Login    1.866.392.4897   sales@timesys.com   English Japanese German French Korean Chinese (Simplified) Chinese (Traditional)
Timesys VigiShield Secure by Design Security Services

Security Feature Implementation

VigiShield Secure by Design

Leverage our embedded device expertise to implement the core security features your device needs with an easy-to-understand, PSA certified, maintainable Yocto security layer.

Start the Conversation

Security Simplified

Need help implementing internal cybersecurity requirements or meeting industry standards?

Looking to collaborate with security experts to bring in best-in-class technologies to secure your devices?

Need help implementing internal cybersecurity requirements or meeting industry standards?

Looking to collaborate with security experts to bring in best-in-class technologies to secure your devices?

With VigiShield Secure by Design, we’ve distilled the security feature implementation process down into an easy-to-understand security layer that can be configured to meet your current customer and regulatory (e.g. NISTIR 8259A and ETSI EN 303) requirements.

VigiShield leverages widely used open source technologies, enables underlying hardware capabilities for best performance, and implements the security best practices recommended by regulatory and industry-specific bodies (FDA, IEC, etc).

With security built-in using VigiShield, device manufacturers can focus more on innovation during the product development process and get to market faster.

Requirement VigiShield Secure by Design* ETSI EN 303 645 NIST 8259A SB-327
Authentication/Password x x x x
Configuration x   x  
Crypto x x x  
Hardening x x x  
Logging x   x  
Secure Storage x x x  
Update x x x  

* PSA Certified Level 1 Version 2.0

Take advantage of our embedded security expertise.

For more than 20 years, Timesys has been the industry’s trusted partner for secure embedded software design and development. We provide device makers and system developers with tools and services to accelerate time to market and develop more secure products.

VigiShield Security Features

Prevent Firmware Tampering

Secure Boot / Chain of Trust

Ensure your device is not running tampered software by verifying its authenticity before execution. Establish software authenticity all the way from the bootloader to user applications by implementing:

  • Verified bootloader (NXP i.MX / QorIQ, Qualcomm Snapdragon, TI Sitara, Atmel SAMA5, Xilinx Zynq, NVIDIA® Jetson™, STM32MP1, Intel® x86 and Atom™, etc.) integrated with Yocto, Buildroot and more
  • Linux kernel verification (FIT image, SoC specific mechanisms)
  • Root filesystem verification (dm-verity, FIT image)
secure boot and chain of trust security implementation for embedded Linux
encryption and secure key storage services for embedded Linux

Keep Your IP and User Information Safe

Device Encryption and Secure Storage

You can protect IP and sensitive user information by encrypting data/software. It is also critical to protect the key used for encryption using a secure storage mechanism. Additionally, software that handles confidential data should run from within a hardware/software-isolated environment. We provide:

  • Anti-cloning (IP and Data Protection)
  • Key management and secure key storage
  • Data protection using encryption — In use, in motion, and at rest
  • Trusted Platform Module (TPM)
  • Device identity and authentication

Keep Your Updates Safe

Secure Software Updates

Our solution provides a mechanism to update/deploy software securely and deny unauthorized software installs. We provide:

  • Over-the-air (OTA) updates of the software on your embedded system
  • Package updates
  • Full OS updates
  • Signing of packages and images
  • Server authentication
  • Prevention of unauthorized rollback
secure over-the-air updates implementation for embedded Linux

secure communication service for embedded Linux

Keep Your Data In Transit Secure

Secure Communication

Ensure the connection from the device to the cloud and/or any external devices is protected. VigiShield secures device communication:

  • Authenticated and encrypted connections
  • Protection of device certificates/keys
  • Use best-in-class ciphers

Keep A Paper Trail

Security Audit Logs

Record any runtime security violations/breaches on the target system. VigiShield has:

  • Encrypted audit logs with user authentication
  • Customizable policies for recording security incidents

security audit log service for embedded Linux

security hardening service for embedded Linux

Lock It Down


Our Linux kernel hardening service focuses on system configurations needed to reduce your product’s attack surface, decrease risk of compromise, and minimize breach impacts including:

  • Access and authorization
  • Vulnerabilities
  • Logging of all user access
  • Logging of access level changes by any program
  • Disabling unused services and ports
  • Addressing issues from penetration testing reports
  • Security-oriented configurations for packages and kernel

