An industrial automation platform built on real-time Linux. controlOS provides everything needed to develop, deploy and operate machine control applications — from hard real-time PLC execution to web-based operator interfaces, all running on standard hardware.

A PREEMPT-RT patched Linux kernel with dedicated CPU isolation and IRQ affinity tuning delivers deterministic, low-latency execution.

Full integration of the CODESYS IEC 61131-3 PLC runtime. Applications are compiled, packaged and selected at startup — a single image can ship multiple CODESYS applications for different hardware variants and simulation environments.

CODESYS handles hard real-time control while a Python asyncio application runs alongside it, connected through POSIX shared memory. Commands and feedback are exchanged every PLC cycle, giving Python code synchronous access to the real-time process without compromising determinism.

A hardware-agnostic I/O layer lets application code run identically on real hardware and in simulation. Individual I/O points can be overridden at runtime from the Studio UI — useful during commissioning and debugging. Full system simulation runs in VirtualBox with no hardware required.

A Vue.js frontend with a Python/Tornado backend serves multiple interfaces:

• HMI — operator interface for day-to-day use
• Studio — developer tools with live I/O monitoring, log viewer, and 3D simulation
• Admin — system management: network, updates, backups, remote access

Secure connectivity to devices behind firewalls via reverse SSH tunnels through a relay server. A Layer 2 ethernet tunnel gives full network access to all device services. Activated and managed through the Admin web UI.

Update files are compressed, GPG-signed and encrypted. They can be installed on running devices through the web UI or pushed via command line.

A containerized build environment pins exact versions of Debian, PTXdist and the OSELAS cross-compilation toolchain. A single command builds the entire system from source to flashable images. Ccache integration speeds up incremental rebuilds.

The same codebase and build system support multiple hardware platforms — x86, Raspberry Pi, and VirtualBox — with per-platform kernel and board configurations.

The system is secured from boot to runtime. UEFI Secure Boot ensures only signed kernels can start the system. All persistent storage is encrypted with dm-crypt, with the encryption key sealed in a TPM 2.0 chip and bound to the boot chain — disks are unreadable outside the original hardware. The root filesystem is mounted read-only; device-specific configuration lives on a separate encrypted data partition via an overlayfs on /etc. Software updates are GPG-signed and encrypted. Backups are encrypted per-device and additionally to a developer key for offline recovery.

• Project Structure — repository layout, PTXdist projects and application code organization
• Building Images — build environment setup, image creation and deployment
• Security Architecture — secure boot, disk encryption, signed updates and key management