Introduction
This is Thistle’s developer-facing documentation portal. It provides tutorials and references for one to quickly get familiar with Thistle’s products. For advance usage or custom support request, please contact Thistle’s customer support at https://thistle.tech/contact.
Each of the Thistle products consists of three components
- Device software: Code running on hardware devices to provide security functionality
- Thistle Cloud: Backend infrastructure, web applications and services API to support device security
- Developer tools: Command-line tools running on developers’ laptops/desktops to interact with device software and Thistle Cloud
OTA Update Solution
This is an end-to-end, turnkey solution for device firmware/software update that is strong and flexible in reliability and security. This product includes device software, developer tools, and Thistle Cloud components.
Supported devices:
- Devices powered by embedded Linux, across multiple architectures including ARM/ARM64 and x86-64, specifically. Section OTA Update provides a tutorial on our embedded Linux update client
- Devices running the Zephyr RTOS. For integration enquiries, please contact Thistle’s customer support
CI/CD integration
You are able to automate the OTA release process from a CI/CD pipeline with Thistle. If you use GitHub for development, GitHub action Create OTA Release is available to help create an OTA update release, and publishes it to Thistle’s backend platform to update devices running the Thistle Update Client (TUC).
Secure Boot Enablement Solution
We provide tools and services to help our customers enable secure/verified boot on supported hardware. This product includes device software, developer tools, and Thistle Cloud components. Specifically, we provide strong security assurance with respect to production firmware signing key management, ensuring strong confidentiality of the signing key, and a tight control of firmware signing operations
Supported devices and secure boot types:
- Secure Boot V2 for devices with ESP32 chips. Thistle’s Espressif DevCon 2023 talk gives an overview of this solution
- Thistle Verified Boot for devices with an Infineon OPTIGA™ Trust M secure element with the U-Boot bootloader on host and I²C for host-Trust-M communication
For integration enquiries, please contact Thistle’s customer support
Thistle Yocto Build
Thistle Yocto Build is an open source, Yocto-based meta build tool to make the creation of custom embedded Linux images easy. This product provides developer tooling to help create secure-by-default device software. Section Thistle Yocto Build provides a tutorial on how to use this tool.
Supported platforms:
thistle-yocto-build
runs on Linux/x86-64.
Thistle SDK
The Thistle SDK is a collection of C bindings for security relevant Rust libraries. This product provides developer tooling to help create device software for embedded Linux, and possibly other operating systems. For instance, we offer a static wrapper around a simple and safe-to-use HTTP library, supporting an embedded modern cryptographic stack. For a tutorial, please peruse Section Thistle SDK.
Supported devices:
- The libraries are cross-built to run on ARM/ARM64 and x86-64 based devices on Linux