Concepts

What is Pantavisor Linux?

Pantavisor Linux is a framework for building embedded Linux systems that uses LXC (Linux Containers) to transform software and firmware into manageable, portable building blocks. This approach simplifies the development of IoT products, as it lets developers focus on features and services instead of the underlying operating system.

Key Concepts

  • LXC (Linux Containers): A lightweight virtualization technology that isolates processes and system resources without the overhead of a full virtual machine. Pantavisor uses LXC to package system components like the firmware, the operating system (OS), and the Board Support Package (BSP) into modular units.
  • Software-Defined: Pantavisor makes software, including firmware, “software-defined.” This means these components can be managed, updated, and moved flexibly, just like other applications, by using containers.
  • Building Blocks: The framework modularizes the entire system into independent, containerized units. This architecture allows developers to mix and match different versions of the BSP, the OS, and the Applications without rebuilding a monolithic image. This simplifies customization and maintenance, making “over-the-air” (OTA) updates safer and transactionalā€”if an update fails, the system can automatically revert to the previous known-good revision.
  • Docker Conversion: Pantavisor can convert Docker containers to the LXC format, optimizing them for devices with limited resourcesā€”a key benefit for embedded systems.

The Building Blocks of a Pantavisor Device

A Pantavisor-enabled device is defined by a State JSON. This file describes every component on the deviceā€”including the kernel, drivers, and applicationsā€”as a set of signed packages and configurations.

Example: A Complete Device State

In Pantavisor, “Applications” are actually a set of LXC containers and their associated configurations. Here is what a typical device state looks like:

{
  "#spec": "pantavisor-service-system@1",
  "device.json": { ... },
  
  "os/run.json": { ... }, 
  "os/root.squashfs": "dffbfec7...",
  
  "pvwificonnect/run.json": { ... },
  
  "pvr-sdk/run.json": { ... },
  
  "bsp/run.json": { ... },
  "bsp/kernel.img": "527a0479...",
  
  "_config/pvr-sdk/etc/pvr-sdk/config.json": {
    "httpd": { "listen": "0.0.0.0", "port": "12368" }
  },
  
  "_sigs/os.json": { ... },
  "_sigs/bsp.json": { ... }
}

Core Components Breakdown:

  1. os (The Network Manager): Typically a lightweight container (like Alpine with connman) that manages the device’s basic network connectivity.
  2. pvwificonnect (The Onboarding Specialist): This container handles the “headless” Wi-Fi setup experience. If the device cannot find a known network, pvwificonnect automatically starts a Wi-Fi Access Point (AP) and a captive portal. Users can then connect to this AP with their phone or laptop to select a local Wi-Fi network and enter credentials, which are passed to the os container to establish a connection.
  3. pvr-sdk (The Management Engine): This container exposes the PVTX web application and provides the API that allows the pvr CLI to perform actions remotely using the DEVICE_IP:12368.
  4. bsp (Board Support Package): Unlike the others, this is not a container. It contains the Linux kernel, device tree blobs (DTBs), and kernel modules required to boot the hardware.
  5. _sigs/ (The Trust Layer): This directory contains cryptographic signatures for every package, ensuring that only verified code runs on your device.
  6. _config/ (The Overlay System): This is where you tailor container behavior. In the example above, we are configuring the pvr-sdk web server port without modifying the original container image.

Benefits of Pantavisor

In short, Pantavisor simplifies the IoT development lifecycle by providing a flexible and robust way to manage embedded software, treating every component as a modular container. This reduces dependency on specific Linux distributions and hardware, which speeds up product development.