Secure boot in embedded systems

There is no surprise that the percentage of breaches involving end-user devices has doubled each year or that bad actors are shifting focus from desktop to mobile users and the internet of things (IoT). A bad actor that can alter, inject, or replace code on an IoT device might gain control of the system and from there they may be able to access sensitive data, cause disruption through denial of service, or use it as a foothold to attack other systems on the network. As a result, the need to prioritize security in embedded systems has never been more urgent and the secure boot of every embedded system is a key part of any security strategy.

What is secure boot for embedded systems?

When you switch on an IoT device it begins a boot process. The boot code executes on the device chip and in-turn it runs additional code and applications. After the boot process, the device is ready for use.
With a secure boot, however, code is not executed just because it exists on the device. Instead, secure boot ensures that the only code executed is code that the manufacturer of the device has securely signed. Once the secure code runs, additional code and applications will only run if they are signed with the corresponding private signature key that matches the public key embedded within this stage of the boot process. Layer after layer the code and applications link with what is known as a chain of trust and the device will only execute code the correct key vouches for.
In short, secure boot is a means to ensure that the only code that will run on a device is the code that is intended to run on the device.

The main challenges of secure boot enablement

hardware board blue

Secure boot is vendor specific

Whilst some platforms (Intel x86, NXP i.MX family…) have all documentation & examples available for enabling secure boot, other manufacturers (Texas Instrument, Qualcomm…) tend to rely on NDA to make the needed information accessible. This results in a risk for OEM manufacturers, who discover the complexity of the subject only when beginning the implementation.
secure development blue

Secure boot comes with additional requirements

Secure boot is the process of creating a signed boot chain from the system’s Power-On Reset until application execution. But secure boot alone doesn’t make a system secure. It often implies using additional mechanism such as root file system protection, Secure updates with A/B system redundancy, Operating System hardening Those take time and skill to setup.
scalability blue

Device deployment gets more complex

Secure boot implies firmware signatures are programmed into the device and that those signatures are securely stored (typically in one-time programmable, and lockable, fuses). Witekio can help your production team to setup needed infrastructure for secure boot provisioning and deployment.

Key elements to consider when enabling secure boot in your embedded system

Secure boot infrastructure

Timing of implementation

Enabling secureboot can often reduce the efficiency of the developer workflow as it can often require additional steps to be performed, like building and signing a system image, or can prevent certain approaches.
If anything goes wrong then it is deliberately difficult to debug and typically provides little in the way of introspection or logs.

Production & Development Keys

It is important to have multiple sets of keys for development and production systems and environments.
This allows distribution of development keys to developers, allowing them to efficiently sign and test code, with no compromise to the production system and its associated keys.

Keeping Private Keys Secret

It is imperative that you keep your private keys secret. If someone else were to gain access to your private key(s) used for signing software components then they could sign an altered or their own software and the device would duly authenticate and execute it successfully.
Nicolas Legrand Fresenius
Nicolas Legrand

Project lead

Working with Witekio has been instrumental in transforming our infusion pump systems. Their expertise in software compliance and technical consulting has not only helped us enhance our devices but also set a strong foundation for future developments. We couldn’t have achieved this without their support and collaboration.

Why is secure boot in embedded systems important?

When deployed with secure boot, embedded systems on IoT devices are safer and guaranteed free from injected, unofficial code. For manufacturers and vendors of IoT devices, this means that secure boot is a means of protecting their investment, brand, and the ‘m not sure waht tnetworks of their end-users.

Manufacturers and vendors invest significant corporate capital in developing, marketing, and supporting IoT devices. Should a device be hacked, or some code injected that impacts the safe running of the device, much of that investment may be wasted or even lost entirely. Secure boot ensures the protection of investments that a vendor makes in the device from bad actors.
The costs of any hack are measured in both the immediate impacts on revenue directly linked to the attack (developing patches, deploying OTA updates) and impacts on the reputation of the vendor as a supplier of quality, trusted IoT devices. The reputational costs of hacks can be severe and measured in terms of existing customer churn, future customer refusals, business interruption, and the development of marketing and management strategies to rebuild a damaged reputation.
Many IoT devices connect to other IoT devices in addition to connecting to a private or public cloud. Should unauthorized code be allowed to execute on even one device, it could potentially impact all the devices on the network. What’s more, it could put at risk all the data that the network gathers, transfers, shares, and stores. In a world where data is invaluable, the potential impact of an insecure boot process is enormous.

Witekio can support your secure boot enablement

Witekio has deep expertise in the secure boot of embedded systems. With a two-decade track record in helping vendors secure their IoT devices across all industries, Witekio engineers understand what is required and how to deliver it, to ensure that every boot on every device is secure every time.
Among the ways that Witekio adds value to IoT vendors and manufacturers are:
  • Expert consultant for both client and manufacturer
  • Advisors on best practices for key security
  • Efficiency in moving from prototype to factory production

Engineers at Witekio have experience configuring secure boot for our customer’s products on system-on-chips which include NXP i.MX6/7/8/9, STMicro STM32MP1, Rockchip RK36xx, and Nvidia Jetson. They also have deep experience in developing and customizing the secure boot software of IoT devices in a range of industries. With applications in fields as diverse as medical technology, vending machines, and consumer kitchen equipment.
witekio team

Your trusted embedded software, application and connectivity partner

flag_line

4 Countries

4 countries

iso_27001_02-1024x704

ISO 27001 certified

ISO 27001 certified

Avnet_logo

Fortune 500 owned

Fortune 500 owned