> ## Documentation Index
> Fetch the complete documentation index at: https://docs.thistle.tech/llms.txt
> Use this file to discover all available pages before exploring further.

# Secure Boot Overview

> Learn about Thistle's secure boot solution for embedded devices

**Secure boot** is a boot sequence (on a hardware device) in which each software
(aka firmware) image loaded is authorized to be executed using software
previously authorized by this system. The sequence is designed to prevent
unauthorized or modified code from being run by ensuring that all code is
checked before it's executed. The authorization is normally done through
attestation of one or more (e.g., in the case of "double signing") valid digital
signatures. For embedded devices, the term "secure boot" is used to refer to
such a sequence when it starts from immutable code protected by hardware (e.g.,
a Boot ROM).

Secure boot requires hardware support to begin with. When hardware supports
secure boot, the process of enabling it usually requires

* The creation of signing keys or public-key infrastructure (PKI) for secure
  boot image signing
* Fuse programming to configure device security parameters and the trust anchor,
  e.g., a public key hash
* The creation of signing infrastructure to properly manage image signing keys and
  sign images, in development and in Production

Thistle provides secure boot enablement solutions to make the above process
secure and easy.

## Supported platforms

* [ESP32: Secure Boot V2](/hardware/esp32/secure_boot)