The Advantages of Netbooting for Embedded Systems
Published in Military Embedded Systems
As a greater number of intelligent systems are deployed on platforms such as ground vehicles, aircraft, unmanned aerial vehicles (UAVs), and unmanned undersea vehicles (UUVs), it becomes increasingly challenging to ensure that each of the platform’s multiple embedded computers has been updated with the latest and correct version of runtime and/or mission software. Unfortunately, the process of installing the required software onto an embedded module or intelligent system can be labor- and cost-intensive.
There are two basic options for booting an embedded system: either boot from a dedicated hard drive or remotely across Ethernet, via a netboot protocol. When booting is conducted via a dedicated hard drive (typically residing on the module itself), updating software requires that the subsystem chassis be removed from the platform. Next, the box needs to be opened to remove the module, which is then placed into another system, such as a test jig, whereupon the new software is installed. Many embedded modules write-protect onboard nonvolatile memory through use of a backplane pin that prevents writing any new data to the on-card drive. While write-protection ensures that the embedded software can’t be inadvertently modified while installed, it also makes the chore of updating software more difficult. The process also increases the risk to critical hardware that results every time a module is removed and handled by a technician.
Netbooting>provides a superior alternative solution for installing and updating software that delivers huge labor savings. In addition, netbooting can also greatly enhance the security of data at rest if the platform is lost and captured by an adversary.
As the number of platforms involved in a mission increases, such as a swarm of UAVs or UUVs, the benefits of netbooting – including time, labor, and cost – become even more significant. Netbooting eliminates the need to individually install the software on each and every embedded computer on a platform, whether it’s a module or a standalone box. Instead, all of the relevant software, from the runtime software to the mission maps – as well as any other software needed for a specific mission – can simply be consolidated in storage on a server that functions as a network file system (NFS).
When any of a platform’s embedded systems start up, rather than using its own internal software, booting occurs over the network. Instead of loading software to each individual computer, the system developer or field technician simply uploads the software to a single file server, and as each machine on the network “wakes up” it obtains its software from that server. Consolidating the boot software (along with however many copies of software are needed for the platform’s other embedded systems) onto a single server reduces labor during both deployment and maintenance.
Figure 1: The DTS1 Data Recorder subsystem from Curtiss-Wright – which supports Intel’s PXE Boot netbooting protocol – can function as a networked server that hosts and protects all of the software for a platform’s embedded computers.
Even better, if the server used for netbooting also provides encryption for data at rest, the runtime software used to boot all of the platform’s embedded computers will be secured from prying eyes. Without encryption, if a vehicle outfitted with multiple embedded computers gets captured, the deployed software on each module or system is susceptible to intrusion, potentially enabling it to be reverse-engineered. In contrast, if the software resides on a single server that encrypts all of its data, the likelihood of malicious access is eliminated or greatly reduced. Using netbooting can limit the potential points of intrusion to just a single point – an encrypted server protected with higher levels of security.
Using a netbooting protocol – such as Intel’s PXE Boot protocol – enables system designers to build a fortress around their platform’s network server to ensure that critical data is secured if the platform is lost. (Figure 1.) As the number of deployed intelligent systems continues to proliferate, netbooting can greatly reduce the time, cost, and labor of loading software during development and updating software after the platform is fielded.
Ruggedization, Space Constraints an Ongoing Challenge for Military Data-at-rest
Trying to strike a balance between power and security with data-at-rest in the field – and doing it all within a highly constrained space in an environment with dirt and moisture that threatens to damage expensive equipment – is a tall order indeed.
Getting Up to Speed on NSA-Approved Two-Layer Commercial Encryption
Paul Davis looks at how CSfC allows system designers to now deploy a commercial off-the-shelf (COTS) solution with encrypted data protection for Type 1 products reducing time and cost.
Xponential 2016: Curtiss-Wright Launches UAV-Focused Data Devices
Damian Kemp with Jane's International Defence Review met with Curtiss-Wright at Xponential 2016 to discuss UAV-focused data devices.
Director, Product Management
Paul Davis began his career for Curtiss-Wright as a Research Manager for the Dayton, OH facility in 1997. Paul has held positions including Director of Engineering managing a staff of 40+ engineers, managers, technicians, and co-op students; Product Manager for the switches, recorders, and various board-level products; and then Director of Product Management. Now retired, Paul worked in engineering and engineering management positions for 19 years.
Protecting critical data-at-rest (DAR) from unauthorized access
Today’s defense and aerospace platforms are required to protect critical data-at-rest (DAR) from unauthorized access. Curtiss-Wright offers cost-effective, proven, and certified commercial off-the-shelf (COTS) storage solutions that match various data security requirements, including National Security Agency (NSA) Type 1, NSA Commercial Solutions for Classified (CSfC), Common Criteria (CC), and FIPS 140-2.
Network Attached Storage
Our encrypted, solid-state network-attached storage (NAS) subsystems are designed to reliably provide file services to clients on an Ethernet network in a harsh environment. These NAS solutions protect data-at-rest (DAR) with the industry’s first NIAP Common Criteria (CC) certified 2-Layer encryption, as well as an option for NSA Type 1 encryption.