NewsWind River Ups the Ante in Software Security with Sigstore’s Cosign Integration

Wind River Ups the Ante in Software Security with Sigstore’s Cosign Integration

Category articles

Wind River, a forefront entity in creating software for mission-essential intelligent systems, has made significant strides in enhancing its real-time operating system (RTOS) container engine by incorporating support for Sigstore’s Cosign. This strategic move ensures that devices built on VxWorks witness a heightened security level when employing containers for software deployment and management.

Notably, VxWorks emerges as the only RTOS extending support to Open Container Initiative (OCI) compliant containers.

A Leap from the Initial Offering

Wind River’s commitment to software excellence was evident when they rolled out their real-time embedded container engine in 2021. This engine, specially designed for VxWorks, stemmed from diligent customer feedback and meticulous adherence to OCI specifications (spanning packaging, distribution, runtime, and runc) governed by the Cloud Native Computing Foundation (CNCF).

In 2022, the firm took another leap by incorporating support for the overlay file system, thereby bolstering application isolation—a fundamental aspect of software security.

Kubernetes Support: A Game-Changer

Adding another feather to their cap, Wind River also facilitates support for Kubernetes through an authentic embedded kubelet. This implies that teams can now abandon the traditional, lesser-known tools and workflows, steering towards open standards, familiar workflows, tools, and infrastructures. This not only streamlines the process of deploying, operating, and updating real-time software for an RTOS but also parallels the ease experienced with Linux.

Avijit Sinha, Wind River’s Chief Product Officer, emphasized the transformative role VxWorks plays. By being the sole RTOS supporting OCI-compliant containers, it revolutionizes software management, slashing operational expenses and enabling efficient deployment of intelligent edge software. He further highlighted that their recent initiative to incorporate Cosign support aims to fortify secure application deployment and updates.

Containerization, as Sinha pointed out, is pivotal for mission-critical sectors including automotive, aerospace, defense, and industrial, instigating a shift towards a software-centric approach in these industries.

Highlighting the Advantages of Containerized Microservices

According to a white paper from Collins Aerospace titled “Modular Avionics Solutions: Our Microservices and Container Solutions Enable a Modular, Open Systems Approach, 2022,” architectures built on containerized microservices possess distinct advantages over conventional application and development strategies. Containers allow a suite of microservices to be framed using diverse programming languages or to possess different criticality levels. This approach aids in segregating components with high design assurance levels from those that undergo frequent modifications, leading to substantial savings on recertification costs.

Furthermore, Benjamin Lyon, Senior Vice President and Chief Technology Officer at Aptiv, lauded VxWorks by Wind River for spurring innovation and catalyzing the transition to software-defined vehicles. VxWorks has proven instrumental for automotive Tier 1s and OEMs by simplifying software updates and paving the way for novel business strategies.

A Focus on Enhanced Security with Cosign

While the VxWorks container engine had already been equipped with secure registry access and secure applications, its compatibility with Cosign introduces an advanced layer of security. Cosign, renowned for its flexible standards in signing and verifying container images, streamlines the signature and verification processes, empowering developers to capitalize on existing infrastructures, including cloud-managed KMS and container registries.

Michal Pukala
Electronics and Telecommunications engineer with Electro-energetics Master degree graduation. Lightning designer experienced engineer. Currently working in IT industry.