Glossary

Aktualizr-lite

Default Update agent for FoundriesFactory.

Bitbake

Similar in purpose to Make. Part of Open Embedded/Yocto Project. It bakes recipes into packages/images.

BSP
Board Support Package

Software/data needed for specific hardware such as firmware and device drivers. May come from a vendor or the community.

Within the Yocto Project, a “meta-bsp” layer provides a BSP. These generally follow the convention of meta-<board-name>. You can read more about BSP layers in the Yocto Project’s BSP developer guide

CA
Certificate Authority

Creates and signs certificates which certifies public keys. Frequently used by browsers.

CI Targets

TUF Targets created during the CI builds and delivered to non-production devices during an OTA update.

CSR
Certificate Signing Request

Protocol to securely issue an X.509 certificate, if provided attributes.

Device Fleet

The set of all devices in a Factory.

Device Gateway

Through which devices connect to OTA services. Configured with mutual TLS.

Device Tag

Instructs the Device Gateway to return the corresponding set of TUF metadata. A tag (string value) gets set in a device config.

Distro
Distribution

A collection of tools/files/software along with a Linux Kernel, which form an Operating System to meet a given use case. FoundriesFactory provides the LmP distro.

In the context of the Yocto Project, it also refers to the file containing the description of what the Linux Distribution should be. The variable for setting the distribution is DISTRO, which defaults to lmp.

Docker-Compose App
Compose App

Also referred to as app. A folder in containers.git, containing a docker-compose.yml. The name of this folder is the name of your Docker-Compose App.

ECC
Elliptic Curve Cryptography

An approach in public-key cryptography based on elliptic curves over finite fields. This allows for smaller keys than otherwise, but with an equivalent security level.

ECIES
Elliptic Curve Integrated Encryption Scheme
Protocol to securely encrypt data using an EC public key that can only be decrypted by the private key owner. Used by FoundriesFactory to provision configuration changes to devices.
EVK
Evaluation kit. A board/hardware used for evaluating and developing before production.
Factory

An instance of FoundriesFactory tailored to your device and needs. Created to support a specific machine. A Factory produces Targets.

factory-config.yml

A file in the ci-scripts.git repository of the Factory which controls all configurable aspects of a Factory. Such as Advanced Tagging, Container Preloading and email alerts.

FIO

Foundries.io Git development tags used for upstream patches.

Fioconfig

Simple daemon designed to manage configuration data for an embedded device. Based on a customized OTA Community Edition device-gateway endpoint.

Fioctl

Factory management tool to interact with the Foundries.io REST API. Source code available via the Fioctl GitHub repo.

Foundries.io

Provider of FoundriesFactory® DevSecOps platform and the Linux microPlatform™ OS.

FoundriesFactory
Foundries.io’s Cloud native DevSecOps platform. Used for building, testing, deploying and maintaining Linux-based devices. Includes the Linux microPlatform distro, OTA update mechanisms, and management tools such as Fioctl. An instance of FoundriesFactory—customized to your needs and machine—is a Factory.
Fragments

Kernel configuration fragments are Linux kernel configuration options outside a Linux Kernel .config. These get applied by the OpenEmbedded build system.

Hardware Root of Trust

The first step in a security process used to trust code; always trusted. Includes HSM/TPM and Secure Boot.

HSM
Hardware Security Module

A physical device generally used for managing digital keys and encrypting and decrypting data.

Image

The final artifact of an Yocto Project build and appears in several contexts. It can be the artifact resultant of an CI build, or a local build. It can be a bootable image or part of an update.

Key Agreement
Symmetric key negotiation—definition of a shared secret—without having to transmit the key.
Key Transport
Symmetric key created by one party and transmitted to the other party as ciphertext.
Layer

Openembedded/Yocto Project Layers. A layer is a collection of related recipes/files. Generally layers have the prefix meta-, such as meta-lmp

Linux microPlatform
LmP

The FoundriesFactory embedded Linux distro included in your Factory. Included via the meta-lmp Layer. Source code available via the meta-lmp GitHub repo.

lmp-device-register

Tool for managing device registration via the Foundries.io REST API.

MACHINE
The machine name, as configured in the Yocto Project meta-layer. Officially supported in FoundriesFactory if listed in Board Machine Names.
Machine

In the context of the Yocto Project/Open Embedded, the device target to build an image for. Defined by the variable MACHINE in local.conf within a Yocto Project build directory, via a script/configuration tool.

For LmP, the target device to build an image for gets defined within the Factory Definition.

Manifest

A manifest repository containing a manifest file for the Repo tool The manifest file is default.xml and contains the other repositories used. The LmP manifest repository is lmp-manifest.git which is part of all Factories.

mfgtools

Freescale/NXP® I.MX Chip tools. Also see UUU.

mTLS

A mutual TLS where both client and server must present an X.509 certificate to prove identity and authorize connection. This is how Factory devices talk to the device gateway for OTA. Compared to TLS, mTLS has the benefit of protecting intellectual property, but does not add more protection from device data manipulation.

