BG Network's Embedded Security Software Architecture (ESSA), a collection of scripts, recipes, configurations, and documentation for Linux, enhances cybersecurity for IoT devices, including secure boot, encryption and/or authentication. The ESSA enables engineers to extend a hardware root of trust to secure U-Boot, the Linux kernel, and applications in the root file system.
To provide strong cybersecurity without compromising performance or functionality, this architecture leverages:
- In-silicon cryptographic accelerators and secure memory
- Linux security features
The ESSA is Linux based and when used in conjunction with the SAT will support:
- Hardware root of trust extended to the rootfs and software application layer Configuration of Linux Device Mapper (DM) cryptographic functions.
- Use of AES-XTS and HMAC-SHA256 cryptographic algorithms.
- Root of trust extended to Linux userspace.
The following board is the only board tested in this release.
- NXP's i.MX 6 UltraLite Evaluation Kit (imx6ulevk) - i.MX 6 UltraLite EVK
See the Quick Start Guide for instructions of building core image and for a quick demo of DM-Crypt with CAAM's black key.
To know more about the BG Networks ESSA and its potential capabilities, contact BG Networks.
To contribute to the development of this BSP and/or submit patches for new boards please feel free to create pull requests.