Timesys’ security expertise helps manufacturer of industrial welding products deliver a secure IoT gateway for its factory installed products
A leading manufacturer of industrial welding solutions recognized its IoT connected products could become vulnerable at any time after release. And in today’s heightened security breach environment, the company wanted to be sure its devices were protected against the risk of a security issue that affects the product or its customers. To monitor the welders, the manufacturer needed to be sure all of its installed products in any customer’s factory could connect securely to its cloud
For the manufacturer to monitor the welders, the products needed to connect to its cloud via an IoT gateway that featured an Advantech custom RSB-4411 design based on an NXP i.MX 6 series processor and was built with an Advantech/Timesys Yocto BSP. To protect the IoT gateway from the risk of security issues, the manufacturer’s engineering team would need to implement technologies to ensure it is running authorized code and that the update package is distributed securely. However, the team needed additional engineering expertise to implement the secure cloud-based update mechanism.
The company engaged with Timesys, to leverage Timesys’ years of embedded Linux development experience and software security expertise.
To secure the product and update mechanism, Timesys
- Enabled secure boot/high assurance boot (HAB) which is supported by i.MX 6 and hardened the system by disabling JTAG and serial console to prevent unauthorized access to the software in the filesystem,
- Encrypted the entire image/filesystem using dm-crypt to protect the eMMC chip from being read and subsequently counterfeited if removed from the device,
- Encrypted the update image since it contained the IP,
- Enabled secure firmware update to help prevent unauthorized/malicious software from being installed on the product, and
- Protected certain partitions from being updated during update to maintain configuration, user data across updates.
Timesys provided the security expertise and embedded software engineering skill set needed to ensure the IoT gateway has the strong security posture possible. By engaging with Timesys for Secure by Design Services, the company was able to protect its factory-deployed devices and customers using them against the risk of a security issue, and it was able to do so in a time- and cost-efficient way.