Axis C1410 Mk II User Manual page 41

AXIS C1410 Mk II Network Mini Speaker
Learn more
cryptographic computing modules (secure element and TPM) and SoC security (TEE and secure boot), combined with expertise in
edge device security.
Signed firmware
Signed firmware is implemented by the software vendor signing the firmware image with a private key. When a firmware has this
signature attached to it, a device will validate the firmware before accepting to install it. If the device detects that the firmware
integrity is compromised, the firmware upgrade will be rejected.
Secure boot
Secure boot is a boot process that consists of an unbroken chain of cryptographically validated software, starting in immutable
memory (boot ROM). Being based on the use of signed firmware, secure boot ensures that a device can boot only with authorized
firmware.
Secure keystore
A tamper-protected environment for the protection of private keys and secure execution of cryptographic operations. It prevents
unauthorized access and malicious extraction in the event of a security breach. Depending on security requirements, an Axis device
can have either one or multiple hardware-based cryptographic computing modules, which provide a hardware-protected secure
keystore. Depending on security requirements, an Axis device can have either one or multiple hardware-based cryptographic
computing modules, like a TPM 2.0 (Trusted Platform Module) or a secure element, and/or a TEE (Trusted Execution Environment),
which provide a hardware-protected secure keystore. Furthermore, selected Axis products feature a FIPS 140-2 Level 2-certified
secure keystore.
Axis device ID
Being able to verify the origin of the device is key to establishing trust in the device identity. During production, devices with
Axis Edge Vault are assigned a unique, factory-provisioned, and IEEE 802.1AR-compliant Axis device ID certificate. This works
like a passport to prove the origin of the device. The device ID is securely and permanently stored in the secure keystore as a
certificate signed by Axis root certificate. The device ID can be leveraged by the customer's IT infrastructure for automated secure
device onboarding and secure device identification
Encrypted file system
The secure keystore prevents the malicious exfiltration of information and prevents configuration tampering by enforcing strong
encryption upon the file system. This ensures no data stored in the file system can be extracted or tampered with when the device is
not in use, unauthenticated access to the device is achieved and/or the Axis device is stolen. During the secure boot process, the
read-write filesystem is decrypted and can be mounted and used by the Axis device.
To learn more about the cybersecurity features in Axis devices, go to axis.com/learning/white-papers and search for cybersecurity.
Axis security notification service
Axis provides a notification service with information about vulnerability and other security related matters for Axis devices. To receive
notifications, you can subscribe at axis.com/security-notification-service.
Vulnerability management
To minimize customers' risk of exposure, Axis, as a Common Vulnerability and Exposures (CVE) numbering authority (CNA), follows
industry standards to manage and respond to discovered vulnerabilities in our devices, software, and services. For more information
about Axis vulnerability management policy, how to report vulnerabilities, already disclosed vulnerabilities, and corresponding
security advisories, see axis.com/vulnerability-management.
Secure operation of Axis devices
Axis devices with factory default settings are pre-configured with secure default protection mechanisms. We recommend using more
security configuration when installing the device. To find out more about Axis hardening guides and other cyber security related
documentation, go to axis.com/support/cybersecurity/resources.
41