Security is one of the aspects of an embedded PC you don’t want to just tack on. It is one of the most important aspects, and good design has it as part of the development process from start to finish. Holding it off, or just tacking it on the system later down the line is a bad idea, as any flaws in security will be exploited by anyone with not-so friendly intentions.
If you’re looking to make an embedded system, you need to make the security as good as possible, and here are some tips.
- Watch your language.
- There are several languages and practices that are used in order to maintain security. MISRA-C/C++ are the one usually used in order to maintain industry standards. MISRA tends to be used quite a bit, so it is recommended to familiarize yourself with this, and the more common stuff.
- Signed and sealed.
- Online devices and software require updates every now and again. Obviously, the internet is full of things and people you may not need, like, or want in your embedded PC, so controlling what goes into it is imperative. Putting in a digital signature and accompanying that with an encryption in your firmware updates and keying your system to it will prevent it from just accepting any sort of software put into it.
- Validation is key.
- Hackers might try to put software into a system as it boots, which is why bootloaders were designed. These validate whatever’s in the ROM and checks that the code present in the RAM is really the code that should be present. There’s a lot of ways to make sure no one’s trying to slip something in via the start-up process, but a CRC validation is a good place to start.
- Get expert advice.
- One of the most common pieces of advice to any endeavour: call an expert. For something as important as security, expert opinion is very much worth the cost of getting it. With systems being so multi-aspect and complex, it’s unlikely to find an expert that’ll give you everything you want, but using what strengths are in the team is key to creating a system that’s as secure as possible. Smaller companies can go for consultancies or an outside company for expert advice, while larger ones can have one on payroll.