Fioctl

Factory management tool to interact with the Foundries.io REST API. Source code available via the Fioctl GitHub repo.

Foundries.io

Provider of FoundriesFactory® DevSecOps platform and the Linux microPlatform™ OS.

Website

FoundriesFactory

Foundries.io’s Cloud native DevSecOps platform. Used for building, testing, deploying and maintaining Linux-based devices. Includes the Linux microPlatform distro, OTA update mechanisms, and management tools such as Fioctl. An instance of FoundriesFactory—customized to your needs and machine—is a Factory.

Fragments

Kernel configuration fragments are Linux kernel configuration options outside a Linux Kernel .config. These get applied by the OpenEmbedded build system.

LmP Linux Kernel Reference Manual, LmP Kernel Configuration Fragments

Hardware Root of Trust

The first step in a security process used to trust code; always trusted. Includes HSM/TPM and Secure Boot.

Security, OP-TEE on the Versal Adaptive Computer Acceleration Platform

HSM

Hardware Security Module

A physical device generally used for managing digital keys and encrypting and decrypting data.

Image

The final artifact of an Yocto Project build and appears in several contexts. It can be the artifact resultant of an CI build, or a local build. It can be a bootable image or part of an update.

Key Agreement

Symmetric key negotiation—definition of a shared secret—without having to transmit the key.

Key Transport

Symmetric key created by one party and transmitted to the other party as ciphertext.

Layer

Openembedded/Yocto Project Layers. A layer is a collection of related recipes/files. Generally layers have the prefix meta-, such as meta-lmp

Linux microPlatform

LmP

The FoundriesFactory embedded Linux distro included in your Factory. Included via the meta-lmp Layer. Source code available via the meta-lmp GitHub repo.

lmp-device-register

Tool for managing device registration via the Foundries.io REST API.

MACHINE

The machine name, as configured in the Yocto Project meta-layer. Officially supported in FoundriesFactory if listed in Board Machine Names.

Machine

In the context of the Yocto Project/Open Embedded, the device target to build an image for. Defined by the variable MACHINE in local.conf within a Yocto Project build directory, via a script/configuration tool.

For LmP, the target device to build an image for gets defined within the Factory Definition.

Manifest

A manifest repository containing a manifest file for the Repo tool The manifest file is default.xml and contains the other repositories used. The LmP manifest repository is lmp-manifest.git which is part of all Factories.

Repo Source Control Tool, Repo and the LmP

mfgtools

Freescale/NXP® I.MX Chip tools. Also see UUU.

mfgtools GitHub Repository

mTLS

A mutual TLS where both client and server must present an X.509 certificate to prove identity and authorize connection. This is how Factory devices talk to the device gateway for OTA. Compared to TLS, mTLS has the benefit of protecting intellectual property, but does not add more protection from device data manipulation.

OAuth2

The industry-standard protocol for authorization developed within the IETF OAuth Working Group.

Open Embedded

OpenEmbedded-core

Build system used by the Yocto Project.

OpenEmbedded-core —or OE-Core— is the layer containing the core Open Embedded metadata.

Open Embedded Website

OSTree

OSTree is both a shared library and suite of command line tools. It combines a “git-like” model for committing and downloading bootable filesystem trees, along with a layer for deploying them and managing the bootloader configuration.

OTA Update

Over-The-Air Update

OTA

Updating firmware and software for a system/device remotely. The update on a device is triggered remotely and the data fetched from the OTA service via internet.

PKCS #11

Public-Key Cryptography Standards # 11

Defines an API for cryptographic tokens, implemented by OP-TEE. Supported for Factory PKI and storage of device keys.

PKI

Public Key Infrastructure

How digital certificates and keys relate to their owners and can be trusted.

Poky

Reference distro for the Yocto Project. Meant for illustrative uses, not for Production purposes.

Production Device

A device with a flag in its certificate which enables it to receive production updates.

Production Targets

TUF Targets delivered to production devices during an OTA Update.

QEMU

Quick Emulator. Open Source emulator covering common architectures. FoundriesFactory supports the QEMU machines covered in our User-Guide.