OAuth2
The industry-standard protocol for authorization developed within the IETF OAuth Working Group.
Open Embedded
OpenEmbedded-core

Build system used by the Yocto Project.

OpenEmbedded-core —or OE-Core— is the layer containing the core Open Embedded metadata.

OSTree

OSTree is both a shared library and suite of command line tools. It combines a “git-like” model for committing and downloading bootable filesystem trees, along with a layer for deploying them and managing the bootloader configuration.

OTA Update
Over-The-Air Update
OTA

Updating firmware and software for a system/device remotely. The update on a device is triggered remotely and the data fetched from the OTA service via internet.

PKCS #11
Public-Key Cryptography Standards # 11

Defines an API for cryptographic tokens, implemented by OP-TEE. Supported for Factory PKI and storage of device keys.

PKI
Public Key Infrastructure

How digital certificates and keys relate to their owners and can be trusted.

Poky
Reference distro for the Yocto Project. Meant for illustrative uses, not for Production purposes.
Production Device

A device with a flag in its certificate which enables it to receive production updates.

Production Targets

TUF Targets delivered to production devices during an OTA Update.

PXE
Preboot eXecution Environment,
Specification that describes a standardized client–server environment that boots a software assembly, retrieved from a network, on PXE-enabled clients.
QEMU

Quick Emulator. Open Source emulator covering common architectures. FoundriesFactory supports the QEMU machines covered in our User-Guide.

Recipe

A central Yocto Project concept, recipes are the instructions and data for a software package read by Bitbake.

You can identify recipes by the .bb filename extension. A recipe can be modified/extended by using a .bbappend file.

A collection of related recipes is a layer.

Repo

Tool for projects with multiple git repositories.

Note that “repo” is also used as shorthand for repository.

Rollback

The process of an online (OTA) or offline update applying a software or firmware version that was running on a device before a failed update.

Rootfs

The root file system is the collection of all the files and directories in the image. In this context, it is created by the Yocto Project tools and can be extended during the first build. It can be read-only or not.

Also see ostree.

RPMB

Replay Protected Memory Block. Used as secure storage.

SDK
Software Development Kit

The Yocto Project Standard SDK is used for cross-development toolchain/libraries. Generated for a specific image.

SE050

The EdgeLock SE05x Secure Element.

Secure Boot

Helps ensure only trusted software executes at boot.

Secure World
Trusted Execution Environment (TEE) on ARM.
SOTA

Secure-Over-The-Air. See OTA.

Static Deltas

One or more compressed binary files containing a diff between two filesystem trees. Stored in an ostree repo and represented by a commit hash.

System Image
The OS image produced by the Factory that is flashed to all devices. The build artifact is commonly named lmp-factory-image-<hardware-id>.wic.gz
Target

A description of the software a device should run. This description is visible as metadata in targets.json. Includes details such as OSTree Hash and Docker-Compose App URIs, but are arbitrary.

target
The name of resultant CI build. The kind of artifact generated by the CI build depends on which build is it. In the context of the Yocto Project, the machine/architecture artifacts to build for.
targets.json
Part of TUF Metadata that specifies what Targets are valid to install. You can view the summary with fioctl targets list, or view in full with fioctl targets list --raw
TEE
OP-TEE

Trusted Execution Environment. In general, a hardware based component where code can run.

TF-A
Trusted Firmware-A

Secure world software for Armv7-A and Armv8-A.

TLS
Transport Layer Security

Cryptographic protocol for securing communication within a network.

TLS Handshake
The procedure belonging to the TLS protocol where the client and server agree on how to exchange information.
TPM 2
Trusted Platform Module 2.0 implementation

A standard for a cryptoprocessor. Used to check platform integrity and to form a root of trust.

TUF
The Update Framework

Open Source Framework and Specification used to help keep software update systems secure against different attack types. Uses its own keys. Also used for updating Fioctl. See-also: Target

UEFI
Unified Extensible Firmware Interface

Standard which connects firmware for booting the hardware and operating system(s). Also defines Secure Boot.

Update Agent

Software that runs on a device and performs OTA updates.

UUU
Universal Update Utility

A manufacturing tool designed to flash i.MX boards with a given image. mfgtools uses configuration files with the .uuu extension.

Wave

The FoundriesFactory method for adding a specific CI Targets version to production Targets. Provisions it to production devices in a controlled way.

Wave Rollout
An action of rolling out an OTA update associated with a Wave to a subset of production devices.
Wave Tag
A tag designating production devices to which a given Wave is being provisioned.
Wic

Utility for creating partitioned OpenEmbedded images (.wic)

WireGuard

Open Source protocol and software for VPNs.

WKS

OpenEmbdded kickstart file. Used to create the Wic partitioned image.

X.509
An International Telecommunication Union (ITU) standard defining the format of public key certificates.
Yocto Project

A collection of tools and processes for Embedded Linux creation and development. Familiarity with the Yocto Project will aid with customizing the LmP. The official documentation provides in-depth details and guides.