In our internet connected world, which relies on a growing volume of software – it’s crucial that new products are created with security in mind. Yet much of the software we create or depend on is written with memory-unsafe languages such as C and C++ – It’s a worrying fact given that 70% of all …
Power-failure-tolerant bootloader flashing on eMMC
It’s a widely held misconception that flashing a bootloader on a device in the field is risky. The reason is that if power is removed from the device during update, then the bootloader may only be partially flashed and thus won’t boot. This view is correct for devices that boot from a single location without …
Yocto Security Hardening: CVEs
The volume and complexity of the software running in embedded devices is not only astonishing but ever increasing – yet each additional line of code has the potential to introduce a security vulnerability. An attacker may only need to exploit one single vulnerability for a bad outcome to occur. Therefore the obvious way to reduce …
Booting Linux from Linux with kexec
The Linux kernel feature known as ‘kexec‘ allows you to boot from the currently running kernel into a new kernel – effectively turning a Linux distribution into a feature-rich bootloader. This shouldn’t be confused with virtualisation technologies that allow you to run Linux as a guest. This capability has been around since 2005 (2.6.13) and …
A Global Variable in U-Boot that caused a Hang
The best type of software bug is one where you get to learn something along the way. Like any good disaster, the bug we’re going to explore is one that arose from a chain of unexpected events and bad assumptions. This bug relates to uninitialised data and gives a good insight into the inner workings …
Multiple UVC cameras on Linux: an unexpected challenge
Earlier this year one of our customers presented us with an unexpected problem: they weren’t able to stream video from multiple USB UVC web cameras – instead they got a “No space left on device” error. In our quest to provide a solution we learnt a little about USB and so we thought we’d share …
Xmas Charity Fundraiser 2020
This Xmas the Good Penguin is raising money for Sparkle, a charity in our local community that supports children, young people, and their families, with disabilities and/or developmental difficulties. Verity Cadwallader, a corporate fundraiser at Sparkle tells us, “We support over 300 families per week through delivering activities and clubs such as independent living skills, …
Build and Boot U-Boot and Linux on a Raspberry Pi 3 Model B+
With more than 30 million units in existence, the Raspberry Pi provides for an accessible and low-cost way to play with an ARMv8 embedded device using the latest and greatest upstream sources. In this post we’ll walk through the steps required to build U-Boot, the Linux kernel and a filesystem, as well as the steps …
i.MX6 UL Bus Encryption Engine (BEE) in the Linux Kernel
The ubiquitous i.MX6 Ultra Lite is high performance processor that offers a wide range of hardware security features such as ARM TrustZone, High Assurance Boot (HAB) and a Cryptographic Acceleration and Assurance Module (CAAM). The exact features and details depend on the specific part and are documented in detail in the Security Reference Manual (locked …
Discovering CPU features from userspace with ELF_HWCAP
As hardware architectures evolve they introduce new features – many of these features are abstracted away by the kernel yet result in some benefit to the user such as improved security or performance. However some features, like the introduction of a new CPU instruction can only benefit user-space if user-space is able to determine that …