Architecture Overview

This document provides a comprehensive overview of the ToloMEO Edge Platform architecture, including system components, security features, and operational workflows.

---

Table of Contents

• Architecture Overview
• Table of Contents
• System Architecture
  • Platform Overview
  • Target Platforms
• Layer Structure
  • meta-tolomeo-app
  • meta-tolomeo-distro
  • meta-tolomeo-nxp
  • meta-tolomeo-qemu
• Build Configurations
  • Configuration Structure
  • Available Builds
  • Build Examples

---

System Architecture

Platform Overview

ToloMEO is a secure edge computing platform designed for industrial IoT applications with the following core principles:

• Security First: Hardware-backed security with secure boot and encrypted storage
• Reliable Updates: A/B partitioning with automatic rollback capabilities
• Real-time Monitoring: Comprehensive system and application monitoring
• Container Ready: Docker-based application deployment and management

Target Platforms

Platform	Status	Use Case
NXP i.MX8M Plus	Primary	Production hardware deployment
x86-64 QEMU	Development	Development and testing

---

Layer Structure

meta-tolomeo-app

Purpose: Application and service definitions

Key Components:

• ToloMEO Manager: Web-based management interface
• Flask backend (tlm-manager-be)
• Flutter frontend (tlm-manager-fe)

• API documentation (tlm-manager-docs)

• System Monitoring: Performance and health tracking

• Glances system monitor

• OTA Services: Update management and monitoring

• Update notification system (ota-monitor)

• Post-boot validation (ota-postboot)

• Security Tools: Compliance and auditing

• Lynis security scanner
• Kernel hardening checker

meta-tolomeo-distro

Purpose: Distribution configurations and system integration

Key Components:

• Distribution Definitions:
• tolomeo-prod: Production with security hardening

• tolomeo-devel: Development with debugging tools

• System Services:

• Certificate mounting (certs-mount)
• Shared folder mounting (shared-mount)

• SWUpdate configuration

• Security Configuration:

• Hardening flags and policies
• Integrity checking setup
• Audit framework configuration

meta-tolomeo-nxp

Purpose: NXP i.MX hardware support

Key Components:

• Secure Boot: Signed bootloader and kernel images
• Hardware Drivers: i.MX8M Plus specific drivers
• Board Support: Hardware-specific configurations
• Cryptographic Tools: NXP CST integration for signing

meta-tolomeo-qemu

Purpose: QEMU virtualization support

Key Components:

• Virtual Machine Configuration: x86-64 QEMU setup
• Development Features:
• VirtIO device support
• Shared folder mounting
• Overlay disk configuration
• Testing Infrastructure: Automated testing support

---

Build Configurations

Configuration Structure

All kas configuration files follow this naming pattern:

<machine>_<distro>_<image>.yml

Available Builds

Configuration	Machine	Distribution	Target	Purpose
tolomeo-qemux86-64_tolomeo-prod_image-prod.yml	x86-64 QEMU	tolomeo-prod	image-prod	Production image
tolomeo-qemux86-64_tolomeo-devel_image-devel.yml	x86-64 QEMU	tolomeo-devel	image-devel	Development image
tolomeo-qemux86-64_tolomeo-prod_image-test-prod.yml	x86-64 QEMU	tolomeo-prod	image-test-prod	Security validation / test image
tolomeo-qemux86-64_imgen-update-full.yml	x86-64 QEMU	tolomeo-prod	imgen-update-full	SWUpdate update image generation (valid)
tolomeo-qemux86-64_imgen-update-delta.yml	x86-64 QEMU	tolomeo-prod	imgen-update-delta	SWUpdate delta image generation (valid)

Build Examples

# Production deployment
kas build kas/tolomeo-qemux86-64_tolomeo-prod_image-prod.yml

# Development and testing
kas build kas/tolomeo-qemux86-64_tolomeo-devel_image-devel.yml

# Security validation
kas build kas/tolomeo-qemux86-64_tolomeo-prod_image-test-prod.yml