railway

Embedded Systems Solutions
for Railway

High-integrity hardware, low-level software engineering, and EN 50128 / EN 50129 compliance built for the next generation of rolling stock.

Send your project brief

Engineering the Future of Rail Transport: Mission-Critical
Embedded Systems & Safety Compliance

Engineering the Future of Rail Transport

At Conclusive Engineering, we bridge the gap between complex hardware architectures and mission-critical software. The modern railway industry demands absolute reliability, uncompromising security, and strict safety standard compliance. We deliver the deep-tech expertise required to build, maintain, and test the systems that keep passengers and freight moving safely.

Our Core Capabilities in Rail & Transport

Functional Safety
& RAMS Lifecycle (Up to SIL-4)

We design and implement safety-critical systems that meet the world's strictest rail standards, transforming compliance from a bottleneck into a competitive advantage.

Standards Expertise

We provide thorough experience alignment with EN 50128 for safety-critical railway control software, EN 50129 for electronic signaling systems (including onboard ETCS), and EN 50126 for the RAMS lifecycle.

SIL-4 Hardware Engineering

We focus on the development of fail-safe architectures featuring hardware fault tolerance and redundancy or cross-monitoring (such as 1oo2, 2oo3, and lock-step configurations) to eliminate single points of failure. We provide full traceability from system hazard analysis through FMEA/FMEDA and fault tree analysis to final safety evidence.

Deterministic Software

Our teams engineer high-integrity firmware operating on dual-processor architectures with cyclic execution, strict partitioning of vital functions, watchdog supervision, and defensive programming to ensure any failure leads to a safe state.

Embedded Cybersecurity
& IEC 62443 Compliance

As railway infrastructure becomes increasingly interconnected, safeguarding the hardware-software boundary is paramount. We offer expert-level security procedures integrated directly into the engineering and design lifecycle.

IEC 62443 Implementation

We possess extensive capabilities in implementing IEC 62443 compliance (specifically parts 2-1 and 2-4), designing hardware and software up to Security Level 3 (SL3) from the silicon level up to the HMI.

Architectural Security

We implement the Defense in Depth concept to distribute multiple security layers throughout the system, along with Zones and Conduits isolation to safeguard functional devices within additional network ecosystems.

Threat Modeling

We handle proactive identification of system weaknesses using the STRIDE model and the Microsoft threat modeling tool.

Network & OS Hardening

Our experts perform custom security rules and hardening for Linux and Windows environments, including firewall configuration, audit services, SELinux, GrSecurity, and verification via the Metasploit utility.

End-to-End Cyber Resilience
Act (CRA) Compliance

The EU Cyber Resilience Act (CRA) introduces mandatory cybersecurity mandates for all digital products, affecting rolling stock components, embedded controllers, and IoT telemetry units. We guide rail manufacturers through every stage of the compliance journey.

Planning & Product Classification

We handle scope identification and risk-category mapping for hardware, software, and digital services to ensure no product is overlooked.

Secure Development Lifecycle (SDL)

We provide full support for implementing a secure development lifecycle, analyzing hardware components for your design and assessing open-source software functionality.

Automated SBOM & Patch Management

We manage the implementation of automated Software Bill of Materials (SBOM) generation—especially utilizing frameworks like ZephyrRTOS designed with CRA requirements in mind. We provide continuous vulnerability scanning using SCA tools like Snyk and Black Duck.

Vulnerability Remediation

Our processes ensure structured tracking via Jira or EasyRedmine and seamless integration into GitLab CI/CD pipelines to remediate flaws prior to deployment.

Proven Impact: A Case Study in Next-Gen Rail Safety

Train

The Challenge: A world-leading manufacturer of rolling stock and signaling solutions needed expert R&D support to develop a Generic Safe Platform and a field-ready infrastructure simulation tool. The architecture spanned multiple CPU platforms requiring advanced, low-level security handling, fault monitoring, and real-time operations telemetry.

How Conclusive Engineering Delivered: We deployed two specialized engineering teams to handle parallel workstreams seamlessly.

1. Platform Security
& Performance Optimization
2. Custom FPGA-Based
Hardware Emulation
3. The Results

1. Platform Security & Performance Optimization

Our software team performed deep root-cause analysis and implemented core platform components.

