Security | Timesys Embedded Linux

Managing vulnerabilities: The importance of security notification and how to leverage Timesys’ solution

by Steve Bedford | March 20, 2018 | 0 comments

Security Is Important

No matter what industry you’re in, maintaining the security of your software is vital. It may be obvious that medical devices need to protect patients and their privacy, but a range of consumer gadgets fueling the IoT have also been targeted and used to cause real damage.

When security is an afterthought and products are near release, and especially when they are already in the field, addressing vulnerability issues becomes a lot riskier and much more costly. This is one reason that we advocate for designing with security in mind from the beginning. Since most open source vulnerabilities are fixed by upgrading to a new version or applying a patch, it’s important to make scanning for Common Vulnerabilities and Exposures (CVEs) and applying their fixes a regular part of the development process.

Continue reading “Managing vulnerabilities: The importance of security notification and how to leverage Timesys’ solution” »

Meltdown and Spectre vulnerabilities

by Akshay Bhat | February 5, 2018 | 1 comment

Updated on 8/14/2018

Google Project Zero team discovered a method to read privileged memory from user space by utilizing CPU data cache timing to leak information out of mis-speculated execution. Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For more details refer to this blogpost.

So far, there are three known variants of the issue:

Variant 1: bounds check bypass (CVE-2017-5753)
Variant 2: branch target injection (CVE-2017-5715)
Variant 3: rogue data cache load (CVE-2017-5754)
Variant 3a: rogue system register read (CVE-2018-3640)
Variant 4: speculative store bypass (CVE-2018-3639)

Variants 1 & 2 are referred to as Spectre and Variant 3 as Meltdown.

Timesys has been monitoring vendor websites and open source mailing lists regarding affected CPUs and software mitigation strategies, and below are our findings:

Continue reading “Meltdown and Spectre vulnerabilities” »

Trusted Software Development Using OP-TEE

by Akshay Bhat | October 16, 2017 | 0 comments

This blog aims to introduce the concept of Trusted Execution Environment (TEE) and how end users can leverage open source software to safely deploy applications that require handling confidential information.

Continue reading “Trusted Software Development Using OP-TEE” »

Secure Boot and Encrypted Data Storage

by Akshay Bhat | July 13, 2017 | 7 comments

What is secure boot?

Secure boot ensures only authenticated software runs on the device and is achieved by verifying digital signatures of the software prior to executing that code. To achieve secure boot, processor/SoC support is required. In our experience, some of the more secure boot friendly processors with readily available documentation are NXP i.MX/QorIQ Layerscape, Xilinx Zynq, Atmel SAMA5, TI Sitara and Qualcomm Snapdragon series. Some TI Sitara processors (AM335x) might involve TI factory programming of signing keys and custom part numbers.

Continue reading “Secure Boot and Encrypted Data Storage” »

Securing Embedded Linux Devices

by Akshay Bhat | May 26, 2017 | 0 comments

Embedded devices have unique security needs ranging from IP protection, anti-cloning / anti-counterfeit capability, device software integrity, user data protection, securing network communication, device authentication and ability to run only trusted applications. A wide range of open source technologies are available that can help implement the aforementioned security requirements. However, it is not always apparent which mechanisms are best suited for a given use case, resulting in a steep learning curve. This blog series aims to give a high-level overview of the different methods to secure your product and help accelerate your trusted software deployment.

Continue reading “Securing Embedded Linux Devices” »

Software / Firmware Update Design Considerations

by Akshay Bhat | March 30, 2017 | 0 comments

The Internet of Things (IoT) has quickly led to the deployment of ubiquitous, unattended devices throughout our homes, offices, factories and public spaces. In this continuously expanding connected world of devices and IoT, the need to update/upgrade your product’s software/firmware is a certainty. There is no single software update approach that fits all, but there are key questions you should consider when designing your approach. They are: Why, When, What and How.

Continue reading “Software / Firmware Update Design Considerations” »

Next Entries »

Managing vulnerabilities: The importance of security notification and how to leverage Timesys’ solution

Security Is Important

Meltdown and Spectre vulnerabilities

Trusted Software Development Using OP-TEE

Secure Boot and Encrypted Data Storage

What is secure boot?

Securing Embedded Linux Devices

Software / Firmware Update Design Considerations

Search

Recent Articles

Topics

Managing vulnerabilities: The importance of security notification and how to leverage Timesys’ solution

Security Is Important

Meltdown and Spectre vulnerabilities

Trusted Software Development Using OP-TEE

Secure Boot and Encrypted Data Storage

What is secure boot?

Securing Embedded Linux Devices

Software / Firmware Update Design Considerations

Search

Recent Articles

Topics

Subscribe to Our Blog