http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2013/Abstracts/Safford&feed=atom&action=historyLinux Security Summit 2013/Abstracts/Safford - Revision history2024-03-29T06:50:34ZRevision history for this page on the wikiMediaWiki 1.36.1http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2013/Abstracts/Safford&diff=3468&oldid=prevJamesMorris: New page: == Title == Embedded Linux Security == Presenter == David Safford, IBM == Abstract == Linux is in widespread use in embedded devices, but these devices typically lack critical securit...2013-08-02T05:30:50Z<p>New page: == Title == Embedded Linux Security == Presenter == David Safford, IBM == Abstract == Linux is in widespread use in embedded devices, but these devices typically lack critical securit...</p>
<p><b>New page</b></p><div>== Title ==<br />
<br />
Embedded Linux Security<br />
<br />
== Presenter ==<br />
<br />
David Safford, IBM<br />
<br />
== Abstract ==<br />
<br />
Linux is in widespread use in embedded devices, but these devices<br />
typically lack critical security features found in higher-end Linux<br />
systems. They typically do not have any way to validate their<br />
firmware, they do not have hardware roots of trust for trusted or<br />
secure boot, they do not have provisions for physical presence, and<br />
they do not have secure update. Vendors claim that these features<br />
are either too large, or too expensive to fit in their embedded<br />
devices.<br />
<br />
This presentation will summarize the recent widespread vulnerabilities<br />
and compromises of embedded devices, and will show how the given<br />
security features would defeat such attacks, relating the concepts to<br />
the NIST SP800 guidelines for BIOS measurement and protection, and to<br />
the ongoing work on Linux secure boot for higher end devices.<br />
<br />
It will look at four typical embedded devices, will show how all of<br />
these features can be added at _zero_ cost, and will give a live<br />
demonstration of the added security features on one such device - a<br />
TP-Link MR3020.<br />
<br />
As a bonus, the presentation will show how the same techniques can be<br />
used to fix the restricted boot of the Samsung Arm Chromebook, with<br />
physical presence enablement for updating the secure boot public key.</div>JamesMorris