A Timesys Deep Dive Embedded Systems Newsletter
WHAT’S INSIDE
- Cybersecurity news: Technical Advisory – Multiple Vulnerabilities in U-Boot
- All the latest security solutions in the Embedded World.
- Why use PKCS#11?
- API Toolkit updates to Vigiles, our purpose-built vulnerability management tool that adapts to your SDLC process.
- Learn with Timesys: blogs and webinars galore
- Upcoming event: NXP Tech Day
Cybersecurity in the News: Technical Advisory – Multiple Vulnerabilities in U-Boot
According to the NCC Group Research: “U-boot is a popular boot loader for embedded systems with implementations for a large number of architectures and prominent in most Linux based embedded systems such as ChromeOS and Android Devices. Two vulnerabilities were uncovered in the IP Defragmentation algorithm implemented in U-Boot, with the associated technical advisories below:
- Technical Advisory – Hole Descriptor Overwrite in U-Boot IP Packet Defragmentation Leads to Arbitrary Out of Bounds Write Primitive (CVE-2022-30790)
- Technical Advisory – Large buffer overflow leads to DoS in U-Boot IP Packet Defragmentation Code (CVE-2022-30552)”
Need more info on these vulnerabilities?
Want to stay ahead of threats? Lucky you: we launched the Timesys CVE Dashboard and update it weekly with details on the dangerous security vulnerabilities that could be affecting your device.
All the latest security solutions in the Embedded World
From June 21 to June 23, Timesys showcased the latest security solutions as a featured partner with our friends at STMicroelectronics and AWS at Embedded World in Nuremberg, Germany.
Missed Embedded World this year? Check out this video with Kamel Kholti, MPU Product Marketing Manager, showcasing how Vigiles enriches the STM32MP1 ecosystem and how Timesys, Foundries.io, and STMicroelectronics are bringing solutions that provide you the support and security you need to get to market faster.
IoT Security Simplified with VigiShield Secure by Design
Why use PKCS#11?
PKCS#11 provides applications a platform independent manner of using keys securely and can also be configured to ensure the keys are never exposed to the application, hence vastly reducing the attack surface. For example, applications can request signing or encrypting data without ever needing to know the private keys.
For customers seeking enhanced security and key provisioning, VigiShield Secure by Design provides the core security features your device needs with an easy-to-understand, PSA certified, maintainable Yocto security layer.
For more information about securing IoT device keys with PKCS#11, read our PKCS#11 with OP-TEE: Securing IoT device keys article in our blog library.
Linux OS and BSP Maintenance
Can You Reduce the Cost of Long-Term Maintenance for Your Product AND Stay Secure?
This best-in-class vulnerability monitoring and remediation tool combines a curated CVE database, continuous security feed based on your SBOM, powerful filtering, and easy triage tools so you don’t get blindsided by vulnerabilities.
But at Timesys, we don’t stop there. We’ve been listing to the customer requests and feedback and are working on augmenting the APIs so you can implement your own dashboards and filter notes and alerts based on what’s most important to you.
This module update will also:
- Integrate with your existing SDLC software through a python package for interacting with the Vigiles API so that users are able to write scripts or integrate Vigiles into their own tools.
- Include all the most common tasks available through command line prompts. This will enable users to perform tasks such as applying a patch for a CVE, conducting a test build, and fetching a comparison between scans before and after to attach to the internal bug tracker.
- And add a reference implementation for users using their own code to interact with the API, in order to compare results and translate segments into your language of choice.
Timesys in the News: Atul Bansal of TimeSys Talks Open-Source Software on TechVibe Radio.
On Sunday, June 26, Timesys CEO Atul Bansal joined TechVibe Radio host Jonathan Kersting at 6 AM to “geek out” about the importance of Cybersecurity, especially for connected devices.
If you missed the segment and would like to hear the inside secrets of how Timesys’ expertise, OEMs, ODMs, and design houses cut development costs and accelerate time-to-market for devices and IoT systems, check out the recording of the discussion on TechVibe’s archive.
Read Up On Embedded Security With Our Blogs
Learn how you can implement file system verification on your embedded system without the use of an initramfs. This can significantly save boot time and storage requirements in many situations.
Learn about ways in which you can protect and secure U-Boot implementations on your embedded systems. This involves signed FIT images, environment protections, and serial console disablement methods.
Upcoming Events
Conferences Around the World You Don’t Want to Miss
NXP Tech Day Irvine
Global Training Program
June 30, Irvine, CA
Join us for an insightful presentation: Secure by Design – Building Secure IoT Solutions.
Security Vulnerability Management 101
Tool & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM
In this monthly live webinar and Q&A session, you’ll learn:
– Why you need to manage your open-source software risks
– How to generate an accurate SBOM (Software Bills of Materials) and why it matters
– Tools and techniques to monitor and remediate vulnerabilities in your SBOM
– And much more!