Embedded Linux was embedded, until it wasn't. Now Linux is used across a wide range of connected IoT and Edge devices that are connected to a variety of Public, Hybrid and Private clouds. An https connection and authentication to a cloud service simply ensures that device data is securely transmitted to the cloud. But how do we know that the device is, in fact, secure?
As cybersecurity becomes an increasingly important design consideration new challenges arise as devices are implemented with secure boot and hardware security elements and/or secure enclaves. Legal issues arise from the use of GPL software, and increasingly stringent worldwide legislation, including the proposed EU Cyber Resilience act that impacts a wide range of market segments from consumer to industrial. This requires new security measures to be present on all devices including secure boot, SBOM auditing and FOTA update capabilities.
This paper explores the challenges and best practices for implementation of Linux device security on current and new IoT and Edge products.