The class 2.4. »Embedded Linux Security Exercised on the Secure Platform GyroidOS« provides an overview of how Linux can be used on embedded devices to meet specific security-related certification requirements (e.g., IEC 62443, Common Criteria).
The focus is on the security mechanisms provided by the Linux kernel.
In addition, mechanisms for protecting the integrity of code and data, such as Secure and Measured boot, are also covered and underpinned with theoretical fundamentals.
Supporting security measures implemented in boot loaders, Unified Extensible Firmware Interfaces (UEFIs), and U-Boots using trust anchors in hardware such as Trusted Platform Modules (TPMs) or Secure Elements are also highlighted.
In addition to the theoretical background, we also provide practical insights into the implementation and usage of those mechanisms based on the open-source software GyroidOS. GyroidOS is a multi-arch OS-level virtualization solution with a focus on platform security based on hardware features.
The introductory discussion is followed by a practical session on deployment and usage of GyroidOS and the security techniques presented on an ARM-based hardware platform.
(Please note that this course does not cover network security, e.g., firewall configuration, and Linux security in the user space.)
The focus of the course is on platform security and the Linux kernel.
Course objectives: Participants will learn about the mechanisms of the Linux kernel and supporting methods from the areas of hardware and bootloaders that they can use to build a secure Linux-based embedded system. They will also learn how GyroidOS can be used as the basis for a secure platform with its own services.
Speaker: Dr. Michael Weiß, Felix Wruck, Johannes Wiesböck, Maximilian Peisl
Fraunhofer Institute for Applied and Integrated Security 