DDC-I and wolfSSL announced the availability of version 5.0 of the wolfSSL embedded SSL library, wolfCrypt cryptography library and certification kit, and wolfBoot secure boot loader for DDC-I’s Deos DO-178 safety-critical real-time operating system. The Deos RTOS equipped with DAL-A-certifiable wolfSSL, wolfCrypt and wolfBoot enables avionics developers to quickly add secure, encrypted, FIPS 140-2-certified data transport communications and secure boot loading to their avionics systems.
Deos provides a robust foundation for secure systems, its modularity, hard partitioning, denial of dynamic operations, integrity checks, and controlled interprocess communications making it the preferred environment for high assurance systems. The addition of wolfSSL, wolfCrypt, and wolfBoot provides the proper cryptographic underpinnings for secure data transport, boot and firmware upgrades. Together, Deos and the wolf suite bring trusted, military-grade security to connected avionics systems, making it ideal for not only military systems, but also urban air mobility and next generation commercial avionics systems.
“WolfSSL and Deos bring trusted, military-grade security to connected commercial and military aircraft,” said Bob Morris, President and CEO at DDC-I. “Advanced safety-critical features like time/space partitioning and the ability to support multiple isolated TCP/IP stacks make Deos an excellent platform for deploying avionics applications that utilize wolfSSL capabilities like secure boot, FIPS 140-2 crypto and secure TCP/IP technologies.”
“The integration of Deos should prove very attractive to avionics developers who require a secure, out-of-the-box, safety-critical solution that comes ready to certify, complete with DAL A evidence,” said Larry Stefonic, CEO and Founder at wolfSSL. “We have a very strong working relationship with DDC-I and have found Deos to be quite straightforward to work with. Together, I believe we offer our joint customers a world class platform that features best-in-class RTOS and security.”
The wolfSSL embedded SSL library is a lightweight, portable, C language-based SSL/TLS library that targets embedded and RTOS environments for connected applications such as avionics. Featuring FIPS 140-2 certified cryptography, the compact library supports industry standards up to TLS 1.3 and DTLS 1.2, is up to 20 times smaller than OpenSSL, offers a simple API, provides an OpenSSL compatibility layer, and includes OCSP and CRL support.
To facilitate DO-178C level A certification, the wolfCrypt certification kit provides traceable artifacts for the following encryption algorithms: SHA-256 message digest; AES encryption and decryption; RSA for signing and verifying messages; and chacha20_poly1305 for authenticated encryption and decryption. Any of the FIPS 140-2 validated crypto algorithms can be used in DO-178 mode for combined FIPS 140-2/DO 178 consumption.
wolfBoot is a portable secure bootloader that offers firmware authentication and firmware update mechanisms. Upon installing a verified update, wolfBoot creates a backup copy of the last firmware image known to work correctly. If the new version is not confirmed by the application, or if the image installed is somehow corrupted, the bootloader will restore the state of the system before the most recent update.
Deos is a safety-critical embedded RTOS that employs patented cache partitioning, memory pools, and safe scheduling to deliver higher CPU utilization than any other certifiable safety-critical COTS RTOS on multi-core processors. First certified to DO-178 DAL A in 1998, Deos provides certified conformant FACE OSS Safety Base and Safety Extended Profiles that feature hard real-time response, time and space partitioning, with support for Rate Monotonic, ARINC-653 and POSIX interfaces.
SafeMC technology extends Deos’ advanced capabilities to multiple cores, enabling developers of safety-critical systems to achieve best in class multi-core performance without compromising safety critical task response and guaranteed execution time. SafeMC employs a bound multiprocessing (BMP) extension of the symmetric multiprocessing architecture (SMP), safe scheduling, and cache partitioning to minimize cross-core contention and interference patterns that affect the performance, safety criticality and certifiability of multi-core systems. These features enable avionics systems developers to address issues that could impact the safety, performance and integrity of a software airborne system as specified by the Certification Authorities Software Team (CAST).