Hardware-based
Protection
For our non-IT specialist readers: If a
single bit or parameter is changed – for
whatever reason – in a signed application, the signature is automatically voided.
Checking the signature makes sure that
the application has not been tampered
with and that it comes from an authorized
developer who alone has the right key.
License
Management
Wibu-Systems CodeMeter
IP Protection
CodeMeter
License Central
Integrity Protection
Wibu-Systems Basic Security
Security Profile for VxWorks
VxWorks 7 Core Platform
Signatures protect applications from tampering
and make sure they are from an authorized
source. In order to avoid the theft of intellectual property by means of reverse engineering,
software developers also need to encrypt their
code. This is also possible with Security Profile:
when setting up a new VxWorks project, an
AES key is created for encrypting all modules
and applications. The files protected in this
manner are distributed in encrypted form only,
while the right keys are kept at both the software vendor’s and on the embedded systems.
The Secure ELF loader decrypts the files in the
operating system only when an application is
launched. The necessary function is integrated
in VxWorks itself and needs no adjustments on
the part of the developers.
Secure Boot
Developers or plant engineers want to make
sure that their machines controls only use
software they have tested and approved and
that the controls cannot be tampered with.
This level of protection is already possible for
the software itself in the form of code signatures. Making sure that the operating system,
i.e. VxWorks, itself has not been manipulated
needs a secure boot function, which was
previously discussed in KEYnote issue 26.
Platforms that support UEFI (the successor
to the former BIOS) can make sure that only
approved and signed software is run from the
very first booting to the launching of individual applications. A key function of UEFI is its
support for secure booting: the bootloader
itself is checked, which launches only signed
firmware images to run