Learn basics of secure embedded development using a step-by-step approach, with examples using the Yocto Project.
Audience : Embedded developers, system architects and project managers developing embedded systems using Linux with the Yocto Project.
Course objectives :
- Learn best practices for embedded systems design
- Understand the CVE (Common Vulnerabilities and Exposures) system and related databases, know how to use them with YP ; Understand their limitations
- Understand the SBOM (Software Bill of Materials) generation and usage
- Learn basic methods of hardening an embedded Linux distribution based on the Yocto Project
- Know main methods of hardening the build system with GCC
- Know main methods of hardening the Linux kernel
- Manage permissions in a system, create additional users and launch processes as specific users
- Gain a critical regard of configuration and development practices in regard to security practices of embedded system
- Know how to use tools inside and outside the system to audit security of an embedded distribution
- Be able to choose layers and packages with security principles in mind
- Be able to propose improvements of security practices and argument about them
Duration : 5 days
Format :
- Online with instructor-led lectures and question-and-answer sessions (at fixed time, two or three sessions per day)
- Remote lab (build and qemu images) using a prepared environment for each participant during the session and one week afterwards ; with a possibility to download a copy of the environment for further learning
- Practical assignments for topic covered
- Instant messaging with the instructor, teaching assistants and other participants
- Example layers, scripts and solutions for each exercise
- Replays of all instructor-lead sessions
Languages : training materials in English. Instructions available in English and French.
Pre-requirements
- Basic knowledge of the Yocto Project : building an image, modifying a recipe with a .bbappend file, running an image with qemu
- Basic knowledge of Unix/Linux systems : participants should be able to perform basic operations using the command line : modifying, copying and moving files, accessing remote systems using ssh, troubleshooting
- Basic programming skills on at least one of the programming languages used by the YP : Python (recommended), shell etc
Required equipment :
- A computer with Internet access allowing SSH and videoconferencing (Jitsi)
- A camera (recommended) and a microphone for videoconferences
About the instructor
- Enrollment in this course closed on 08/31/2024.