A Timesys Deep Dive Embedded Systems Newsletter

July 2022

Cybersecurity News: Spectre-based speculative-execution attack can expose secrets

According to The Register: “Older AMD and Intel chips are vulnerable to yet another Spectre-based speculative-execution attack that exposes secrets within kernel memory despite defenses already in place. Mitigating this side channel is expected to take a toll on performance.

In short, rogue software on a machine can exploit Retbleed to obtain from memory it shouldn’t have access to – such as operating system kernel data – passwords, keys, and other secrets.”

Retbleed has been designated CVE-2022-29900 for AMD, and CVE-2022-29901 and CVE-2022-28693 for Intel. AMD is also using CVE-2022-23816 and CVE-2022-23825 to track Retbleed, which it calls a branch type confusion.

Need more info on these vulnerabilities?

Want to stay ahead of threats? Lucky you: we launched the Timesys CVE Dashboard and update it weekly with details on the dangerous security vulnerabilities that could be affecting your device.

Take me to the CVE Dashboard
Vigiles API Toolkit Now Available

What’s new in the latest Vigiles release?

We heard our customers express a need for a simpler dashboard and easier access to SBOMs and CVE reports with an API Toolkit. We’re proud to announce that with the latest release of Vigiles (July 2022), the API Toolkit is now available.

You can now integrate Vigiles with your existing Software Development Lifecycle (SDLC) software and automate your CI/CD process without going through the dashboard.

With more than 350 new security vulnerabilities discovered per week, CVE monitoring and remediation and the need to generate accurate SBOMs has never been clearer or more of a top priority. With this new feature, you can now access all of the SBOMs and CVE reports without going to the dashboard, making it easier for you to be on top of security issues.

This feature enables users to write scripts or integrate Vigiles into their own tools and development, security, operations lifecycle through a python package for interacting with the Vigiles API.

In addition, all the most common tasks are now available through command line prompts. This enables users to perform tasks such as applying a patch for a CVE, conducting a test build, and fetching a comparison between scans before and after to attach to the internal bug tracker.

You can now add Vigiles to your security dashboard and create a custom security dashboard. 

Because one shoe doesn’t fit all, sometimes companies need to use multiple tools to track the security of their products. This feature makes it easier for our customers to build a security dashboard that fits their needs.

For example, the Nucleus team recently worked with Timesys to integrate Nucleus into the Vigiles dashboard, so for customers that utilize Nucleus, there’s an out-of-the-box integration already available. For an overview of how to sync your Vigiles monitoring data into the Nucleus console, see the Nucleus integration document here.

Remember, to generate an OpenWrt SBOM and CVE report, follow the instructions on the Vigiles-OpenWRT repo and to generate a CVE report for an existing SBOM, watch the how-to video here.

See the full Vigiles changelog here.

Test Automation and Remote Access Infrastructure

Bring your embedded device into your CI/CT process with Embedded Board Farm (EBF)

Are you trying to modernize your CI/CT for your embedded products? Do you want to run your test framework on a standardized test automation infrastructure, utilizing real hardware?

Take advantage of our Embedded Board Farm (EBF), and add your embedded products to your CI/CT process for higher quality and efficiency. With EBF, you can make your boards remotely accessible for collaborative software development, test automation, and debugging from anywhere in the world.

How can EBF help you?

  • Test Infrastructure for Your CI/CT – Embedded Board Farm’s REST API and Timesys IO controller hardware allow for seamless test automation on real hardware.
  • Standardize Your Processes – EBF’s open source API spec provides a standardized way to access resources on your board and control lab equipment.
  • Optimize Your Setup with a Scalable Infrastructure – Easily scale your test infrastructure by adding as many Devices Under Test (DUT) as needed, from any location
  • Secure Remote Access – Our Embedded Board Farm (EBF) puts project hardware and Board Support Packages (BSPs) at your fingertips by providing secure remote access for your developers, testers, support engineers, sales engineers and others.
  • Work on Your Own Boards – Unlike virtual BSP access solutions that just simulate BSPs, the EBF provides remote access to live hardware.
  • Streamline Development with Multi-user Access – Cut hardware-access-dependent development and testing costs by up to 80% and tighten production schedules with shared remote access.

For more information on how the Timesys Embedded Board Farm bridges geographical gaps and streamlines the debugging process:

Recap: Embedded World 2022

Inside look at VigiShield Secure by Design with AWS

At Embedded World in Nuremberg, Germany, Timesys partnered with AWS to present all the latest security solutions. Missed Embedded World this year? Check out this interview with Piotr Wojtaszczyk at the AWS kiosk on how the PSA-certified VigiShield Secure by Design adds an extra layer of protection:

Learn with Timesys

Read up on embedded security with our blogs

  • Linux Polkit: Implementing user space authorization on embedded platforms

    Learn how you can secure user space Linux applications in embedded devices by using Polkit (Policy Kit), and prevent full root privileges from being exploited to perform unauthorized operations.

Stay in your workflow with Command Line Interface (CLI) for Timesys Embedded Board Farm (EBF)

Learn more about how the Timesys Embedded Board Farm (EBF) lets you seamlessly access your hardware boards from anywhere as if it were right next to you, and how it’s even easier and more convenient with command line interface (CLI).

Read the Blog
Upcoming Events

Conferences Around the World You Don’t Want to Miss

NXP Tech Day Boston

Global Training Program

September 28th and 29th, Boston, MA

Join us for an insightful two days of presentations on things such as: The 5 things You Need To Know About Cybersecurity For IoT Intelligent Edge Devices: Mitigate Risk with Proactive Security Processes, What I Wish I Knew About My Security Before Designing My Product, and Protecting My Customer’s Al/Ml Algorithms With Device Encryption And Secure Key Storage.

Registration will open on Thursday, August 4th.

Security Vulnerability Management 101

Tools & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM

August 18 @ 12 PM ET / 9 AM PT

In this monthly live webinar and Q&A session, you’ll learn:

– Why you need to manage your open-source software risks
– How to generate an accurate SBOM (Software Bills of Materials) and why it matters
– Tools and techniques to monitor and remediate vulnerabilities in your SBOM
– And much more!

Subscribe to our newsletter so you don’t miss a thing.