Security Feature Implementation
VigiShield Secure by Design
Leverage our embedded device expertise to implement the core security features your device needs with an easy-to-understand, PSA certified, maintainable Yocto security layer.
What’s the key to managing device security?
Implement security early in its design.
In today’s heightened cyber threat environment, connected embedded systems for industrial controls, transportation, navigation, communications, aerospace, military applications, healthcare devices, logistics systems, and many others require uncompromising security at deployment and throughout their product lifecycles.
Need help implementing internal cybersecurity requirements or meeting industry standards?
Looking to collaborate with security experts to bring in best-in-class technologies to secure your devices?
Need help implementing internal cybersecurity requirements or meeting industry standards?
Looking to collaborate with security experts to bring in best-in-class technologies to secure your devices?
Take advantage of our embedded security expertise.
For more than 20 years, Timesys has been the industry’s trusted partner for secure embedded software design and development. We provide device makers and system developers with tools and services to accelerate time to market and develop more secure products.
What We Can Implement
Prevent Firmware Tampering
Secure Boot / Chain of Trust
Ensure your device is not running tampered software by verifying its authenticity before execution. Establish software authenticity all the way from the bootloader to user applications. Our secure boot/chain of trust services help implement:
- Verified bootloader (NXP i.MX / QorIQ, Qualcomm Snapdragon, TI Sitara, Atmel SAMA5, Xilinx Zynq, NVIDIA® Jetson™, STM32MP1, Intel® x86 and Atom™, etc.) integrated with Yocto, Buildroot and more
- Linux kernel verification (FIT image, SoC specific mechanisms)
- Root filesystem verification (dm-verity, IMA/EVM, FIT image)
Keep Your IP and User Information Safe
Device Encryption and Secure Key Storage
You can protect IP and sensitive user information by encrypting data/software. It is also critical to protect the key used for encryption using a secure storage mechanism. Additionally, software that handles confidential data should run from within a hardware/software-isolated environment. We provide solutions and services that span:
- Anti-cloning (IP and Data Protection)
- Key management and secure key storage
- Data protection using encryption — In use, in motion, and at rest
- Trusted Platform Module (TPM)
- Trusted Execution Environment (TEE) using Arm TrustZone and OP-TEE
- Device identity and authentication
Keep Your Updates Safe
OTA Software Updates
Our security services can help you determine how to update/deploy software securely and deny unauthorized software installs. We can implement:
- Over-the-air (OTA) updates of the software on your embedded system
- Package updates
- Full OS updates
- Signing of packages and images
- Server authentication
See Where You Stand
Security Audit
By performing a risk analysis, our audit services can help you determine what potential threats your system might encounter and what should be secured. Timesys’ security audits provide:
- Detailed review of packages and default system configuration
- Analysis of reports from audit and scanning tools
- End-to end-review of system security
- Risk management and recovery plan
Lock It Down
Hardening
Our Linux kernel hardening service focuses on system configurations needed to reduce your product’s attack surface, decrease risk of compromise, and minimize breach impacts including:
- Access and authorization
- Vulnerabilities
- Logging of all user access
- Logging of access level changes by any program
- Disabling unused services and ports
- Addressing issues from penetration testing reports
- Security-oriented configurations for packages and kernel
Know Where Your Software Comes From and Stay Resilient
Software Supply Chain Security
VigiShield Secure by Design helps you gain visibility into your software supply chain and secure it by:
- Choosing the right open source software
- Implementing end-to-end framework for supply chain integrity
- End-to end-review of system security
- Managing supply chain risks leveraging detailed SBOM
1100+ software projects completed for 300+ customers, worldwide
Reduce the attack surface of your device
Improve the security posture of your device by auditing, hardening, optimizing your software footprint, and implementing secure boot and chain of trust.
Avoid production delays by securing your software supply chain
Avoid the rework and cost overruns that come with deploying security too late in design. Leverage detailed SBOMs and an end-to-end framework to ensure the integrity of your software supply chain.
How It Works: Secure by Design Projects
Ready to get started? Our four-part process makes project management simple:
Scoping Phase
- Questionnaire for requirement gathering
- Statement of Work (SOW) for customization and add-on services
Development Phase
- Execution and delivery per SOW
- Integration and Testing on your custom hardware
Completion/
Acceptance Phase
- Code and documentation delivery via shared private GitLab
Post-Delivery/Support Phase (Optional)
- Post-delivery handover training
- Optional: Vigiles Cybersecurity Vulnerability Monitoring and Mitigation
- Optional: Long-Term OS Maintenance engagement
SEE THE SOLUTION YOU NEED?
Start the Conversation
Stop worrying about how you are going to find the engineering time and in-house expertise to give your product the professional architecture and security attention it needs.
See the impact of Secure by Design in action
Case Study
Secure Boot in Industrial Welding
Timesys’ security expertise helps manufacturer of industrial welding products deliver a secure IoT gateway for its factory installed products
Webinar
Establishing secure boot and chain of trust
Explore the “Secure by Design” approach to software security for embedded systems using NXP i.MX processors.
Blog
Trusted Software Development Using OP-TEE
How end users can leverage open source software to safely deploy applications that require handling confidential information