crinit - an embedded, security-aware init system

Andreas Zdziarstek

Playlists: 'froscon2023' videos starting here / audio

Crinit [krinit] is a new lightweight init system targeted at embedded systems. The feature set includes parallelism, authenticated configuration, and a runtime control interface. In this presentation, we will show the goals, the architecture and some details on the API for this project.

The startup phase of a Linux system is largely ruled by systemd and it does a great job of that.
But sometimes it would be nice to have something simpler and smaller without returning to the highly shell-dependent solution "SystemV-init".
Along with these requirements, security needs to be addressed, for example by verification of the configurations used.
The configurations of init-systems define which services are started, including their parameters, arguments, and environment. Hence it is crucial for the init-system to verify the authenticity of any relevant configuration items.

crinit [krinit] is an init-system that addresses all these needs. Its code base is small and fast, it initialises the userland by traversing a directed dependency graph that can be modified dynamically.
Config-files and service-definitions can be signed to ensure usage of configurations from authorized sources only.

crinit will be made an open source community project and we wish to encourage its wide spread adoption and contribution.

This presentation will present the goals, the architecture and some details on the API for this project.