A Timesys Deep Dive Embedded Systems Newsletter
July 2023
WHAT’S INSIDE
-
- Cybersecurity news: “Bringing back the stack attack”
- Coming Soon: Vigiles SBOM Manager to Address Compliance Challenges in Embedded Software Products
- Regardless of your embedded Linux build, you have to maintain your OS and BSP to stay ahead of security threats
- Share this newsletter with your colleagues and team!
- Learn with Timesys: Linux Kernel Security: dm-crypt with “trusted keys” using TEE backend
- Upcoming: Events Around the World You Don’t Want to Miss
- 4 Vulnerability Management Secrets for Embedded: Tools & Techniques
Cybersecurity in the news "Bringing back the stack attack"
According to the Project Zero team at Google, a complicated bug (CVE-2022-37454) found in the Linux kernel’s memory management (MM) subsystem can “allow a broad spectrum of uncontrolled arbitrary write primitives to achieve kernel code execution on x86 platforms.”
“While it is possible to mitigate this exploit technique from a remote context, an attacker in a local context can utilize known microarchitectural side-channels to defeat the current mitigations.”
Need more info on these vulnerabilities?
With an average of 420 new CVEs every week, how do you cut through the noise and take action on the vulnerabilities that pose the largest threat to your device?
We launched the Timesys CVE Dashboard and update it weekly with details on the dangerous security vulnerabilities that could be affecting your device.
Vigiles Upcoming Updates
Coming Soon: Vigiles SBOM Manager to Address Compliance Challenges in Embedded Software Products
With regulatory bodies around the world enacting measures to enhance the cybersecurity of medical devices and and standardize SBOM compliance requirements, Timesys is excited to announce an upcoming Vigiles SBOM update and introduce Vigiles SBOM Manager.
Some of the new Vigiles SBOM features that will be released soon include:
- Vigiles SBOM Manager: Simplify and expedite the SBOM management process for embedded software products, especially in regulated spaces like medical devices and automotive industries, with our brand-new SBOM Manager tier and an easy-to-use and comprehensive SBOM dashboard.
- NTIA-Compliant SBOM Generation for Yocto-Based Systems: Verify if your SPDX or CycloneDX SBOMs meet NTIA minimum element conformance standards, and seamlessly integrate your SBOM generation into your CI/CD pipelines for Yocto-based systems for continuous monitoring of component changes and vulnerabilities throughout the software development lifecycle.
- Real-Time Compliance Alert Notifications: Stay up-to-date with prompt notifications of license violations, new component additions, and specified CVEs with high and critical severity scores in your SBOMs.
- SPDX and CycloneDX Support: Import and export your SBOMs in industry-standard formats, such as SPDX or CycloneDX, or convert non-standard SBOMs into industry-standard formats for better compatibility and streamlined workflows.
- Advanced Search Capabilities: Quickly locate specific components across multiple SBOMs and search for CVEs associated with a given component for a streamlined vulnerability tracking and risk assessment process.
Stay tuned for more details in the coming days on this exciting new release!
Custom distribution and Maintenance
Regardless of your embedded Linux build, you have to maintain your OS and BSP to stay ahead of security threats
The outdated strategy of “freeze and release” — freezing a device’s software at product launch with no plan or process to update it in the field — puts devices at high risk of security compromise. Whether you use Yocto Project, Buildroot, or Timesys Factory build system, regular upgrades are needed to ensure device security, to apply bug fixes, and to support newer hardware and technologies.
Our Linux OS/BSP Maintenance subscription service provides long-term security updates and maintenance of your Linux OS/BSPs and is available for Yocto Project, Buildroot, and Timesys Factory build systems.
Long-Term Linux OS & BSP Maintenance provides:
- Regular updates that include bug fixes, support for new end-of-life parts, and new package features
- Less than half the cost of a junior engineer and frees up your resources so you can work on next-gen products
- Automated documentation of fixed vulnerabilities between releases to boost industry compliance
- Joint review and analysis to identify CVEs that pose the highest risk
- An emergency release in case of a zero day vulnerability
All at less than half the cost of a junior engineer, so you can free up your resources to work on next-gen products!
Learn with Timesys
Linux Kernel Security: dm-crypt with “trusted keys” using TEE backend
How do you protect your keys and prevent device cloning and counterfeiting?
In this blog, learn how to leverage Linux kernel “trusted keys” with the Trusted Execution Environment (TEE) backend to protect sensitive data and intellectual property (IP) through disk encryption. Find out how these trusted keys are sealed and protected by a hardware unique key (HUK), making them accessible only on specific hardware, and how the TEE backend offers a reliable and platform-agnostic method for implementing disk encryption to safeguard data and IP.
Upcoming
Events Around the World You Don’t Want to Miss
Preserving Trust in Your Software: Strategies for Enhancing Code Signing Key Security for Connected Devices
Timesys & NXP Live Webinar
August 17
In today’s digital landscape, code signing plays a crucial role in establishing trust and ensuring the integrity of software applications. However, the protection of code signing keys has become a prime target for malicious actors seeking to compromise software security. This webinar aims to equip you with invaluable insights and the best practices for safeguarding code signing keys, enabling you to enhance the security and integrity of your software.
Join us as delve into effective strategies, technologies, and industry standards that can help protect code signing keys and mitigate the risks of unauthorized software tampering and distribution.
Vulnerability Management for Embedded
Tools & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM
August 18 @ 12 PM EDT / 9 AM PT
In this monthly live webinar and Q&A session, you’ll learn essential ways to avoid a five-figure mistake along with:
– Why you need to manage your open-source software risks
– How to generate an accurate SBOM (Software Bills of Materials) and why it matters
– Tools and techniques to monitor and remediate vulnerabilities in your SBOM
– And much more!