    Know Where Your Software Comes From and Stay Resilient

    Software Supply Chain Security

    VigiShield Secure by Design helps you gain visibility into your software supply chain and secure it by:

    • Choosing the right open source software
    • Implementing end-to-end framework for supply chain integrity
    • End-to end-review of system security
    • SBOM and vulnerability report

      secure your embedded Linux software supply chain

      VigiShield Add-Ons

      Yocto/BSP and Security Customizations

      Apart from the standard PSA certified VigiShield offering, we provide customizations as part of our Professional Services which covers hardware enablement, Yocto customizations, custom security feature implementations, address issues from penetration testing reports, integration with device management / IoT cloud services, and more!


      Security Training

      Whether you are new to security, looking for consultation to refine your security requirements or help integrating our solutions into your processes; we can help with our customized security training offerings.


      Trusted Applications for Secure OS

      For customers seeking enhanced security and key provisioning, we have expertise in implementing “trusted applications” that can be deployed on a secure OS (e.g: OP-TEE, Trusty, etc) running on a trusted execution environment. Ensure your keys are never exposed and vastly reduce the attack surface of your applications by provisioning keys and certificates into the PKCS#11 compatible keystore.


      Secure manufacturing assistance

      We have expertise in developing the manufacturing tooling required for secure software programming and provisioning. We can help integrate your custom or 3rd party solutions for securely storing device certificates.


      Long Term Linux OS security and maintenance

      Timesys Linux OS/BSP Maintenance subscription service provides long-term security updates and maintenance of your Linux OS. Using this service, device manufacturers can rely on timely security updates that can be deployed to devices in the field with the secure and robust OTA update mechanism included in VigiShield.


      System Security Audit and Review

      By performing a risk analysis, our audit services can help you determine what potential threats your system might encounter and what should be secured.



      System Security Baseline

      PSA Certified     NXP i.MX8
          ST STM32MP SoCs
          NXP i.MX6
          NXP QorIQ
          Xilinx Zynq, Ultrascale+
          NVIDIA Jetson
          Qualcomm Snapdragon
          TI Sitara AMxxx
          Microchip/Atmel SAMA5
          Intel x86 and Atom
      security services to help you reduce the attack surface of your embedded Linux device

      Reduce the attack surface of your device

      Improve the security posture of your device by auditing, hardening, optimizing your software footprint, and implementing secure boot and chain of trust.

      security services that help you avoid productions delays

      Avoid production delays by securing your software supply chain

      Avoid the rework and cost overruns that come with deploying security too late in design. Leverage detailed SBOMs and an end-to-end framework to ensure the integrity of your software supply chain.


      Start the Conversation

      Stop worrying about how you are going to find the engineering time and in-house expertise to give your product the professional architecture and security attention it needs.

      See the impact of Secure by Design in action

      Secure Boot in Industrial Welding


      Case Study

      Secure Boot in Industrial Welding

      Timesys’ security expertise helps manufacturer of industrial welding products deliver a secure IoT gateway for its factory installed products

      Read the Case Study



      Establishing secure boot and chain of trust

      Explore the “Secure by Design” approach to software security for embedded systems using NXP i.MX processors.

      Watch the Webinar

      VigiShield Secure By Design for Yocto



      VigiShield Secure By Design for Yocto

      Explore the “Secure by Design” approach to software security for embedded systems using NXP i.MX processors.

      Read the Blog

      IoT security simplified with PSA Certified VigiShield



      IoT security simplified with PSA Certified VigiShield

      From customer expectations to cybersecurity regulations, the demand for security assurance of devices has never been greater.

      Read the Blog

      Securing U-Boot: A Guide to Mitigating Common Attack Vectors


      Securing U-Boot: A Guide to Mitigating Common Attack Vectors

      Learn about ways in which you can protect and secure U-Boot implementations on your embedded systems.

      Read the Blog

      News Releases

      Timesys VigiShield Secure By Design Announces PSA Certification

      With VigiShield Secure by Design, Timesys has distilled the security feature implementation process down into an easy-to-understand, PSA Certified, maintainable Yocto security layer

      Read the Blog