Timesys announced a BSP Lifecycle Maintenance Service for embedded Linux products using NXP processors. The BSP service offers regular board support package release updates okys the Vigiles Prime security and management service.

Last June, Timesys launched a Vigiles security monitoring and management service with CVE (Common Vulnerabilities and Exposures) tracking for embedded Linux. Now, Timesys has teamed with NXP to provide a turnkey BSP Lifecycle Maintenance Service for updating NXP-based board support packages that includes a subscription to the highest Vigiles Prime tier.

BSP Lifecycle Maintenance Service CVE and test reports (left) and Vigiles summary report screen
(click images to enlarge)

The BSP Lifecycle Maintenance Service enables developers to offload software maintenance tasks of monitoring and triaging vulnerabilities and updating and patching software, says Timesys. The focus is on Yocto Project based stacks, and there is support for build systems including Buildroot, PetaLinux (Xilinx), and LTIB (Linux Target Image Builder). The BSP service also supports Timesys Factory, a build service available with its Yocto based LinuxLink development platform. Pittsburgh-based Timesys also offers a related TimeStorm IDE.

The BSP Lifecycle Maintenance Service provides:

• BSP updates for major software releases on the customer’s desired cadence, typically twice per year
• Subscription to NXP Vigiles Prime
• Minor kernel version updates when needed for security or bug fixes
• Userspace security patching and package updates via meta-timesys-security Yocto metalayer
• Targeted updates of only desired components
• Validation and testing of software on device hardware maintained in Timesys’ Board Farm
• One on-demand emergency security fix per year

Advantech ROM-5720

Although Vigiles was announced without mention of NXP support and the Vigiles product page does not mention the chipmaker, the NXP Vigiles Prime that Timesys refers to has its own product page on NXP’s website. So far, we have seen Vigiles offered by Advantech for its ROM-5720 SMARC and ROM-7720 Qseven modules based on NXP’s i.MX8M and i.MX8 QuadMax, respectively.

Vigiles Prime is the highest end tier of Vigiles. Compared to the Basic and Plus tiers, it adds patch notification features for the Linux Kernel and automatically generates recommended fixes based on identified CVEs specific to product components, “augmented by detailed version analysis and tracking across all branches.”

The free Basic version of Vigiles offers vulnerability monitoring for a single component list. Vigiles Plus, meanwhile, adds support for unlimited component lists. It also provides vulnerability management workspace “with collaboration tools for vulnerability analysis, triage and mitigation, advanced filtering based on CVE severity, detailed notifications, and advanced reporting tools,” says Timesys.

 
Further information

The BSP Lifecycle Maintenance Service appears to be available now at an undisclosed price for embedded Linux developers working on NXP-based products. More information may be found on Timesys’ announcement and product page (PDF), as well as NXP’s BSP Lifecycle Maintenance page.