From customer expectations to cybersecurity regulations, the demand for security assurance of devices has never been greater. Yet device manufacturers find it challenging to secure Linux devices. Establishing a secure Linux platform requires deep expertise and time investment; right from selecting the processor with the necessary security features, researching and configuring the myriad of open source software modules, and having the necessary mechanisms to regularly maintain security of the device through its life. Besides securing the system software, the device manufacturers need to worry about application security and keeping end customer data confidential. Hence the road to security is a long and expensive journey.

One of the best ways to reduce the cost of security development, improve security posture and bring secure devices to market faster is by leveraging off the shelf pre-certified components. PSA certified provides a framework for security assessment and certification of processors, system software (e.g: Linux OS, RTOS) and devices evaluated by independent labs. Device manufacturers can leverage PSA Certified components (processor and system software) to quickly start with a secure platform and focus on their value add software. Optionally they can submit their devices for certification as well to give the end consumer a peace of mind. PSA certified components also align with meeting industry security standards such as NISTIR 8259A and ETSI EN 303.


Image credit: PSA Certified


Timesys has developed VigiShield Secure By Design, a PSA certified system software which device manufacturers can leverage to bring secure Linux devices to market faster. VigiShield is available in the form of a Yocto layer and is highly configurable to support custom hardware/BSP or any custom security needs. Out of the box, it includes security features such as software integrity (secure boot and chain of trust), secure storage, secure over-the-air (OTA) updates, linux kernel and system hardening, secure communication, locked hardware ports, security audit logs and more. Additionally Timesys supports manufacturing tooling required for secure software provisioning. The security layer leverages the best in class open source solutions to bring easily maintainable security feature implementation to your Yocto based Linux distro.

The other major challenge device manufacturers face is the long term security maintenance of their Linux devices. With more than 350+ new vulnerabilities reported each week, it is a daunting task to monitor their applicability to the open source components used in devices and issue security updates. Timesys Linux OS/BSP Maintenance subscription service provides long-term security updates and maintenance of your Linux OS. Using this service device manufacturers can rely on timely security updates that can be deployed to devices in the field with the secure and robust OTA update mechanism included in VigiShield. 

With security built-in, device manufacturers can focus more on innovation during the product development process and get to market faster. Schedule a VigiShield consultation today.