Embedded Linux Security training

Master the security of embedded Linux systems, from secure boot and cryptography to TrustZone, filesystem encryption, vulnerability management, and secure updates, ensuring end-to-end platform security.

Course details

Icon from www.flaticon.com

Duration: 3 days / 24 hours (on-site) – 4 half days / 16 hours (on-line)
Agenda: on-site, on-line
Training materials: will be published shortly after the first private session taking place mid-May 2026
Written language: English
Available oral languages: English and French.

Types of sessions

Dates of public on-line sessions

Type	Dates	Time	Duration	Language	Expected trainer	Cost and registration
Embedded Linux security (agenda)	Jun 29, 30, Jul 1, 2, 2026 + extra session on Jul 3, 2026 if needed	14:00 – 18:00 (Paris, UTC+2) 08:00 AM – 12:00 PM (New York, UTC-4)	16 h	English	Mathieu Dubois-Briand	Discount: 899 EUR^* Regular: 999 EUR^* Register now
Embedded Linux security (agenda)	Jul 6, 7, 8, 9, 2026 + extra session on Jul 10, 2026 if needed	14:00 – 18:00 (Paris, UTC+2) 08:00 AM – 12:00 PM (New York, UTC-4)	16 h	English	Olivier Benjamin	Discount: 899 EUR^* Regular: 999 EUR^* Register now
Additional sessions at future dates will be announced progressively. We generally announce new sessions when existing ones are either full or already passed.

^*The price is excluding VAT. The online shop charges VAT, except for businesses outside of France if they provide valid company information at registration time. Businesses in France, and individuals registering by themselves must pay VAT.

The discount rate is applicable at the following conditions:

Booking at least 1 month prior to the training session start
Booking and payment made online using credit card
Limit of 6 seats per training session at the discount rate

If you are unable to register through our online shop, do not hesitate to contact us, we will be able to provide a training contract and offer alternative payment methods.

Registration on the online shop remains available until the session starts, subject to seat availability.

Target audience

This course targets companies and engineers who design, develop and produce embedded Linux systems that have cyber-security requirements.

At the end of this course, you will be familiar with all the concepts required to design, implement and maintain a secure embedded Linux product.

Objectives

Be able to understand the security and isolation mechanisms of modern embedded Linux systems: non-executable memory, address space randomization, privilege levels, mandatory and discretionary access control.
Be able to design and implement a secure boot chain, from the bootloader all the way to userspace, including dm-verity.
Be able to reason about cryptography, and implement secure key storage, using hardware or software HSM.
Be able to leverage ARM TrustZone technology (secure world, TF-A, OP-TEE) to isolate sensitive operations and develop Trusted Applications.
Be able to implement userland security mechanisms: Linux capabilities, namespaces, cgroups, SECCOMP, SELinux, and systemd hardening features.
Be able to set up filesystem encryption using dm-crypt and integrate it with secure key management through PKCS#11.
Be able to manage software vulnerabilities using CVE databases, generate and analyze Software Bills of Materials (SBoM), and understand compliance requirements including the Cyber Resilience Act.
Be able to design and deploy secure update mechanisms using A/B partitioning schemes and tools like RAUC or SWUpdate.
Be able to understand measured boot concepts and implement platform integrity verification using TPMs and IMA/EVM.

See the detailed agenda.

Training materials

The full training materials will be made freely available shortly after the first private session, which takes place mid-May 2026.

Practical labs

In our on-site courses, each lecture is followed by a practical lab done by the participant. The practical labs represent 50% to 60% of the whole course time. Labs are performed an embedded ARM board, the NXP i.MX93 FRDM, which is powered by the NXP i.MX93 ARM64 processor.. You will use it to implement all the security mechanisms presented during this course. This experience will be relevant regardless of the specific hardware platform you will be using in your own projects.

In our on-line courses, the practical labs are performed as live demonstrations by the trainer. Participants can ask questions at any time. Optionally, the participants who have access to the necessary hardware accessories can reproduce the labs by themselves.

Keep in mind that in any case our course is hardware-agnostic, and therefore it is relevant even if the target platform for your next project is not exactly the one used for the practicall labs during our course.

Prerequisites

Solid experience with the C programming language: participants must be familiar with the usage of complex data types and structures, pointers, function pointers, and the C pre-processor.
Knowledge and practice of UNIX or GNU/Linux commands: participants must be familiar with the Linux command line. Participants lacking experience on this topic should get trained by themselves, for example with our freely available on-line slides at https://bootlin.com/blog/command-line/
Minimal experience in embedded Linux development: participants should have a minimal understanding of the architecture of embedded Linux systems: role of the Linux kernel vs. user-space, development of Linux user-space applications in C. Following Bootlin’s Embedded Linux course allows to fulfill this pre-requisite.
Minimal English language level: B1, according to the Common European Framework of References for Languages, for our sessions in English. See the CEFR grid for self-evaluation.

Hardware requirements

For on-line courses:
- Computer with the operating system of your choice, with the Google Chrome or Chromium browser for videoconferencing.
- Webcam and microphone, from an audio headset
- High speed access to the Internet
- Optionally: the hardware accessories needed for the practical labs, if you want to reproduce the practical labs by yourself. Note that this is not mandatory: you can follow the course without those hardware accessories, as the trainer will perform the practical labs as live demonstrations.
For on-site courses:
- Training room
- Video projector
- One recent PC computer for each desk (1 or 2 persons) installed with Linux. See the training agenda for detailed requirements.
- Unfiltered and fast connection to the Internet
- Bootlin provides the hardware accessories for the practical labs for the duration of the course

By the way, you can also see evaluations from previous sessions. In the same way we are transparent with our training materials, we share all the evaluations that we collect, not only the best ones.