By Jean-Luc Aufranc (CNXSoft)
Publication Date: 2026-02-24 00:00:00
Designed by Fraunhofer AISEC, GyroidOS is an open-source, multi-arch OS-level virtualization solution designed for embedded devices with hardware security features, and aiming to support security certification processes such as Common Criteria (ISO/IEC 15408), DIN SPEC 27070 – IDS Trust Security profile, and IEC-62443 cybersecurity standards.
The virtualization layer is based on Linux-specific features like namespaces, cgroups, and capabilities to provide isolation of different guest operating system stacks on top of a single, shared Linux kernel. It offers a much smaller footprint and additional separation of privileged instances compared to other container solutions, such as Docker.
- Container isolation based on a modularized OS-level virtualization layer
- Secure boot (e.g., UEFI on x86)
- Kernel module signing
- Signed GuestOSes (containers)
- Measured boot and remote attestation
- Full disk encryption coupled to TPM and secure boot
- Restriction of superuser in containers with Linux capabilities
- Fine-grained device access with device cgroups whitelists
- Secure Element support for two-factor authentication, for instance, when starting containers
- (Work in progress ) Relocation of cryptographic keys and ciphers into TEEs (e.g., Kernel Crypto API)
The main benefits of GyroidOS are that it is a fully open-source, portable software stack, implements an experimental converter functionality for Docker containers, offers…
