Click here to view this message in a browser window.

Timesys embedded software development and security newsletter September 2021

Embedded Systems
A Timesys Deep Dive

June 2022


Cybersecurity in the news

Technical Advisory – Multiple Vulnerabilities in U-Boot

According to the NCC Group Research: "U-boot is a popular boot loader for embedded systems with implementations for a large number of architectures and prominent in most Linux based embedded systems such as ChromeOS and Android Devices. Two vulnerabilities were uncovered in the IP Defragmentation algorithm implemented in U-Boot, with the associated technical advisories below:

  • Technical Advisory – Hole Descriptor Overwrite in U-Boot IP Packet Defragmentation Leads to Arbitrary Out of Bounds Write Primitive (CVE-2022-30790)
  • Technical Advisory – Large buffer overflow leads to DoS in U-Boot IP Packet Defragmentation Code (CVE-2022-30552)”

Read the full article here:

Need more info on this vulnerability? Check it out here:


Want to stay ahead of threats? Lucky you: we launched the Timesys CVE Dashboard and update it weekly with details on the dangerous security vulnerabilities that could be affecting your device.

Take me to the CVE Dashboard

Recap: Embedded World 2022

All the latest security solutions in the Embedded World.

From June 21 to June 23, Timesys showcased the latest security solutions as a featured partner with our friends at STMicroelectronics and AWS at Embedded World in Nuremberg, Germany.

Missed Embedded World this year? Check out this video with Kamel Kholti, MPU Product Marketing Manager, showcasing how Vigiles enriches the STM32MP1 ecosystem and how Timesys,, and STMicroelectronics are bringing solutions that provide you the support and security you need to get to market faster. 

IoT Security Simplified with VigiShield Secure by Design

Why use PKCS#11?

PKCS#11 provides applications a platform independent manner of using keys securely and can also be configured to ensure the keys are never exposed to the application, hence vastly reducing the attack surface. For example, applications can request signing or encrypting data without ever needing to know the private keys.

For customers seeking enhanced security and key provisioning, VigiShield Secure by Design provides the core security features your device needs with an easy-to-understand, PSA certified, maintainable Yocto security layer. 

For more information about securing IoT device keys with PKCS#11, read our PKCS#11 with OP-TEE: Securing IoT device keys article in our blog library.


Learn More About VigiShield
Schedule a VigiShield Consultation



Coming Soon

API Toolkit updates to Vigiles, our purpose-built vulnerability management tool that adapts to your SDLC process.

This best-in-class vulnerability monitoring and remediation tool combines a curated CVE database, continuous security feed based on your SBOM, powerful filtering, and easy triage tools so you don’t get blindsided by vulnerabilities.

But at Timesys, we don't stop there. We've been listing to the customer requests and feedback and are working on augmenting the APIs so you can implement your own dashboards and filter notes and alerts based on what's most important to you. 

This module update will also:

  1. Integrate with your existing SDLC software through a python package for interacting with the Vigiles API so that users are able to write scripts or integrate Vigiles into their own tools.
  2. Include all the most common tasks available through command line prompts. This will enable users to perform tasks such as applying a patch for a CVE, conducting a test build, and fetching a comparison between scans before and after to attach to the internal bug tracker.
  3. And add a reference implementation for users using their own code to interact with the API, in order to compare results and translate segments into your language of choice.


Compare Vigiles Free, Prime, and Enterprise


Get in touch to discuss Vigiles Enterprise

Timesys in the news

Atul Bansal of TimeSys Talks Open-Source Software on TechVibe Radio.

On Sunday, June 26, Timesys CEO Atul Bansal joined TechVibe Radio host Jonathan Kersting at 6 AM to “geek out” about the importance of Cybersecurity, especially for connected devices.

If you missed the segment and would like to hear the inside secrets of how Timesys’ expertise, OEMs, ODMs, and design houses cut development costs and accelerate time-to-market for devices and IoT systems, check out the recording of the discussion on TechVibe’s archive.

Listen to the TechVibe Radio segment with Timesys

Learn with Timesys

Read up on embedded security with our latest blogs


DM-Verity Without an Initramfs

Learn how you can implement file system verification on your embedded system without the use of an initramfs. This can significantly save boot time and storage requirements in many situations.

Read the blog



Securing U-Boot: A Guide to Mitigating Common Attack Vectors

Learn about ways in which you can protect and secure U-Boot implementations on your embedded systems. This involves signed FIT images, environment protections, and serial console disablement methods.

Read the blog

Upcoming Events

Conferences Around the World You Don't Want to Miss


NXP Tech Day Irvine

Global Training Program

June 30, Irvine, CA

Join us for an insightful presentation: Secure by Design - Building Secure IoT Solutions.

Register To Attend


Security Vulnerability Management 101

Tool & Techniques to Monitor and Remediate Vulnerabilities in Your SBOM

July 21 @ 12 PM ET / 9 AM PT

In this monthly live webinar and Q&A session, you'll learn:

- Why you need to manage your open-source software risks 
- How to generate an accurate SBOM (Software Bills of Materials) and why it matters
- Tools and techniques to monitor and remediate vulnerabilities in your SBOM
- And much more!

Yes! I want to register for the live webinar and Q&A

Can't make it on July 21st? Reply to this email and we'll send you the event recording, or watch previous webinars here.

Timesys blog logo YouTube logo Linkedin logo Twitter logo  Facebook logo

Timesys, the Timesys logo, and Vigiles are trademarks or registered trademarks of Timesys Corporation. Linux is a registered trademark of Linus Torvalds in the United States and other countries. All other company and product names mentioned are trademarks and/or registered trademarks of their respective owners.

Copyright ©2022 Timesys Corporation
Our address is 1905 Blvd of the Allies, Pittsburgh, PA 15219, USA

If you do not wish to receive future Timesys Corporation email communications or would like to manage your communication preferences, click here.