In our previous blog post, we explored securing keys and certificates with Toradex’s recently launched i.MX 95 Verdin Evaluation Kit. We also demonstrated how to build and customise a Yocto reference image for the i.MX 95 Verdin EVK, leveraging OP-TEE and PKCS#11 which you can find here. Another essential aspect of achieving a high level …
Securing Keys and Certificates with i.MX 95 Verdin EVK using PKCS#11 with OP-TEE
Toradex recently launched the i.MX 95 Verdin Evaluation Kit, designed to accelerate next-generation Edge AI, automotive, industrial and medical applications all of which are industries that require high levels of security. An essential aspect of achieving a high level of security is the management and storage of cryptographic keys. This is crucial for authenticating to …
Exploiting a Buffer Overflow Vulnerability for Remote Code Execution in Nginx
Protecting devices from malicious use is often a cat-and-mouse game between security researchers identifying software vulnerabilities (CVEs) and product-makers patching them before attackers can exploit them. As a result, devices can no longer be developed, shipped and forgotten. Instead, manufacturers must commit to keeping those devices up to date and free from critical vulnerabilities for …
Xmas Charity Fundraiser 2024
This Xmas The Good Penguin is raising money for Alzheimer’s Society, a charity that aims to end the devastation cause by dementia by giving vital support to those who need it, funding research and by campaigning for change. Dementia, which can be caused by many diseases including Alzheimer’s, describes a set of symptoms that can …
Embedded Linux Conference 2024 Europe
Open Source Summit Europe 2024 happened in mid September In Vienna and incorporated the Embedded Linux Conference. The Good Penguin sent a group over to participate to both network and also to keep up to date on what new developments are happening, not just in the Embedded Linux space but also the broader Linux and …
ETSI EN 303 645: Cyber Security for Consumer Internet of Things
We increasingly rely on internet connected devices in our day-to-day lives, with consumer devices that include door bell cameras, thermostats, children’s toys and home assistants. However the cyber security of these devices doesn’t always live up to the trust we place in them to reliability perform their function and protect our personal data. It’s often …
The Good Penguin opens an Office in Newport, Wales
The Good Penguin is and has always been a fully-remote business with our employees based all across the UK. Being fully-remote allows us to hire the best engineers wherever they may be found – a significant benefit given the rare to find skills that are required for the specialist work we do. However, as our …
The Good Penguin speaks at the Embedded Open Source Summit 2024 in Seattle
Earlier this year, our founder Andrew Murray presented a talk at the Embedded Open Source Summit 2024 in Seattle. The talk was about SD cards, their performance and reliability. The synopsis of the talk follows: “The underlying storage of an SD card is NAND flash, which is inherently unreliable, has a limited number of program/erase …
i.MX Code Signing using a YubiHSM 2 Hardware Token from Yubico
Code signing is fairly ubiquitous and is a cryptographic technique for verifying the authenticity of a binary. It is often used as part of the secure boot process of an embedded device where software components of the bootchain are verified by the previous component. For example, the on-chip ROM in a SoC will verify the …
Linaro Connect 2024: Madrid
This year’s Linaro Connect event took place in Spain’s capital, the city of Madrid in May and several members of The Good Penguin attended the event for the conference aspects of the gathering. This event was different than your usual open source conference as Linaro Connect is also a vessel for Linaro employee’s to have …