Application dependencies on centralized operating system (OS) abstraction layers—data services and hardware control—make it very difficult to formally verify the security properties of a software system.


Rather than attempting to shape system behavior indirectly by issuing commands to platform APIs according to a programming manual, LynxSecure allows developers to directly control system behavior through a unique system architecture specification written by the developer and enforced solely by the processor.


LynxSecure is available for Arm, PowerPC and x86 architectures, running directly on the platform to separate hardware resources into virtual machines used to host software, including:


  • Traditional general-purpose OSes (Linux, Windows)
  • Fully featured or simple scheduler-like RTOSes
  • NEW: FreeRTOS support
  • Enhanced bare-metal applications (Lynx Simple Applications)



Our own research as well as 3rd party research indicates that the most popular OSes used in embedded systems are (1) Linux; (2) in-house/custom OSes; and (3) FreeRTOS.


Lynx loves Linux and already offers Buildroot in LYNX MOSA.ic™. We also support a number of 3rd party OSes (and will even support competitor OSes) while of course offering our own RTOSes where suitable, but FreeRTOS was noticeably absent.


As the #2/#3 OS of choice currently and as the OS planned for fully a third of upcoming embedded projects, adding FreeRTOS support was a clear choice as we continue to deliver on the vision of MOSA by providing customers with open source solutions within a secure and safe development framework.


Finally, FreeRTOS truly embodies what we think a Guest OS in Lynx technologies should be:

  • It’s modular
  • It provides a path to safety certification
  • Thanks to the investment by Amazon, there are now a broad set of hooks to assist with cloud connectivity which will shorten customer development cycles and costs

Why use Lynx Secure

A hypervisor based on a separation kernel is a type of virtualization technology that uses a separation kernel to provide isolation between virtual machines (VMs). A separation kernel is a small, highly secure microkernel that provides a trusted computing base for an operating system. It is designed to enforce strict separation between different parts of the system, preventing unauthorized access and ensuring that one component cannot interfere with another.

In a hypervisor based on a separation kernel, the separation kernel provides a secure platform on which multiple VMs can run. Each VM has its own operating system and applications, but they are all isolated from each other and from the underlying hardware by the separation kernel. This provides strong security guarantees, as a compromise in one VM cannot affect the others.

There are several advantages to using a hypervisor based on a separation kernel:

  1. Strong security: The separation kernel provides a high level of security, as it enforces strict separation between different parts of the system.

  2. Flexibility: Multiple VMs can run on the same hardware, providing greater flexibility and utilization of resources.

  3. Simplified management: By isolating different VMs, management and maintenance tasks can be simplified, as they can be performed on a per-VM basis.

LynxSecure hypervisor based on separation kernels include is commonly used in high-security applications such as military, aerospace, and medical devices, where strong security and reliability are critical requirements.