TSEL The Security Enhanced Layer
Launch the TSEL Product Sheet
Schedule a Consult

Security-First Linux Distribution for Mission‑Critical Embedded Systems

TSEL (The Security Enhanced Layer), by 21SoftWare LLC, is a security‑hardened, optimized Linux distribution for embedded controllers in mission‑critical systems. Built on the industry‑standard Yocto project, TSEL applies Secure-by-Design principles and ZeroTrust model that minimizes attack surface, enforces strict perimeter controls, and provides continuous security posture assessment without compromising reliability or performance.

Security

Security

Prevent unauthorized access through enforced permissions, strong cryptography, and vulnerability management

Integrity

Validate and protect the operating stack with verifiable boot, file‑system integrity, and SBOM transparency

Manageability

Safe and reliable update path with OTA and automatic recovery to keep systems secure over their lifecycles

Key Capabilities

  • A hardened OS foundation custom-tailored for critical embedded systems
  • Secure Boot with a verifiable Chain of Trust (CoT) and integrity protections
  • Policy enforcement with SELinux, minimized services, access controls, intrusion detection, and auditing capabilities alongside alert integration with flight software
  • Software Bill of Materials (SBOM) generation in SPDX format
  • Automatic rollback on failure and support for staged flashing and verified reboots
  • CVE Scanning against the National Vulnerability Database to flag vulnerabilities
  • Hardening with OpenSCAP to validate configuration baselines with standards‑based policies
  • Minimal network exposure, password hashing, and strong encryption

Architecture at a Glance

  • Yocto Scarthgap (LTS) base; builds orchestrated via BitBake ‘recipes’ for reproducible, configurable images
  • Immutable root filesystem verification with dm‑verity; detects tampering and prevents booting modified images; supports automatic recovery.
  • Mender OTA provides robust A/B or single‑partition updates with signed artifacts, server validation, and automatic rollback on failure.
  • Targets include hardware (e.g., BeagleBone Black) and virtual (e.g., vexpress‑qemu);
  • Build and Test Pipelines via GitHub Actions
Launch the TSEL Product Sheet

Proven and Ready

Independent Security Assessment shows TSEL is mission‑ready. Penetration testing found no issues, and reviews confirmed a solid baseline. TSEL stops fake update servers, keeps a single secure access path, protects credentials, and checks system integrity at boot as well as during updates. TSEL’s bottom line: a secure and update-ready OS engineers can easily deploy with confidence.

Deployment & Operations

  • Customer Portal – One place to access images, release notes, OTA patches, documentation, and the build artifacts (SBOM, security/compliance reports, CVE status).
  • Automated, reproducible builds – CI/CD‑driven Yocto builds with traceable inputs and queued build requests via the portal, ensuring consistent images and build audit trails.
  • OTA Updates – Stage/flash/verified reboot with automatic rollback; secure, partitioned OTA using a trusted update service.
  • Continuous monitoring – Vulnerability scanning and prioritized reporting to keep images current as threats evolve.

Standards & ZeroTrust Alignment

Aligned mappings available for NIST 800‑53/‑171 control families, NASA‑STD‑1006A, FIPS 140‑3 crypto modules, CCSDS guidance, and DoD Zero Trust principles. Vulnerability baselines and hardening checks leverage OpenSCAP against the National Vulnerability Database.

Next Steps

  • Scope compliance requirements with our team to map TSEL controls to your standards
  • Request a cFS/Cosmos demo or a short integration assessment on your flight hardware
  • Get in touch with 21SoftWare about how we can otherwise meet your needs: info@21sw.us
Schedule a Consult