LabVIEW

cancel
Showing results for 
Search instead for 
Did you mean: 

Does PXIe cRIO's using WES OS offer Real Time?

Solved!
Go to solution

Can someone please explain if the WES OS has an application to run a Real-time solution with LabVIEW?

 

Any help will be greatly appreciated!

 

   

0 Kudos
Message 1 of 5
(1,879 Views)

WES does not have a pre-emptive kernel and thus does not have the real-time determinism capability.

Depending on the model of your controller, you might be able Provisioning a Controller to the NI Linux Real-Time Operating System.

-------------------------------------------------------
Control Lead | Intelline Inc
Message 2 of 5
(1,825 Views)

I am in need of securing a hard drive connected to a real-time device.  NI LinuxRT OS supports LUKS 256-Bit AES XTS algorithm.  However, the embedded OS is unable to be encrypted.  My thoughts are this would leave the device vulnerable to hijacking and possibly decryption of drive or changing the configuration of the device. 

 

What other alternatives can be offered to ensure security of Data-at-Rest?  Hardware hard drive encryptors are out of our privy due to battery consumption issues on an autonomous system.

 

Unsure if there is a VI for encrypting the drive which offers a remote solution.  I have only seen VI's that transfer data using AES and other encryption methods. 

 

Right now, the best solution I have seen is WES OS with TPM and BitLocker using a PXIe platform.  However, this product requires a Real-Time solution and the confidentiality of the information it acquires is high.  So, I need a real-time solution with the Security offered by the run-time solution using WES.  

 

Have any ideas?

0 Kudos
Message 3 of 5
(1,811 Views)

Based on my research, Linux is capable of utilizing the TPM 2.0 technology with LUKS partitions.  Can this be done with the NI Linux Real-Time (RT) OS, if placed on a TPM 2.0 PXIe board?  If so, how do we do that to ensure better security?

 

References:

 

1.  "Unlock Linux Unified Key Setup (LUKS) encrypted partitions with TPM 2.0", https://4sysops.com/archives/unlock-linux-unified-key-setup-luks-encrypted-partitions-with-tpm-20/#r... 

2.  Dislocker Fuse, https://github.com/Aorimn/dislocker/blob/master/man/darwin/dislocker-fuse.1 

3.  TPM2 Tools, https://tpm2-tools.readthedocs.io/en/latest/ 

4.  "Accessing Bitlocker-Encrypted Device in Linux", https://www.baeldung.com/linux/bitlocker-encrypted-device 

5. "Right way to use the TPM for full disk encryption",   https://security.stackexchange.com/questions/124338/right-way-to-use-the-tpm-for-full-disk-encryptio... 

0 Kudos
Message 4 of 5
(1,753 Views)
Solution
Accepted by topic author rustopher

Here is what I have come to realize.  First, I do not work for NI.  I do not know NI Systems in that aspect.  I am an I.T. Security Expert.  However, I am only giving my opinion and cannot say whether the below is a solution.  I am only here and sharing my opinion.  Based on all the data I have researched....

 

In theory, the Grub Loader should be able to perform secure boot if the embedded NI LinuxRT OS allows for this configuration.  I do not know if they do.

 

Also, in theory, the TPM should allow you to securely place the keys from a LUKS partition or secondary drive into the TPM using the NI LinuxRT Command-Line Terminal.

 

And based on what information has been given by NI, the NI LinuxRT OS can perform LUKS on a partition or separate drive. 

 

Best security practices would be to maintain the keys within the TPM for a LUKS encrypted drive and utilize GRUB Loader setup to perform Secure Boot.  

 

If this can be done with the NI LinuxRT OS, I am unsure, but that would likely be best security practices.  

 

You will read that only GRUB Loader version 2 will work with a TPM 2.0 chip.  However, archlinux.org explains in better detail of how to manipulate the basic GRUB Loader version 1 to work with Secure Boot at https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot 

0 Kudos
Message 5 of 5
(1,704 Views)