This is the code repository for The Embedded Linux Security Handbook, First Edition, published by Packt.
Matt St. Onge
As embedded Linux systems power countless devices in our daily lives, and they’ve become prime targets for cyberattacks. In this in-depth guide to safeguarding your Linux devices, the author leverages his 30+ years of technology experience to help you mitigate the risks associated with hardware and software vulnerabilities. This book introduces you to the world of embedded systems, the brains behind your everyday appliances. It takes you through the different types of embedded systems, their uses, and the platforms they run on, while addressing their unique security challenges and support considerations. You’ll learn to build a successful, secure, and user-friendly solution by exploring the critical hardware and software components that form the foundation of a secure appliance. We won't forget the human element either; you'll find out how to configure your system to prevent user errors and maintain its integrity. The book lets you put your newfound knowledge into action, guiding you through designing a robust build chain that supports the entire life cycle of your appliance solution, enabling seamless updates without your direct involvement. By the end of this book, you’ll be able to adapt your appliance to the ever-evolving threat landscape, ensuring its continued security and functionality in real-world conditions.
- Understand how to determine the optimal hardware platform based on design criteria
- Recognize the importance of security by design in embedded systems
- Implement advanced security measures such as TPM, LUKS encryption, and secure boot processes
- Discover best practices for secure life cycle management, including appliance update and upgrade mechanisms
- Create a secure software supply chain efficiently
- Implement childproofing by controlling access and resources on the appliance
- Welcome to the Cyber Security Landscape
- Security Starts at the Design Table
- Applying Design Requirements Criteria - Hardware Selection
- Applying Design Requirements Criteria - the Operating System
- Basic Needs in My Build Chain
- Disk Encryption
- The Trusted Platform Module
- Boot, BIOS, and Firmware Security
- Image-Based Deployments
- Childproofing the Solution: Protection from the End-User and Their Environment
- Knowing the Threat Landscape -Staying Informed
- Are My Devices' Communications and Interactions Secure?
- Applying Government Security Standards - System Hardening
- Customer and Community Feedback Loops
In order to get the most out of this book, it is assumed that the reader has some prior experience in Linux systems administration or experience as a user of Linux systems. Many of the concepts in this book are extremely advanced. The lessons in this book combined with your existing knowledge should catapult you to a level of mastery of not only understanding the internals of Linux systems but also building products based upon Linux. There are numerous hands-on exercises in this book to enhance the learning activities. Should you choose to follow along with these exercises, the author recommends having at least two PC-grade systems with a minimum of 16 GB of RAM and 1 TB of storage each for best results.
Matt St. Onge, with over 30 years of technology experience, has been a longtime advocate, engineer, and thought leader in the Linux and Open Source industry. He's spent the past decade helping product teams design, prototype and then build more secure and resilient embedded Linux systems across North America and globally during his tenure at Red Hat. Some of Matt's other career position highlights are director of presales engineering, Principal Architect, owner of a consulting company, and US Army veteran. Matt has been an active contributor to Open Source as well. His recent contributions can be publicly accessed freely via GitHub.