Security

The Security add-on hardens AIM-Linux devices with secure boot chains, credential management, and encrypted communication. Learn more at AIM-Linux AddOn Security.

Core Capabilities

• Secure Boot & TPM – Enforce signed firmware with TPM 2.0 key storage and measured boot attestation.
• Disk Protection – Enable full-disk encryption (dm-crypt/LUKS) and secure key provisioning workflows.
• User & Service Hardening – Apply CIS-derived hardening presets, firewall rules, and login policies.
• Certificate & Secret Manager – Rotate X.509 certificates, API tokens, and DeviceOn credentials from a single interface.

Deployment Checklist

1. Provision device identities and keys during manufacturing using the secure factory tool.
2. Enable secure boot in U-Boot/BIOS and verify signatures during trial runs.
3. Apply hardening profiles suited for your vertical (industrial, medical, retail).
4. Monitor compliance status through DeviceOn or your SIEM via RESTful APIs.

Complementary Add-ons

• Pair with Launcher to ensure only verified boot assets load during startup.
• Combine with Management to automate patching and vulnerability mitigation.
• Use alongside Protocol to secure OT data flows with TLS and certificate pinning.

Resources

• AIM-Linux AddOn Security
• Secure Boot Guide