Embedded Yocto Security Hardening

Homepage Embedded Yocto Security Hardening

In this connected age, it often feels like every line of code is a battleground, especially when it comes to Embedded Yocto Security.

The number of threat surfaces and vulnerabilities a device is subject to seems to grow by the day. That’s why two of our top engineers got together with OTA wizards Mender to reveal insights that promise to reshape how you can handle device security. 🛡️

From trusty boot sequences to the art of crafting robust rescue systems, we navigated through the nuances of over-the-air updates, encrypted root file systems, and the elusive trust handshake in user configurations.

So, buckle up as we dive into our Yocto Distro Security Hardening webinar 👉, and check out our key takeaways below 👇

The Five Mechanisms of Cybersecurity

Security cannot be seen as a footnote in embedded software development. Instead, a “secure-by-design” approach must be taken to provide 360-degree hardening for your device.

There are a whole host of techniques you can use to secure your device, but it can help to divide them all into five groups.

Confidentiality: Encryption is the cornerstone of any hardening process. Tools such as LUKS, dm-crypt, and eCryptFS provide an extra layer of confidentiality.

Integrity: Secure boot and device integrity go hand-in-hand. There are many ways you can go beyond this, from verifying the integrity of entire partitions to getting real-time data during operation. Using cryptographic checksums and signatures adds another layer, ensuring that unauthorized entities cannot modify sensitive data.

Access Control: Just like a store owner compartmentalizes customers and staff, you need a way to control who goes where on your device. Frameworks like SELinux provide fine-grained control over permissions, while alternatives such as AppArmor and Smack offer lightweight yet effective access control solutions.

Monitoring: Think of this like having CCTV and alarms for your device. After all, you can’t respond to an incident if you don’t even know it happened. Linux provides various monitoring tools such as ODP, eBPF, and inotify to help you monitor activity.  Regular analysis of logs and proactive measures contribute to timely detection and response to security incidents, offering an additional layer of protection.

5. Long-term maintenance

So, you’ve locked the doors, checked everyone’s ID on the way in, and set up a system of cameras and alarms. Your premise is safe forever, right?

Not quite. Your device also needs to be secure throughout its entire lifecycle. New vulnerabilities appear over time and scaling can bring with it fresh attack surfaces.

Security is not so much a decisive battle as it is an ongoing state of being.

Having a robust OTA solution, such as Mender, can make the difference between a static, vulnerable device and a living, secure one.

Frequent scanning for new common vulnerabilities and exposures (CVEs), combined with regular updates and patches, can protect your device against new threats while giving you the peace of mind you need to scale and evolve your product.

Need help with embedded security?
We can help

How will the Cyber Resilience Act affect things?

With great power comes great responsibility. Security is no longer optional, but will soon become a legal obligation thanks to the Cyber Resilience Act.

As Julien Bernet, Witekio’s Security Manager, explains,

“The CRA imposes four requirements on manufacturers: they must conduct a proper security risk assessment, implement security by design and by default, provide continuous security updates throughout the product’s lifecycle, and report security incidents promptly.”

This legislation categorizes products into different levels of criticality, indicating to what extent OEMs must access third-party support for their cybersecurity measures.

The CRA isn’t just best practice or industry guidance, as failure to comply after the grace period could result in steep fines. That said, there is no time like the present to start putting these principles into action even before the legalisation becomes mandatory.

Make Sure You Have a Good Safety Net

The key to any good Plan A is an even better Plan B.

“You should have a rescue system because there will always be something that goes wrong. It can be because of malicious actors, bad luck, or even as a result of project decisions.”, says Josef Josef Holzmayr, Mender’s Head of Developer Relations.

Deciding where to store your rescue system is crucial. While the boot partition is a common choice, specialized hardware or external storage with access controls may also be suitable.

Fortunately, Yocto provides a framework for constructing rescue systems. Multi-config builds offer flexibility and reproducibility, allowing manufacturers to tailor the rescue system to their specific needs.

Your rescue system should perform at least these three functions:

  • Tamper detection
  • Low-level access for service personnel
  • Data recovery systems

Encryption

No discussion of digital security is complete without mentioning encryption. With many IoT devices holding sensitive data, the obvious solution is to encrypt that data to make it harder for people to steal it or make use of what they steal.

You value your data, and that of your users, so why not extend that encryption to the roof files? Why not encrypt everything?! While this might sound sensible, it isn’t necessarily your best option.

“I don’t believe in root file system encryption. In 99% of cases, it’s just a checkbox that costs time and hinders engineering. What you need to care about is your application and your IP.”  said Josef.

Encrypting your entire root file system is like fortifying every room in your house, even the rarely used ones.

For device manufacturers navigating the security landscape, focus on the valuables—encrypt the critical components, such as secret or proprietary application data.

It’s security without unnecessary overhead, like having a high-tech safe for your most prized possessions.

Trust Handshakes and the Future of Personalization

The more functionality you build into your device, the more important it is to store and recall user preferences. In some use cases, these preferences may contain sensitive data that is for select eyes only. Imagine giving your device’s preferences a digital signature—a trust handshake ensuring only approved changes get the green light.

For device manufacturers seeking security hardening, signing user configurations is the next frontier.

This functionality is not as straightforward as it sounds, and there are several routes you could take to achieve this. But this complex topic is for a future webinar between Witekio and Mender, so sign up for our newsletter at the bottom of the page to stay up-to-date.

Final Thoughts 

Device security is complex. It is not enough to build a large wall and hide behind it. That wall needs watchtowers, guards, and a big moat in front! Oh, and a secret escape route is mandatory.

Working with Yocto can give you the tools you need to stay one step ahead, but the battle is ongoing. At Witekio, our commitment to a secure-by-design approach is unparalleled, and our partnerships with companies like Mender help us get the most from their tools to keep your device safe.

It’s no secret that we love Yocto, we are Yocto Gold Members after all, so there is nobody better to turn to for all your embedded security needs.

Secure your device with Witekio

On-Page Form
Patrick HADDAD - Copywriter
15 January 2024