The latest Long Term Support (LTS) version of Yocto was released last month with the code name “Scarthgap” – presumably named after a mountain pass in the Lake District national park. It promises 4 years of support, meaning regular point releases with security and bug fixes. In the context of increasing regulatory requirements for cyber …
Tag: Security
Linux Yocto layer for the ARM Morello board
We have recently developed and now maintain the meta-morello Yocto layer for ARM’s Morello board which has now became part of the official software stack. The layer is capable of providing the firmware image that goes on the SD card and a bootable image with Linux that goes on the USB stick, these two images …
ARM Morello with Linux
ARM has recently made their Morello development on the Linux kernel public and since we are lucky enough to have access to the Morello board we decided to give this a spin. This is in contrast to our last blog post which used an Android stack and ran in a simulator. Kernel development in the …
Yocto Security Hardening: Security Flags
In our internet connected world, which relies on a growing volume of software – it’s crucial that new products are created with security in mind. Yet much of the software we create or depend on is written with memory-unsafe languages such as C and C++ – It’s a worrying fact given that 70% of all …
Yocto Security Hardening: CVEs
The volume and complexity of the software running in embedded devices is not only astonishing but ever increasing – yet each additional line of code has the potential to introduce a security vulnerability. An attacker may only need to exploit one single vulnerability for a bad outcome to occur. Therefore the obvious way to reduce …
i.MX6 UL Bus Encryption Engine (BEE) in the Linux Kernel
The ubiquitous i.MX6 Ultra Lite is high performance processor that offers a wide range of hardware security features such as ARM TrustZone, High Assurance Boot (HAB) and a Cryptographic Acceleration and Assurance Module (CAAM). The exact features and details depend on the specific part and are documented in detail in the Security Reference Manual (locked …