October 2017 Open Source Embedded Linux Newsletter

October 2017

Timesys Security Services — Helping You “Secure by Design” and “Stay Secure”

Timesys has recently expanded its Engineering Services offering to include Security Services. From IP protection, anti-cloning / anti-counterfeit capability, device software integrity, and user data protection — to secure network communication, device authentication and the ability to run only trusted applications, our comprehensive security services offering addresses the unique security requirements for embedded devices.

Timesys’ Security Services helps you implement security early in the design of your open source embedded Linux based device as well as help you minimize security threats throughout its lifecycle. The security services we offer include:

Security audit,
Hardening,
Software authentication and runtime isolation,
OTA software updates and
Managing vulnerabilities.

Software Authentication and Runtime Isolation

To protect your device against running tampered software, you need to verify the authenticity of your software before execution. Timesys can help you implement:

Secure boot / chain of trust — Ensures that only authenticated software runs on the device
Trusted Platform Module (TPM) — Stores and protects the key used for encrypting the software/user data
Device identity and authentication — Protects the device from being counterfeited or hackers from extracting user/application data from the device offline
Trusted Execution Environment (TEE) / OP-TEE — Enables the deployment of trusted applications and ARM trusted firmware

To learn more about Timesys’ Security Services, including Software Authentication and Runtime Isolation, visit our website.

LEARN MORE

Watch for our next LinuxLink Alert newsletter which will focus on exploit monitoring, notification and patching, and securely deploying updates.

Upcoming Event | Qualcomm Developer Network presents

Timesys University Webinar Series: Developing for Industrial IoT with Linux OS on DragonBoard™ 410c

Join us for a Timesys University 4-part webinar series — Developing for Industrial IoT with Linux OS on DragonBoard™ 410c ‐ to explore the process of building an embedded Linux based device using the Qualcomm® Snapdragon™ 410E powered DragonBoard 410c development board from Arrow Electronics. With topics that cover build systems, deployment strategy, designing-in and managing security, device appearance and ease of user interaction, you’ll gain insight into various aspects of technology and design decisions developers face when choosing to build embedded Linux based products for this increasingly demanding and expanding connected world.

This Timesys University track consists of the following four sessions:

Introduction to DragonBoard 410 Development Board and Starting Development of Your Embedded Linux-based IIoT Device —
Recorded on Tuesday, October 24, 2017
Application Development for Embedded Linux —
Recorded on Tuesday, November 7, 2017
Building a State-of-the-Art User Interface with Qt —
Tuesday, November 21, 2017 at 9:00 AM PST
Embedded Products Security —
Tuesday, December 5, 2017 at 9:00 AM PST

You can find session descriptions and registration links on the Timesys website.

DETAILS / REGISTER

Qualcomm Snapdragon 410E is a product of Qualcomm Technologies, Inc.

Additions and Updates in the Factory

Recent Factory additions include:

cgmanager

Version: 0.41
Category: System
License: GPLv2
Description: CGManager is a central privileged daemon that manages cgroups through a simple D-Bus API.

dt-utils

Version: 2017.03.0
Category: System
License: Public Domain
Description: Userspace tools for the barebox bootloader.

mongodb

Version: 3.2.12
Category: Utility
License: AGPLv3, Apache-2.0
Description: MongoDB is a free and open-source cross-platform document-oriented database program.

mstpd

Version: 0.05
Category: Networking
License: GPLv2
Description: MSTPD (Multiple Spanning Tree Protocol Daemon) is an open source user-space daemon licensed under GPLv2. MSTPD is reported to be compliant with IXIA ANVL RSTP test suite, with the notable exception of looped-back BPDUs.

qupzilla

Version: 2.1.2
Category: Networking
License: GPLv3
Description: QupZilla is a new and very fast QtWebEngine browser. It aims to be a lightweight web browser available through all major platforms. QupZilla has grown into a feature-rich browser. QupZilla has all standard functions you expect from a web browser. It includes bookmarks, history (both also in sidebar) and tabs. Above that, it has by default enabled blocking ads with a built-in AdBlock plugin.

Recent Factory updates include:

bluez

Version: 5.47
Category: Networking

lm_sensors

Version: 3.3.3
Category: System

openssl

Version: 1.0.21
Category: Networking

qt5

Version: 5.9.1
Category: Graphics

xinetd

Version: 2.3.14
Category: Networking

Want to see all packages available in the Timesys repository?

FACTORY PACKAGES

Related Resources: Security

Below are recently added security resources.
Don’t miss a beat. Subscribe to our blog and YouTube channel as we frequently add new content.

Blog: Secure Boot and Encrypted Data Storage

Secure boot ensures only authenticated software runs on the device and is achieved by verifying digital signatures of the software prior to executing that code. To achieve secure boot, processor/SoC support is required. In our experience, some of the more secure boot friendly processors with readily available documentation are NXP i.MX, Xilinx Zynq, and Atmel SAMA5 series. Some TI Sitara processors support secure boot, but might involve TI factory programming of signing keys and custom part numbers.

Video: Secure Boot on i.MX 6Quad Processor Powered Advantech
DMS-BA16 Qseven Module

In this Timesys-built demo, you’ll see how secure boot ensures only authenticated software runs on a device. Watch as U-Boot detects a kernel image is unsigned and halts the boot process while displaying a warning to the user. See how U-boot then replaces the unsigned kernel image with a signed kernel image stored in the backup partition, and after restoration is complete, U-Boot goes on to boot the signed kernel image successfully.

WATCH NOW

www.timesys.com

To subscribe to the LinuxLink Alert newsletter, click here.

Timesys, TimeStorm and the Timesys logo are registered trademarks of Timesys Corporation. Linux is a registered trademark of Linus Torvalds in the United States and other countries. Qualcomm and DragonBoard are trademarks of Qualcomm Incorporated, registered in the United States and other countries. All other company and product names mentioned are trademarks and/or registered trademarks of their respective owners.