VigiShield Secure by Design: Security Feature Implementation

VIGISHIELD

Software Details

Select a section:

Features

Prevent Firmware Tampering: Secure Boot / Chain of Trust

  • Ensure that your device is not running tampered software by verifying its authenticity before execution. Establish software authenticity all the way from the bootloader to user applications by implementing:
    • Verified bootloader (NXP i.MX / QorIQ) integrated with Yocto, Buildroot and more
    • Linux kernel verification (FIT image, SoC specific mechanisms)
    • Root filesystem verification (dm-verity, FIT image)

Keep Your IP and User Information Safe: Device Encryption and Secure Storage

  • You can protect IP and sensitive user information by encrypting data/software. It is also critical to protect the key used for encryption using a secure storage mechanism. Additionally, software that handles confidential data should run from within a hardware/software-isolated environment. We provide:
    • Anti-cloning (IP and data protection)
    • Key management and secure key storage
    • Data protection using encryption — In use, in motion and at rest
    • Trusted platform module (TPM)
    • Device identity and authentication

Keep Your Updates Safe: Secure Software Updates

  • Our solution provides a mechanism to update/deploy software securely and deny unauthorized software installs. We provide:
    • Over-the-air (OTA) updates of the software on your embedded system
    • Package updates
    • Full OS updates
    • Signing of packages and images
    • Server authentication
    • Prevention of unauthorized rollback

Keep Your Data In Transit Secure: Secure Communication

  • Ensure the connection from the device to the cloud and/or any external devices is protected. VigiShield secures device communication:
    • Authenticated and encrypted connections
    • Protection of device certificates/keys
    • Use advanced ciphers

Keep a Paper Trail: Security Audit Logs

  • Record any runtime security violations/breaches on the target system. VigiShield has:
    • Encrypted audit logs with user authentication
    • Customizable policies for recording security incidents

Lock It Down: Hardening

  • Our Linux kernel hardening service focuses on system configurations needed to reduce your product’s attack surface, decrease risk of compromise, and minimize breach impacts including:
    • Access and authorization
    • Vulnerabilities
    • Logging of all user access
    • Logging of access level changes by any program
    • Disabling unused services and ports
    • Addressing issues from penetration testing reports
    • Security-oriented configurations for packages and kernel

Know Where Your Software Comes From and Stay Resilient: Software Supply Chain Security

  • VigiShield Secure by Design helps you gain visibility into your software supply chain and secure it by:
    • Choosing the right open source software
    • Implementing end-to-end framework for supply chain integrity
    • End-to end-review of system security
    • SBOM and vulnerability report

Benefits - Security Simplified

    • Faster Time to Market - Help implement internal cybersecurity requirements or meeting industry standards and compliance
    • Certified, Optimized, No Vendor Locking - Open-source yocto layer implementing optimized technologies that are independently verified and certified
    • Avoid Production Delays by Securing Your Software Supply Chain - Avoid rework and cost overruns that come with deploying security too late in design
    • Reduce the Attack Surface of Your Device - Improve the security posture of your device by auditing, hardening, optimizing your software footprint and implementing secure boot and chain of trust
    • Flexible - Customizable to your platform

Support

What do you need help with?