Course Content
Section outline
-
Session 1: Overview of System Security
- Classification of Security Attacks
- Chain of Trust & Root of Trust
Session 2: Boot Chain Security
- Low-Level Boot Process
- Booting from SD/MMC
- Trusted Boot Chain
Session 3: Hands-on Lab – Booting the Platform with Pre-built Images
Session 4: Discussion & Security Threat Analysis
-
Session 5: Secure Boot
- Secure Boot Concept
- Key Management & Encryption Techniques
- Hardware Features for Secure Booting
Session 6: Bootloaders for Secure Booting
- U-Boot for Secure Booting
- Configuration Options for Securing Boot Process
- Trusted Execution Environment (TEE) Overview
- Signing U-Boot & Arm Trusted Firmware (ATF)
Session 7: Hands-on Lab – Generating Keys for Platform Encryption & Signing U-Boot
Session 8: Deploying Secure Boot with U-Boot & ATF
-
Session 9: Secure Kernel
- Configuring Security Features in the Kernel
- Flattened Image Tree (FIT) Kernel Image
Session 10: Securing the Root Filesystem
- Root Filesystem Hardening
- Read-Only RootFS for Security
- Encrypting Images
Session 11: Data Encryption Methods
- Full Disk Encryption (LUKS, TrueCrypt, VeraCrypt)
- File-Based Encryption (FBE)
- Pros & Cons of Each Encryption Method
Session 12: Hands-on Lab – Implementing Various Encryption Techniques
-
Session 13: Open Portable Trusted Execution Environment (OP-TEE)
- Introduction to OP-TEE
- Key Features & Architecture
- OP-TEE Build & Deployment
Session 14: SELinux – Security Enhanced Linux
- Overview of SELinux & Its Purpose
- Enabling SELinux in Embedded Linux Systems
- SELinux Contexts, Labels & User Roles
Session 15: SELinux Policies & Configuration
- Understanding SELinux Policies
- Creating & Managing SELinux Policies
- Policy Structure & Rule Enforcement
- SELinux Auditing, Logging & Troubleshooting
Session 16: Hands-on Lab – Configuring SELinux for Secure Kernel & User Space
