Security is a key consideration when developing new devices. Anyone who has been involved with systems security knows: Security requires ongoing commitment! Software components (and, as recent events have shown, hardware components also) may contain bugs which have to be patched via an update. But how can updates be organised in such a way that they cannot be used for attacks or for perpetrating malware? Are there any tools available that can help? How can I ascertain that only trusted software is used on my device?
This training provides an overview of the most significant design concepts and recommended tools to execute a safe update of systems based on Linux. The course consists of 2 modules. The first module deals with the opportunities which modern system-on chips offer in combination with hardware, bootloader and operating system to ensure a secure boot. You will be introduced to various implementations of hardware-assisted security mechanisms (built-in, TPM, crypto chip = root of trust), as well as software-based approaches (chain of trust).
In the second module we will introduce you to an open-source framework for updating your system. Because when it comes to updates, there is no need to reinvent the wheel! There is software available that can be re-used and customized for specific applications. Here again, the focus is on security. The framework allows an update on the basis of complete images, but also on file-based packages. Next to over-the-air updates, all other media for file transfer are supported.
Update scenarios that run the final system with third-party software but are required to have their update carried out by the OEM, are supported by the framework which will be presented.
In addition, efficient update routines require a powerful and easy-to-apply roll-out service. We will introduce you to an appropriate open source project which fully corresponds with the demonstrated update framework. Besides customizing the look and feel for the user, this service also supports security-relevant requirements such as authentication, encryption, as well as push and pull features for communication with end-user devices. Different device management protocols may be applied.
To participate in this course, a basic knowledge of the Linux operating system and profound practical knowledge of Shell are required.
Duration: 1 day
Dates for 2019 coming soon.
Course fees: 950,- Euro excl. VAT
Registration: Contact us at "schulung[at]linutronix[dot]de"