Secure boot is a boot sequence (on a hardware device) in which each software (aka firmware) image loaded is authorized to be executed using software previously authorized by this system. The sequence is designed to prevent unauthorized or modified code from being run by ensuring that all code is checked before it’s executed. The authorization is normally done through attestation of one or more (e.g., in the case of “double signing”) valid digital signatures. For embedded devices, the term “secure boot” is used to refer to such a sequence when it starts from immutable code protected by hardware (e.g., a Boot ROM). Secure boot requires hardware support to begin with. When hardware supports secure boot, the process of enabling it usually requires
  • The creation of signing keys or public-key infrastructure (PKI) for secure boot image signing
  • Fuse programming to configure device security parameters and the trust anchor, e.g., a public key hash
  • The creation of signing infrastructure to properly manage image signing keys and sign images, in development and in Production
Thistle provides secure boot enablement solutions to make the above process secure and easy.

Supported platforms