Latest from Embedded

ID 348425309 © Yuriy Nedopekin | Dreamstime.com
datacenter_dreamstime_l_348425309
William Wong, 2025 © Endeavor Business Media
Do you recognize these charts
ID 22585047 © Agsandrew | Dreamstime.com
id_22585047__agsandrew__dreamstime_new
ID 361819724 © Anastasiia Torianyk | Dreamstime.com
chip_dreamstime_l_361819724
ID 107552055 © Scanrail | Dreamstime.com
car_headlight_dreamstime_l_107552055
Dreamstime_Audrius_Merfeldas_111096969
dreamstime_audrius_merfeldas_111096969
Sigasi
11myths_promo1920x1080

Secure Boot: What You Need to Know (.PDF Download)

Jan. 29, 2018
Secure Boot: What You Need to Know (.PDF Download)

In an increasingly connected world, online devices now reach into every facet of modern life. From automated cars to smartwatches to the phone in your pocket, the myriad of form factors and value of the data contained in these devices has never been greater. Thus, the need to prioritize security in IoT-style embedded systems has rarely been more urgent.

Ensuring security in an embedded system necessarily involves Secure Boot as the first step. Here, we take a look at the variables, and the best practice for doing so, with a focus on one of the most popular processors in electronics—the i.MX6.

What is Secure Boot?

The process of Secure Boot is where your OS boot images and code are authenticated against the hardware before they’re allowed to be used in the actual boot process. The hardware is set up beforehand in such a way that it only authenticates code generated using security credentials you trust. In short, it ensures that the boot and OS software is the intended manufacturer version and hasn’t been tampered with by any malicious party or process.

In any single-use device, Secure Boot is an essential tool. This is especially the case in devices such as e-readers, which often integrate the i.MX6 processor (the i.MX6 Solo and DualLite have an integrated E-Ink display controller, for example). The i.MX6 is intended for specifically reading e-books, rather than general computing. Having a locked-down Linux environment at boot is particularly useful in such applications.

Other situations, such as an Android phone, may be less black-and-white. Using Secure Boot would restrict end users from running custom ROMs, for example, which might be seen as a desirable situation for a manufacturer, or a major compromise. However, a good time to use Secure Boot is any case where you don’t want another party to load an operating system or a different bootloader onto your device.

For other integrated systems, such as IP cameras running Linux, you would be well-advised to use Secure Boot. That’s because any malicious boot code or operating-system software could lead to a situation where the device is made part of a botnet, or the cameras’ output is compromised.

Deep Dive: The i.MX6 Secure Boot Process

On the i.MX6, after creating your boot images, Secure Boot can be utilized once you generate a set of secure keys against an SSL certificate generated for this purpose.

Comments

To join the conversation, and become an exclusive member of Electronic Design, create an account today!