GyroidOS Released for Secure Embedded Devices
GyroidOS, a new open-source virtualization operating system, has been released for secure embedded devices. The OS supports x86, ARM, and RISC-V architectures, including platforms like the Raspberry Pi, and is designed to aid in achieving cybersecurity certifications such as Common Criteria.
- GyroidOS utilizes OS-level virtualization, leveraging Linux-specific features like namespaces, cgroups, and capabilities to isolate multiple GuestOS stacks on a single, shared Linux kernel. This design provides a smaller software footprint and better separation of privileged instances compared to container solutions like Docker. - The project was developed by Fraunhofer AISEC, a German research institute focused on applied security. It originated from a project codenamed "trust|me," which initially aimed to isolate multiple Android instances on a single mobile device for "bring your own device" (BYOD) scenarios. - The operating system architecture is designed to be modular, moving non-essential but critical components, such as update and remote management functions, into a less privileged "core container." This approach is comparable to the dom0 concept in the Xen hypervisor. - GyroidOS incorporates a range of hardware-based security features, including Secure Boot, Measured Boot with remote attestation using a Trusted Platform Module (TPM), full disk encryption, and support for Secure Elements for two-factor authentication. - It is designed to support multiple architectures, with confirmed compatibility for 32/64-bit x86 systems, ARM64 (including Raspberry Pi 4 and 5), ARM32 (Raspberry Pi 2), and 64-bit RISC-V (BeagleV-Fire). - The system is built using Yocto and has an experimental converter for Docker containers. Management of the system and its containers is performed through a socket-based command-line tool, with a protobuf-based control interface available for more complex use cases like a web-based UI. - A key goal of GyroidOS is to streamline the process for achieving security certifications like Common Criteria (ISO/IEC 15408) and IEC 62443. It has already received an "IDS-ready" label as part of the Trusted Connector for the International Data Spaces (IDS) initiative. - The project was officially open-sourced in 2022, and a session titled "Embedded Linux Security Exercised on the Secure Platform GyroidOS" was presented at the Embedded World 2026 conference.
