The following advanced security, integrity and resilience options harden smart devices exposed to challenging environments. All are available as add-ons to SMART START.
Ensures the integrity of both the boot mechanism and the operating system environment it bootstraps.
- Guarantees a device can only run a certified workload
- Secures a device against both physical and remote attacks
- Verifies boot binaries, and kernel, against known keys held in the device firmware
Full disk encryption
Essential for devices with personal information in regulated industries:
- Hardware key management
- Optional key escrow
- Choice of ciphers and hardware acceleration
- Minimal performance impact
- TPM integration with the current CA (x86 only)
Allows your devices to meet Federal information processing requirements:
- FIPS-certified kernel and cryptographic libraries
- FIPS certification takes place every six months
- Fully compliant devices must restrict updates to certified versions (x86 only)
Reduce the number of reboots by live patching the running kernel against critical vulnerabilities. Requires specific certified kernel and x86 architecture.
- Maximise service availability
- Fixes are applied automatically, without restarting your system
- Reduces downtime, keeping systems both secure and compliant
High availability Kubernetes
With Canonical MicroK8s and Charmed Kubernetes, you gain a fully CNCF conformance cloud-native Kubernetes for device application operations, including clustering for high availability, service mesh support and automatic security updates.