The Zephyr Developer Summit, hosted under the first-ever Embedded Open Source Summit in Prague, Czech Republic, on June 27-30 included presentations, BoFs, and training designed for real time problem solving and deep discussions. More than 1,300 people registered for the EOSS conference – representing 375 organizations across 56 countries around the globe. Zephyr had 75+ technical sessions (in-person and on-demand) for 3 tracks focused on users of Zephyr, developers contributing upstream, and maintainer-specific topics.
All of the videos from the Zephyr Developer Summit can be found on the Zephyr Youtube Channel. Each week, we’ll highlight a few videos in a blog for easy access. Today, we’re featuring a few popular sessions including: “The Zephyr Project Security Overview, Progress and Status,”Boot to Cloud Security Considerations with IoT,” and “Enhancing System Security by Integrating Zephyr Bootloader and MCUboot.”
The Zephyr Project Security Overview, Progress and Status – David Brown, Senior Engineer at Linaro, and Flavio Ceolin, Software Engineer at Intel
As more and more devices become connected, security of these devices is becoming more and more visible. With an increase in governmental standards regarding security of devices sold to consumers, the security of devices built using Zephyr is becoming ever more important. David and Flavio are the security chair, and architect for the Zephyr project. This talk will give an overview of our security journey, so far, what is being done now to improve the security of the project, and where we hope to go. The focus will be on the idea of a security vulnerability: what happens when a vulnerability is reported, how it gets fixed, tracked, and who is notified and when, ending with the public disclosure through the CVE system. Check out the PPT presentation here or watch the video below:
Boot to Cloud Security Considerations with IoT – Kevin Townsend, Technical Lead at Linaro
Designing secure IoT systems for resource-constrained embedded systems is a challenge, not because of the limited resources available, but because security needs to be considered from an end-to-end perspective. This means planning for:
- A secure boot and firmware update process
- The secure flow of data through the system
- How do I know the data is trustworthy and hasn’t been tampered with?
- How do I know that this comes from the device it claims to?
- How can I limit visibility of sensitive data?
Reliable device authentication – Secret management – Secure connectivity to public/private cloud servers Embedded developers can no longer limit themselves to one specific silo, and need to have basic skills and an understanding of the entire end-to-end, boot-to-cloud and security landscape to make the right design choices to produce a minimally secure system. This presentation tries to lay down some of those key requirements and design choices, and makes suggestions about best practices to follow based on open source software and open standards. This includes generating device-bound, storage-free private keys and UUIDs, mutual TLS, how to encode and transmit data securely and reliably, and bootstrap and X.509 certificate management requirements. Check out the PPT slides here or watch the video below:
Enhancing System Security by Integrating Zephyr Bootloader and MCUboot – Afzal Hasan, Associate Staff Engineer, Samsung Semiconductor India R&D Center, & Priya Dixit, Staff Engineer, Samsung Semiconductor India Research
This video will cover how integrating Zephyr Bootloader and MCUboot will enhance the system security. It will cover about Zephyr Bootloader which contains definition of bootloader and its role in system security, benefits of using Zephyr Bootloader for system security, techniques for implementing secure bootloader. It will also cover about MCUboot which contains introduction to MCUboot and its features, advantages of integrating MCUboot, techniques for implementing secure bootloader using MCUboot. We will explore about combining Zephyr Bootloader and MCUboot for system security. Synergies between Zephyr Bootloader and MCUboot, benefits of combining the two techniques for system security, best practices for implementing zephyr bootloader and MCUboot integration for system security and case studies of successful implementations of Zephyr Bootloader and MCUboot integration for system security. In conclusion, we will cover summary of key points, importance of enhancing system security in firmware development and future directions for research and development. Check out the PPT presentation here or watch the video below.
For more information about the 2024 event, stay tuned by subscribing to the Zephyr quarterly newsletter or connect with us on @ZephyrIoT, Zephyr Project LinkedIn or the Zephyr Discord Channel to talk with community and TSC members.