MontaVista Linux CGX 5.0 Adds Secure-by-Default Profile, Providing Unprecedented Security for Embedded Markets

MontaVista offers immediately a new CGX 5.0 profile adding enhanced security that CGX customers can easily utilize as their reference secure-by-default profile.

SAN JOSE, CA, UNITED STATES, March 5, 2025 /EINPresswire.com/ -- MontaVista^® Software, LLC, the commercial embedded Linux provider with the world’s longest track record of deployed devices today announces the next step in our security strategy. Over the last several years, we have been building an advanced set of features to ensure the security of edge devices, initially called MVEdge. We are now proud to announce both the completion of the first stage of MVEdge development, and the incorporation of these enhancements into our main-track embedded Linux product, CGX, as the Secure-by-Default Profile.

CGX 5.0 is built on the Yocto Project 5.0 LTS release and the Linux kernel 6.6 LTS. CGX targets a vast range of embedded applications across industries, with CGX’s origins focused on the telecom industry, where extreme reliability, sustainability and maintainability are primary requirements. Twenty years later the product is still broadly used across globally deployed telecom infrastructure. Today, CGX provides true long-term support for companies deploying products in a wide range of industries where long product lifecycles, mission-critical robustness and optimized performance are mandatory. This proves that MontaVista’s pioneering vision with real-time enhancements to Linux to support hard real-time for latency critical applications is as accurate today as it was 26 years ago.

CGX 5.0 and the Secure-by-Default profile provide these enhanced security and compliance features:

• Secure by Design: The Secure-by-Default Profile adds a ready-made template of security - setting up the configuration of the system facilities and core system features to work out-of-the-box in a secure fashion. This is the core value of the profile, allowing customers to build on a framework that is known to be secure from the start. Besides the specific values below, this includes closing unused ports, making sure sane and secure cryptography and password management is used, and pre-configuring networking and protocol settings for security.

• Comprehensive CVE and SBOM Management: The product includes MontaVista’s world leading CVE management and triaging framework, and the SPDX-standard for SBOM creation, required by the US Executive Act on Cybersecurity. CGX also includes CVE scanning on customer-built images, managing the process of assuring compliance to deliver software with maximum integrity.

• Over-The-Air Update Delivery: Included in the profile is the TUF update framework that allows NSA-backed security for delivering updates to running targets over the air. This provides customers with the critical security capability of patching devices against threats on the field.

• Intrusion Detection: We incorporated Suricata IDS to process inbound/outbound traffic at runtime to catch potential intrusion before they happen. We also facilitate Deep Packet Inspection (DPI) for edge and gateway devices, allowing customers to protect vulnerable endpoints by scanning traffic.

• RESTCONF/NETCONF Configuration Interface: Allow customers to tie the configuration of the entire product together with standard configuration facilities already available in our customers’ ecosystem. With these configuration interfaces, CGX-enabled devices and their security can be managed by the same APIs customers are already using.

• Security Consulting and Certification Support: Coupled with MontaVista’s MVSecure, we can assist customers in achieving compliance with the latest cybersecurity certifications and standards, including the EU Cyber Resilience Act, the US Executive Order on Cybersecurity, Cyber Trust Mark, and more. We can also help customers build-on security facilities on a smaller scale, including configurations for SELinux, TPM enablement and customized secure boot.

• AI Integration: CGX 5.0 already supports a wide range of AI-capable platforms with FPGA and/or GPU/TPU-enabled SOCs. Together with the Secure-by-Default profile, our goal is to further enhance CGX’s readiness to enable customer-built AI-workloads such as edge security processing, medical on-target diagnostics and other types of edge inference.

“We think combining this security-specific profile in CGX provides a powerful, streamlined solution for embedded devices and systems., This provides a reference known-secure and accelerated starting point for SBOM and CVE management and over-the-air updates as standard” stated Iisko Lappalainen, VP of Product Management at MontaVista. “We continue to execute on our security-focused strategy, listening to our customers and focus groups’ voices with a keen ear, as we are excited to partner with so many technology-centric, innovative and security focused companies”

CGX 5.0 Secure-by-Default Profile is available for immediate early access, with general availability projected for Q2-2025. Interested parties are encouraged to contact MontaVista at sales@mvista.com or visit www.mvista.com for more information on how Montavista can accelerate their embedded projects.

About MontaVista Software, LLC

MontaVista Software is a world leader in commercial Embedded Linux products and services, driving innovation in embedded systems for over two decades. With a focus on security, reliability, and long-term support, MontaVista delivers unmatched value to the embedded computing market, empowering customers across a wide range of industries.

For more information about MontaVista, visit http://www.mvista.com

MontaVista Marketing
MontaVista Software
+1 669-777-6841
email us here
Visit us on social media:
X
LinkedIn