The manufacturer of a CNC machine engaged with Timesys prior to heading into production with their product. The company spent five years on developing their state-of-the-art precision cutting device and thousands of hours testing it, so they needed to be sure their product couldn’t easily be counterfeited or the software extracted.
The product was built using an NXP i.MX6 based Variscite SOM and Variscite Yocto BSP, and the product engineering team had done some initial research on technologies they could apply to secure the device. However, the team had little embedded development experience and needed additional engineering expertise to provide options and recommendations for protecting their device against IP theft and to implement the agreed upon solution.
To secure the device, Timesys:
Enabled secure boot/high assurance boot (HAB) which is support by i.MX6 and hardened the system by disabling JTAG and serial console to prevent unauthorized access to the software in the filesystem,
Encrypted the entire image/filesystem using dm-crypt to protect the eMMC chip from being read and subsequently counterfeited if removed from the device,
Encrypted the update image since it contained the IP, and
Enabled secure firmware update to help prevent unauthorized/malicious software from being installed on the device.