Secure Boot For Embedded Systems

Embien specializes in developing Secure Boot for Embedded Systems, having implemented Secure Hardware Root of Trust and providing IoT Endpoint Security.

Secure Boot for Embedded Systems – An Overview

Embien – First Line of Defence for Embedded Security

Product owners has the requirements to ensure that code being run on their devices are theirs and not from an unintended or malicious source. This can be made possible only with the underlying execution environment is authentic. It can be achieved with a secure bootloader where the very first part of the code executed is validated by in-built hardware aided mechanism for establishing a root of trust. Further parts can be validated by sequence of software cryptographic algorithms continuing with that chain of trust till the device is powered down.

Embien specializes in developing Secure Boot for Embedded Systems. Having worked with leading semiconductor companies, in some cases, helping them with developing secure bootloaders, we have unparalleled expertise in implementing them on various architectures. We understand the nuances and challenges in managing performance, processor/memory resources and come up with best possible solutions for all your secure boot requirements.

Our Expertise


High assurance boot (HAB), Trusted Platform Module (TPM), Cryptographic Accelerator and Assurance Module (CAAM) etc

Secure Elements

Microchip ECC508, Microchip ECC608, NXP SE050, Renesas ICU-S, ICU-M etc


Worked on various ciphers and hashing algorithms like RSA, DSA, ECDSA

Tamper Protection

Tamper evidence, tamper detection and tamper response

Secure Hardware Root of Trust

In a security standpoint, for a device deployed in the field, the first and foremost requirement is to ensure that the running firmware is genuine. The device must validate its authenticity before start execution to ensure that it is not running a tampered program. In a simple MCU based design, there might be only one integrated firmware whereas in a complex OS based system there will be a sequence of software executed - bootloader, kernel/OS, start-up services and finally user applications. Thus, there is a requirement to establish a chain of trust right from the first instruction executed at the bootloader to the user application.

Embien has been in the forefront of embedded device development for more than a decade and is helping vendors secure their products with various cutting-edge technologies. We ensure that our system software begins from ensuring code validation, confirming authenticity before execution & establishing the root of trust successively. We also make sure that underlying security mechanisms such as High assurance boot (HAB), Trusted Platform Module (TPM), Cryptographic Accelerator and Assurance Module (CAAM), Hardware Cryptographic engines are put to full use in establishing secure hardware Root of Trust.


Secure Boot Implementations

We have worked extensively on Secure Boot for Embedded Systems with different architectures such as ARM Cortex A, ARM Cortex M, RISC-V architectures etc. Some of our credentials include:

  • NXP iMx6 secure boot with HAB bootloader
  • Secure Bootloader for NXP i.MX RT Cross over processors
  • Assured boot for Qualcomm Snapdragon
  • Secure boot on TI Sitara Processors
  • mbed library-based validation on Microchip MCUs
  • Xilinx secure boot on Ultrascale SoCs
  • Secure Bootloader for RH850 with ICU-S/ICU-M crypto-engines
  • Hardware root of trust with SE050/ECC608
  • STM32 based designs with secure boot
  • Linux TPM (Trusted Platform Module) secure boot

Our team has an exceptionally good command over asymmetric cryptographic and have supported public RSA/ECDSA algorithms on even resource constrained embedded devices.

IoT End Point Security

A motivated hacker can find ways to compromise the operation/data in a device. Hence, it is essential to secure devices against physical tampering. Having worked with leading defence/automotive companies, Embien holds profound expertise in areas like:

  • Tamper Evidence:
    Security focused enclosure design using specialized materials, dead man screws, epoxy encapsulation etc
  • Tamper Detection:
    Using specialized tamper detection hardware such as switches/sensors that triggers the MCU/security monitoring circuits
  • Tamper Response:
    Initiating protective and reactive actions including automatically wiping out critical data or shutting down device or simply logging the event.

We take care of all aspects of IoT Endpoint security including PCB design by providing ESD protection, short circuit paths & high critical traces on inner board layers.


We assist in hardening secure boot on embedded devices for hostile environments


Read More

Secure Configuration with POCO Web Server

Read More

Secure Firmware Update (FOTA) for Edge Devices

Read More

Looking for expert advise?