P R O D U C T
CodeMeter Security and VxWorks 7
Powering more than 1.5 billion embedded devices, VxWorks is the world’s most popular real-time operating
system. The users of VxWorks are increasingly interested in security measures that are quick and simple to
integrate. CodeMeter technology is compatible with the VxWorks development environment and the operating
system itself. With VxWorks 7, using modern security protection technology is even easier.
The constant stream of news about security
exploits and industrial espionage is powering
a new demand for embedded systems that
are designed to be inherently secure without
relying on external protection systems like
firewalls or VPNs. Mechanical engineers
would call such devices intrinsically secure.
Devices without significant security capabilities will find fewer and fewer buyers in
the foreseeable future. At the same time,
the developers of applications that run on
embedded systems want to protect their
intellectual property (IP). The security solutions should allow maximum protection with
minimum effort. After all, not every user is
also an expert cryptographer. The needs of
both target groups – the developers and
plant engineers, and the users and operators
– were considered in the design of the new
Security Profile for VxWorks 7.
To make it easier for end users to work
with cryptographically protected software
and secure boot procedures, Wind River has
8
teamed up with Wibu-Systems to include
Wibu-Systems’ technology in Security Profile
for VxWorks. The profile is being sold by Wind
River and can be used as a plug-in for developers’ workbenches. In addition to Wind
River-developed features, it includes tried
and tested components from Wibu-Systems
that have been part of VxWorks since version
6.8. The operating system image, the kernel
modules, and the applications are still
encrypted by ExProtector. ExProtector and the
CodeMeter Embedded driver (now as Version
1.7) are both part of Security Profile package.
The difference is that Security Profile works
without CodeMeter Dongles or computer-specific licenses. The protection is purely
software-based, but embedded deep in
the VxWorks kernel. The solution therefore
complies with two essential security requirements: integrity and know-how protection.
The integrity of the individual software
components is protected by cryptographic signatures. The VxWorks development
environment includes its own certification
authority (CA) that produces, signs, and
manages the required certificates. The software vendor can provide a certificate for
every developer involved in the project, which
identifies the developer and determines
his or her permissions. Even in large-scale
projects, this makes sure that only named
developers have the right to modify kernel
modules or generate new VxWorks images.
Every developer signs off his or her work
with a personal certificate. When the finished
software is run on an embedded system, the
Secure ELF (Executable and Linkable Format)
loader checks the chain of certificates immediately in the operating system to establish
whether the signatures are valid. If this is not
the case, the application will not run.