The Embedded Linux Security Handbook: Fortify your embedded Linux systems from design to deployment

Written by Linux and open-source expert Matt St. Onge, this definitive guide helps you build and secure Linux-based appliances capable of withstanding the latest cyber threats

"In the face of growing cybersecurity threats, this book by Matt St. Onge fills a critical gap by providing a comprehensive guide to Linux security tailored for those who build and maintain embedded Linux systems or appliances."- Rama Krishnan, Senior Director of Engineering, Veritas Technologies
All formats include a free PDF and an invitation to the Embedded System Professionals community
Book Description

As embedded Linux systems power countless devices in our daily lives, they’ve become prime targets for cyberattacks. In this in-depth guide to safeguarding your Linux devices, the author leverages his 30+ years of technology experience to help you mitigate the risks associated with hardware and software vulnerabilities.

This book introduces you to the world of embedded systems, the brains behind your everyday appliances. It takes you through the different types of embedded systems, their uses, and the platforms they run on while addressing their unique security challenges and support considerations. You’ll learn to build a successful, secure, and user-friendly solution by exploring the critical hardware and software components that form the foundation of a secure appliance. We won't forget the human element either; you'll find out how to configure your system to prevent user errors and maintain its integrity. The book lets you put your newfound knowledge into action, guiding you through designing a robust build chain that supports the entire life cycle of your appliance solution, enabling seamless updates without your direct involvement.

By the end of this book, you’ll be able to adapt your appliance to the ever-evolving threat landscape, ensuring its continued security and functionality in real-world conditions.
What you will learn

Understand how to determine the optimal hardware platform based on design criteria
Recognize the importance of security by design in embedded systems
Implement advanced security measures such as TPM, LUKS encryption, and secure boot processes
Discover best practices for secure life cycle management, including appliance update and upgrade mechanisms
Create a secure software supply chain efficiently
Implement childproofing by controlling access and resources on the appliance

Who this book is for

This book helps embedded systems professionals, embedded software engineers, and Linux security professionals gain the skills needed to address critical security requirements during the design, development, and testing of software for embedded systems. If you’re a product manager or architect, this book will teach you how to identify and integrate essential security features based on the specific platforms and their intended users.
Table of Contents

Welcome to the Cyber Security Landscape
Security Starts at the Design Table
Applying Design Requirements Criteria - Hardware Selection
Applying Design Requirements Criteria - The Operating System
Basic Needs in my Build Chain
Trusted Platform Module
Disk Encryption
Boot, BIOS, and Firmware Security
RPM-OSTREE and the Immutable Operating System
Child-proofing the solution - protecting the device from the End-User & their environment
Knowing the threat landscape - staying informed
Are my devices' communications and interactions secure?
Applying Government Security Standards - Systems Hardening
Customer & Community feedback loops help keep your solution secure