Linux based systems have a plethora of security related mechanisms: DM-Crypt, DM-Verity, Secure Boot, the new TEE sub-system, FScrypt and IMA are just a few examples. This talk will describe these the various systems and provide a practical walk through of how to mix and match these mechanisms and design them into a Linux based embedded system in order to strengthen the system resilience to various nefarious attacks, whether the system discussed is a mobile phone, a tablet, a network attached DVR, a router or an IOT hub in a way that makes maximum use of the sometime limited hardware resources of such systems.
Gilad Ben-Yossef is a principal software engineer working at Arm on upstream kernel security at large and Arm TrustZone CryptoCell support in particular. Gilad is the co-author of O’Reilly’s “Building Embedded Linux Systems” 2nd edition, co-founder of the Israeli FOSS NGO... Read More →