Login   |   1.866.392.4897 |   sales@timesys.com English Japanese German French Korean Chinese (Simplified) Chinese (Traditional)
Timesys VigiShield Secure by Design Security Services

Security Feature Implementation

VigiShield Secure by Design

Leverage our embedded device expertise to implement the core security features your device needs with an easy-to-understand, PSA certified, maintainable Yocto security layer.

Start the Conversation

What’s the key to managing device security?
Implement security early in its design.

In today’s heightened cyber threat environment, connected embedded systems for industrial controls, transportation, navigation, communications, aerospace, military applications, healthcare devices, logistics systems, and many others require uncompromising security at deployment and throughout their product lifecycles.

Need help implementing internal cybersecurity requirements or meeting industry standards?

Looking to collaborate with security experts to bring in best-in-class technologies to secure your devices?

Need help implementing internal cybersecurity requirements or meeting industry standards?

Looking to collaborate with security experts to bring in best-in-class technologies to secure your devices?

Take advantage of our embedded security expertise.

For more than 20 years, Timesys has been the industry’s trusted partner for secure embedded software design and development. We provide device makers and system developers with tools and services to accelerate time to market and develop more secure products.

What We Can Implement

Prevent Firmware Tampering

Secure Boot / Chain of Trust

Ensure your device is not running tampered software by verifying its authenticity before execution. Establish software authenticity all the way from the bootloader to user applications. Our secure boot/chain of trust services help implement:

  • Verified bootloader (NXP i.MX / QorIQ, Qualcomm Snapdragon, TI Sitara, Atmel SAMA5, Xilinx Zynq, NVIDIA® Jetson™, STM32MP1, Intel® x86 and Atom™, etc.) integrated with Yocto, Buildroot and more
  • Linux kernel verification (FIT image, SoC specific mechanisms)
  • Root filesystem verification (dm-verity, IMA/EVM, FIT image)
secure boot and chain of trust security implementation for embedded Linux
encryption and secure key storage services for embedded Linux

Keep Your IP and User Information Safe

Device Encryption and Secure Key Storage

You can protect IP and sensitive user information by encrypting data/software. It is also critical to protect the key used for encryption using a secure storage mechanism. Additionally, software that handles confidential data should run from within a hardware/software-isolated environment. We provide solutions and services that span:

  • Anti-cloning (IP and Data Protection)
  • Key management and secure key storage
  • Data protection using encryption — In use, in motion, and at rest
  • Trusted Platform Module (TPM)
  • Trusted Execution Environment (TEE) using Arm TrustZone and OP-TEE
  • Device identity and authentication

Keep Your Updates Safe

OTA Software Updates

Our security services can help you determine how to update/deploy software securely and deny unauthorized software installs. We can implement:

  • Over-the-air (OTA) updates of the software on your embedded system
  • Package updates
  • Full OS updates
  • Signing of packages and images
  • Server authentication
secure over-the-air updates implementation for embedded Linux
security audit service for embedded Linux

See Where You Stand

Security Audit

By performing a risk analysis, our audit services can help you determine what potential threats your system might encounter and what should be secured. Timesys’ security audits provide:

  • Detailed review of packages and default system configuration
  • Analysis of reports from audit and scanning tools
  • End-to end-review of system security
  • Risk management and recovery plan

Lock It Down


Our Linux kernel hardening service focuses on system configurations needed to reduce your product’s attack surface, decrease risk of compromise, and minimize breach impacts including:

  • Access and authorization
  • Vulnerabilities
  • Logging of all user access
  • Logging of access level changes by any program
  • Disabling unused services and ports
  • Addressing issues from penetration testing reports
  • Security-oriented configurations for packages and kernel
security hardening service for embedded Linux
secure your embedded Linux software supply chain

Know Where Your Software Comes From and Stay Resilient

Software Supply Chain Security

VigiShield Secure by Design helps you gain visibility into your software supply chain and secure it by:

  • Choosing the right open source software
  • Implementing end-to-end framework for supply chain integrity
  • End-to end-review of system security
  • Managing supply chain risks leveraging detailed SBOM

1100+ software projects completed for 300+ customers, worldwide

security services to help you reduce the attack surface of your embedded Linux device

Reduce the attack surface of your device

Improve the security posture of your device by auditing, hardening, optimizing your software footprint, and implementing secure boot and chain of trust.

security services that help you avoid productions delays

Avoid production delays by securing your software supply chain

Avoid the rework and cost overruns that come with deploying security too late in design. Leverage detailed SBOMs and an end-to-end framework to ensure the integrity of your software supply chain.

How It Works: Secure by Design Projects

Ready to get started? Our four-part process makes project management simple:

Scoping Phase

Scoping Phase
  • Questionnaire for requirement gathering
  • Statement of Work (SOW) for customization and add-on services
Development Phase

Development Phase
  • Execution and delivery per SOW
  • Integration and Testing on your custom hardware
Completion/Acceptance Phase

Acceptance Phase
  • Code and documentation delivery via shared private GitLab
Post-Delivery/Support Phase (Optional)

Post-Delivery/Support Phase (Optional)
  • Post-delivery handover training
  • Optional: Vigiles Cybersecurity Vulnerability Monitoring and Mitigation
  • Optional: Long-Term OS Maintenance engagement


Start the Conversation

Stop worrying about how you are going to find the engineering time and in-house expertise to give your product the professional architecture and security attention it needs.

See the impact of Secure by Design in action

Secure Boot in Industrial Welding
Case Study

Secure Boot in Industrial Welding

Timesys’ security expertise helps manufacturer of industrial welding products deliver a secure IoT gateway for its factory installed products

Read the Case Study


Establishing secure boot and chain of trust

Explore the “Secure by Design” approach to software security for embedded systems using NXP i.MX processors.

Watch the Webinar


Trusted Software Development Using OP-TEE

How end users can leverage open source software to safely deploy applications that require handling confidential information

Read the Blog