Recipe

A central Yocto Project concept, recipes are the instructions and data for a software package read by Bitbake.

You can identify recipes by the .bb filename extension. A recipe can be modified/extended by using a .bbappend file.

A collection of related recipes is a layer.

Repo

Tool for projects with multiple git repositories.

Note that “repo” is also used as shorthand for repository.

Rollback

The process of an online (OTA) or offline update applying a software or firmware version that was running on a device before a failed update.

Rootfs

The root file system is the collection of all the files and directories in the image. In this context, it is created by the Yocto Project tools and can be extended during the first build. It can be read-only or not.

Also see ostree.

RPMB

Replay Protected Memory Block. Used as secure storage.

Machines with Secure Aspects Enabled Reference Manual, Accessing RPMB Secure Storage

SDK

Software Development Kit

The Yocto Project Standard SDK is used for cross-development toolchain/libraries. Generated for a specific image.

SE050

The EdgeLock SE05x Secure Element.

Secure Boot

Helps ensure only trusted software executes at boot.

Secure World

Trusted Execution Environment (TEE) on ARM.

SOTA

Secure-Over-The-Air. See OTA.

Static Deltas

One or more compressed binary files containing a diff between two filesystem trees. Stored in an ostree repo and represented by a commit hash.

Reference Manual, Static Deltas

System Image

The OS image produced by the Factory that is flashed to all devices. The build artifact is commonly named lmp-factory-image-<hardware-id>.wic.gz

Target

A description of the software a device should run. This description is visible as metadata in targets.json. Includes details such as OSTree Hash and Docker-Compose App URIs, but are arbitrary.

Tutorial, Target

target

The name of resultant CI build. The kind of artifact generated by the CI build depends on which build is it. In the context of the Yocto Project, the machine/architecture artifacts to build for.

targets.json

Part of TUF Metadata that specifies what Targets are valid to install. You can view the summary with fioctl targets list, or view in full with fioctl targets list --raw

TEE

OP-TEE

Trusted Execution Environment. In general, a hardware based component where code can run.

TF-A

Trusted Firmware-A

Secure world software for Armv7-A and Armv8-A.

Factory Keys, TF-A Keys

TLS

Transport Layer Security

Cryptographic protocol for securing communication within a network.

See-also: mTLS

TLS Handshake

The procedure belonging to the TLS protocol where the client and server agree on how to exchange information.

TPM 2

Trusted Platform Module 2.0 implementation

A standard for a cryptoprocessor. Used to check platform integrity and to form a root of trust.

Security, Trusted Platform Module

TUF

The Update Framework

Open Source Framework and Specification used to help keep software update systems secure against different attack types. Uses its own keys. Also used for updating Fioctl. See-also: Target

UEFI

Unified Extensible Firmware Interface

Standard which connects firmware for booting the hardware and operating system(s). Also defines Secure Boot.

Update Agent

Software that runs on a device and performs OTA updates.

Custom Sota Client User Guide, Custom Update Agent

UUU

Universal Update Utility

A manufacturing tool designed to flash i.MX boards with a given image. mfgtools uses configuration files with the .uuu extension.

Wave

The FoundriesFactory method for adding a specific CI Targets version to production Targets. Provisions it to production devices in a controlled way.

Production Targets Reference Manual, Wave

Wave Rollout

An action of rolling out an OTA update associated with a Wave to a subset of production devices.

Wave Tag

A tag designating production devices to which a given Wave is being provisioned.

Wic

Utility for creating partitioned OpenEmbedded images (.wic)

WireGuard

Open Source protocol and software for VPNs.

WKS

OpenEmbdded kickstart file. Used to create the Wic partitioned image.

OpenEmbdded Kickstart Reference

X.509

An International Telecommunication Union (ITU) standard defining the format of public key certificates.

Yocto Project

A collection of tools and processes for Embedded Linux creation and development. Familiarity with the Yocto Project will aid with customizing the LmP. The official documentation provides in-depth details and guides.