Securing and Hardening Embedded Linux Devices - case study based on NXP i.MX6 Platform

Abstract

We have already gotten used to the fact software has become an integral part of almost every device we use. We are slowly getting used to our devices being interconnected with each other, controlling and monitoring crucial elements of our daily life and exchanging our private data. We are putting more and more trust in the embedded devices that are designed to help us out. Securing embedded devices was always a challenging task, but ubiquitous connectivity made it even much more important and difficult. As devices become smarter and highly interconnected there is more room for cybercriminals to exploit the system’s vulnerabilities to issue malicious control commands or create data breaches. The purpose of this paper is to describe the main security measures for protecting embedded Linux-based systems. It describes details of the implementation of a secure boot and a secure storage mechanism using embedded hardware features of NXP i.MX6 platform. In addition, the paper discusses methods for secure connection to the cloud and device provisioning with the support of TPM module. Overall, it provides practical guidelines on how to develop an embedded Linux device having security considerations in mind and summarizes the current state of knowledge on the topic.