VigiShield Secure by Design: Security Feature Implementation



Prevent Firmware Tampering: Secure Boot / Chain of Trust

  • Ensure that your device is not running tampered software by verifying its authenticity before execution. Establish software authenticity all the way from the bootloader to user applications by implementing:
    • Verified bootloader (NXP i.MX / QorIQ) integrated with Yocto, Buildroot and more
    • Linux kernel verification (FIT image, SoC specific mechanisms)
    • Root filesystem verification (dm-verity, FIT image)

Keep Your IP and User Information Safe: Device Encryption and Secure Storage

  • You can protect IP and sensitive user information by encrypting data/software. It is also critical to protect the key used for encryption using a secure storage mechanism. Additionally, software that handles confidential data should run from within a hardware/software-isolated environment. We provide:
    • Anti-cloning (IP and data protection)
    • Key management and secure key storage
    • Data protection using encryption — In use, in motion and at rest
    • Trusted platform module (TPM)
    • Device identity and authentication

Keep Your Updates Safe: Secure Software Updates

  • Our solution provides a mechanism to update/deploy software securely and deny unauthorized software installs. We provide:
    • Over-the-air (OTA) updates of the software on your embedded system
    • Package updates
    • Full OS updates
    • Signing of packages and images
    • Server authentication
    • Prevention of unauthorized rollback

Keep Your Data In Transit Secure: Secure Communication

  • Ensure the connection from the device to the cloud and/or any external devices is protected. VigiShield secures device communication:
    • Authenticated and encrypted connections
    • Protection of device certificates/keys
    • Use advanced ciphers

Keep a Paper Trail: Security Audit Logs

  • Record any runtime security violations/breaches on the target system. VigiShield has:
    • Encrypted audit logs with user authentication
    • Customizable policies for recording security incidents

Lock It Down: Hardening

  • Our Linux kernel hardening service focuses on system configurations needed to reduce your product’s attack surface, decrease risk of compromise, and minimize breach impacts including:
    • Access and authorization
    • Vulnerabilities
    • Logging of all user access
    • Logging of access level changes by any program
    • Disabling unused services and ports
    • Addressing issues from penetration testing reports
    • Security-oriented configurations for packages and kernel

Know Where Your Software Comes From and Stay Resilient: Software Supply Chain Security

  • VigiShield Secure by Design helps you gain visibility into your software supply chain and secure it by:
    • Choosing the right open source software
    • Implementing end-to-end framework for supply chain integrity
    • End-to end-review of system security
    • SBOM and vulnerability report

VigiShield Add-Ons

  • Yocto/BSP and Security Customizations to address issues from penetration testing reports, integration with device management / IoT cloud services and more
  • Out-of-the-box Container Support that ensures app containers can run on different hardware and OS platforms and be updated without needing to update the base OS
  • Security Training to refine your security requirements or help integrating our solutions into your processes
  • Trusted Applications for Secure OSthat ensures sensitive data is never exposed and vastly reduces the attack surface of your applications
  • Code-Signing Key Protection that ensures your keys are never exposed outside of Hardware Security Modules (HSMs) by storing the code signing key on HSMs and requiring the build system to request signing using a PKCS#11 interface
  • Secure manufacturing assistance to help integrate your custom or third party solutions for securely storing device certificates
  • Manufacturing Protection for i.MX8 and i.MX9 to help you securely build devices at contract manufacturing facilities and prevent counterfeit attempts
  • Long Term Linux OS security and BSP maintenance subscription service that provides long-term security updates and maintenance of your Linux OS
  • System Security Audit and Review to help you determine what potential threats your system might encounter and what should be secured