cybersecurity
Latest posts
Fundamental Definitions of the Cyber Resilience Act
The definitions for making available on the market, placing on the market, intended purpose and substantial modification are crucial for understanding the CRA. The CRA, Blue Guide and Commission guidance interpret them differently. I am trying to sort out this mess.
Running Wayland Clients as Non-Root Users
Many embedded Linux systems use a Wayland compositor like Weston for window management. Qt applications act as Wayland clients. Weston composes the windows of the Qt applications into a single window and displays it on a screen. I still have
EU CRA: Start, Length and End of Support Period
Manufacturers must provide security updates during the support period plus 10 years. The length is calculated from average lifetime, component availability and other criteria. The support period starts when the product is placed on the market.
EU CRA: Essential Requirements Related to Vulnerability Handling
The eight requirements define how the manufacturer's process for vulnerability handling must look. They include identifying, addressing and publishing of vulnerabilities as well as timely security updates and generating an SBoM. The post gives practical examples how to do this.
EU CRA: Essential Requirements Related to Product Properties
Embedded systems must satisfy the 13 essential product properties like confidentiality, integrity, availability and access control. Otherwise, they violate the CRA and must not be placed on the market. The post illustrates the product properties with many practical examples.
Crowdstrike: How Not to Do OTA Updates
Episode 54: Better Built By Burkhard
Updating U-Boot with an A/B Strategy
By default, eMMC storage comes with two boot partitions. Two partitions enable an A/B strategy for U-Boot updates. Moreover, U-Boot can automatically start from the other partition, if the first is corrupt or empty.