  • Platform Utility Daemon (PUD): Fully designed and built by our team to expose platform-specific interfaces to unprivileged application processes, monitor platform health, and collect system runtime metrics.
  • Managed Start-Up (MSU): Designed to provide a uniform, simplified paradigm for executing user applications on the safe platform.
  • OS Maintenance: Managed and optimized FreeBSD and Linux environments across ARM and PowerPC (PPC) architectures.

2. Custom FPGA-Based Hardware Emulation

Our hardware and software teams built a universal, portable infrastructure tester to emulate train environments (interfaces, sensors, tachometers, and more).

  • Utilized our proprietary FPGA-based System on Module (SoM) architecture, allowing us to pivot dynamically to changing requirements.
  • The specifics of the FPGA allowed us to simulate high-speed, high-frequency signals typical for real-time computation requirements used in rail systems.
  • Delivered a cost-effective, plug-and-play device usable by non-technical field and lab support personnel.

3. The Results

  • Actionable R&D Strategy: Provided comprehensive root-cause documentation and architectural recommendations that actively shaped the client's internal R&D roadmap.
  • Production-Ready Components: Deployed fully functional, production-grade system-level software onto the safe platform.
  • Streamlined Field Testing: Delivered a reliable, scalable testing resource that drastically reduced debugging cycles and simplified third-party subcontractor validation.
Share your project details

Harmonizing Safety & Security

In highly regulated rail systems, functional safety and cybersecurity must operate as a unified framework. At Conclusive Engineering, we specialize in resolving the tension between these two domains. While functional safety remains the highest priority, we prepare custom exported recommendations for the system where safety constraints prevent a full, standard implementation of a cybersecurity norm.

Safety standards

Our safety-critical software design natively incorporates hardened cybersecurity measures to eliminate vulnerabilities from a functional safety perspective:

  • Input Validation: We enforce strict field and value verification for all data packets transmitted over the network to eliminate communication anomalies.

  • Secure Communications:We protect all external communication channels using TLS encryption and robust session management.

  • Security Error Handling: Our software generates automated security syslog messages the moment it recognizes improper system behavior or corrupted content.

Our Deep Tech Ecosystem

We work at the lowest levels of hardware and software integration. Here is the technology matrix we leverage to build resilient, compliant railway solutions:

Category Supported Technologies & Architectures
Safety Standards EN 50126, EN 50128, EN 50129 (Up to SIL-4)
Cybersecurity Standards EU Cyber Resilience Act (CRA), IEC 62443 (Parts 2-1, 2-4 up to SL3), NIST, FIPS 140-3
Architectures & OS PowerPC (P2010), ARM (Marvell Sheeva), RISC-V PolarFire, Linux, FreeBSD, ZephyrRTOS, FreeRTOS
Crypto & Network Security TPM (built-in/I2C), PKI (EJBCA, x509), PKCS 11/12/15, IPSEC, IKE v1/v2, SSH, TLS, OpenVPN, 802.1x, Radius, Kerberos
Static & Dynamic Analysis PC-Lint, VectorCast, SonarQube, Cppcheck, Coverity, gcov (Structural Coverage / MC/DC)
Vulnerability Scanning (SCA) Snyk, Black Duck, CVE feed monitoring
Share your project details

Partner with Conclusive Engineering

Whether you are building next-generation signaling systems, maintaining legacy rolling stock kernels, or scaling up your EN 50128 compliance framework, we have the hardware-software boundary expertise to make it happen.

Let’s discuss how we can accelerate your rail R&D pipeline
Embedded systems services by Conclusive Engineering

Talk to Conclusive Engineering Experts 

Submit your project details and a Conclusive Engineering expert will contact you soon to discuss how we can support your project.

Trusted partner by leading tech companies:

stars

“We found that they were very resourceful; they suggested improvements even though they didn't have expertise in our specific industry, which ultimately resulted in a product that exceeded our initial requirements."

Robert Young

VP of R&D, Dental Products & Services Company

Talk to Conclusive Engineering Experts 

Submit your project details and a Conclusive Engineering expert will contact you soon to discuss how we can support your project.