The EU Cyber Resilience Act (CRA) is a piece of legislation designed to significantly enhance the cybersecurity of hardware and software products with digital elements placed on the European Union market. It’s the first regulation of its kind globally to impose such comprehensive cybersecurity requirements across the entire product lifecycle. The CRA came into force …
Category: Security
Secure Storage with i.MX 95 Verdin EVK using Trusted Keys with OP-TEE
In our previous blog post, we explored securing keys and certificates with Toradex’s recently launched i.MX 95 Verdin Evaluation Kit. We also demonstrated how to build and customise a Yocto reference image for the i.MX 95 Verdin EVK, leveraging OP-TEE and PKCS#11 which you can find here. Another essential aspect of achieving a high level …
Securing Keys and Certificates with i.MX 95 Verdin EVK using PKCS#11 with OP-TEE
Toradex recently launched the i.MX 95 Verdin Evaluation Kit, designed to accelerate next-generation Edge AI, automotive, industrial and medical applications all of which are industries that require high levels of security. An essential aspect of achieving a high level of security is the management and storage of cryptographic keys. This is crucial for authenticating to …
Exploiting a Buffer Overflow Vulnerability for Remote Code Execution in Nginx
Protecting devices from malicious use is often a cat-and-mouse game between security researchers identifying software vulnerabilities (CVEs) and product-makers patching them before attackers can exploit them. As a result, devices can no longer be developed, shipped and forgotten. Instead, manufacturers must commit to keeping those devices up to date and free from critical vulnerabilities for …
ETSI EN 303 645: Cyber Security for Consumer Internet of Things
We increasingly rely on internet connected devices in our day-to-day lives, with consumer devices that include door bell cameras, thermostats, children’s toys and home assistants. However the cyber security of these devices doesn’t always live up to the trust we place in them to reliability perform their function and protect our personal data. It’s often …
i.MX Code Signing using a YubiHSM 2 Hardware Token from Yubico
Code signing is fairly ubiquitous and is a cryptographic technique for verifying the authenticity of a binary. It is often used as part of the secure boot process of an embedded device where software components of the bootchain are verified by the previous component. For example, the on-chip ROM in a SoC will verify the …
Linux Yocto layer for the ARM Morello board
We have recently developed and now maintain the meta-morello Yocto layer for ARM’s Morello board which has now became part of the official software stack. The layer is capable of providing the firmware image that goes on the SD card and a bootable image with Linux that goes on the USB stick, these two images …
ARM Morello with Linux
ARM has recently made their Morello development on the Linux kernel public and since we are lucky enough to have access to the Morello board we decided to give this a spin. This is in contrast to our last blog post which used an Android stack and ran in a simulator. Kernel development in the …
Baking Android for ARM Morello without Morello
Access to ARM Morello boards is fairly limited at the moment, but we can still explore the new architecture with the help of a Fixed Virtual Platform (FVP) and software stack packages that are available from ARM. In a previous blog post we provided an introduction to Arm Morello and CHERI. In this post we’re …
Introducing Arm Morello and CHERI
Most serious errors and security threats in software originate from pointer overflows, pointer overwrite and memory miss-management. This causes invalid/un-authorised memory addresses to be interpreted as valid references which in turn results in applications accessing restricted or unavailable memory. Such access can be exploited by an attacker to inject malicious data into memory, take control …