12-02, 16:10–16:40 (UTC), Room A
With the recent increase in security scrutiny, how do we leverage Yocto's extensibility and flexibility to streamline development and keep our products secure? This talk will focus on key security ideas and their implementation in Yocto for different stages of development.
In the early development stage, we will explore threat modelling to establish what types of attacks and/or vulnerabilities are of concern to Yocto's software supply chain. We will look at methods for generating reproducible and off-line builds to ensure that we can always build the same image, regardless of network connectivity or changes upstream.
In the pre-production stage, we will evaluate integration strategies for Yocto to handle image signing, key management infrastructure, and deployment.
Attendees will be able to use this example process as a springboard to customize their own security solutions for their specific systems.
Kevin Chau is a Senior Embedded Linux Engineer at Timesys Corporation where he works primarily on BSP and driver bringup. He recently has focused on integrating Yocto build systems with security tasks like secure boot and file system encryption.