Login
Book a Meeting
Dojo Five Logo

Secure Boot – What Is It?

Lit up circuitry on transparent board

Secure Boot

Secure Boot is a security standard for devices used during the boot process to ensure only software that is created and trusted by the manufacture is executed. In the embedded world, this translates to preventing malicious code created by an outside source from running on your embedded project.

Past Experiences with Secure Boot

I have worked on embedded projects where the region of the processor’s internal flash that contained the application code was just assumed to be valid and would begin to be executed as soon as the processor was powered up. This is about as far as you can get from a Secure Boot, any malicious code that is programmed onto the processor’s internal flash at the correct address will be executed.

If you add a bootloader to your embedded project you now have the option of having the bootloader validate the integrity of the application code to verify that it is authentic before starting execution of the application. At first glance, this might seem like you are on the right track for a Secure Boot. This is where Root of Trust (RoT) comes into the equation.

Building a Trust Chain with RoT

The RoT is a fundamental security component which is used as the foundation for the Secure Boot process. Think of the RoT as the first stage that you know you can always trust to be authentic during the boot process. Once you have an RoT, you can start to build a trust chain. The trust chain is a set of downstream stages that have been validated by the RoT or by a stage that was validated by the RoT. In the example above, the bootloader would be the RoT as it is doing the determination on whether the application is authentic. The problem is how do you know that your RoT (bootloader) is authentic and has not been replaced by an attacker’s modified version? In this case, you don’t, and that’s the reason the bootloader example is not a Secure Boot.

One option for moving the RoT upstream in the boot process is to have an initial boot phase verify the authenticity of the bootloader by code stored in Read-Only Memory (ROM) that compares a hash of the bootloader to a hash programmed in the processor’s One Time Programmable (OTP) flash region during manufacturing. This initial boot phase is becoming a significant benefit when using security technologies like Arm Trust Zone, which is integrated into various Arm processor families. With the addition of the initial boot phase, the trust chain would be:

Initial Boot Phase (RoT) → Bootloader → Application

Wrap Up

Secure Boot will be critical if you are serious about protecting the integrity of your embedded system. Once a rock-solid RoT is established the embedded system will be able to detect when the trust chain is broken and prevent malicious code from being executed.

If you’d like to make sure your device is secure, reach out! At DojoFive, we have talented engineers on hand ready to help you with all aspects of your devops journey. We are always happy to help with interesting problems that need solving, from security audits to firmware development. You can reach out at any time on LinkedIn or through email!

Discover why Dojo Five EmbedOps is the embedded enterprise choice for build tool and test management.

Sign up to receive a free account to the EmbedOps platform and start building with confidence..

  • Connect a repo
  • Use Dev Containers with your Continuous Integration (CI) provider
  • Analyze memory usage
  • Integrate and visualize static analysis results
  • Perform Hardware-in-the-Loop (HIL) tests
  • Install the Command Line Interface for a developer-friendly experience
Sign up Today

Subscribe to our Monthly Newsletter

Subscribe to our monthly newsletter for development insights delivered straight to your inbox.

The Ultimate Guide to Modern Embedded Firmware Development​

From the smart devices in our homes to life-saving medical equipment, embedded systems are everywhere—and at the heart of each one lies embedded firmware. But as these systems become more powerful and connected, developing efficient, secure, and scalable firmware is more challenging than ever.

In thius conmprehensive guide, we dive into the latest tools, languages, and workflows reshaping embedded firmware development. Whether you’re wrestling with limited hardware resources, debugging complex systems, or scaling across multiple platforms, you’ll find practical strategies and expert insights to help you build better firmware–faster.

Read the full guide now

Interested in learning more?

Best-in-class embedded firmware content, resources and best practices

Laptop with some code on screen

I want to write my first embedded program. Where do I start?

The boom in the Internet of Things (IoT) commercial devices and hobbyist platforms like the Raspberry Pi and Arduino have created a lot of options, offering inexpensive platforms with easy to use development tools for creating embedded projects. You have a lot of options to choose from. An embedded development platform is typically a microcontroller chip mounted on a circuit board designed to show off its features. There are typically two types out there: there are inexpensive versions, sometimes called

Read More »
August 7, 2020
Medical device monitoring vitals

IEC-62304 Medical Device Software – Software Life Cycle Processes Primer – Part 1

IEC-62304 Software Lifecycle requires a lot of self-reflection to scrutinize and document your development processes. There is an endless pursuit of perfection when it comes to heavily regulated industries. How can you guarantee something will have zero defects? That’s a pretty hefty task. The regulatory approach for the medical device industry is process control. The concept essentially states that if you document how every step must be completed, and provide checks to show every step has been completed properly, you

Read More »
August 10, 2020
Operating room filled with medical devices

IEC-62304 Medical Device Software – Software Life Cycle Processes Primer – Part II

Part I provides some background to IEC-62304. Part II provides a slightly more in-depth look at some of the specifics. The IEC 62304 Medical Device Software – Software Lifecycle Processes looks into your development processes for creating and maintaining your software. The standard is available for purchase here. So what activities does the standard look at? Here are some of the major topics. For any given topic, there will be a lot more specifics. This will look at a few

Read More »
August 12, 2020