Making IoT and Embedded Devices Even More Secure
What you'll learn:
- How signed OTA updates ship safely with rollback.
- How secure/verified boot blocks handle tampered firmware.
- How Control Center tracks fleets, versions, and patch status.
Ensuring IoT and embedded devices are secure and up-to-date after deployment can be quite challenging. Keeping them operational in the field means they require vulnerability patching, firmware updates, and long-term reliability to ensure their continued functionality. Thistle Technologies helps ease that task with three products: an OTA update, secure/verified boot, and Control Center that support the device throughout its lifecycle.
Thistle’s end-to-end over-the-air (OTA) update delivers new firmware and application versions to IoT devices. This package features the company’s cloud services, developer tools, and device-side components. It’s compatible with embedded Linux systems on architectures like ARM/ARM64 and x86-64. In addition, the OTA product works with devices running on Infineon PSoC 6 MCUs (Fig. 1).
Rather than using ad hoc scripts or manual updates, device makers can deploy verified and cryptographically signed updates to those systems with built-in rollback and failure handling. If something goes wrong during an update, the device automatically reverts to a known-good version instead of becoming unusable. This approach is more practical due to quick vulnerability patching and ensures products stay current for years after launch.
The secure and verified boot product adds another layer of security to devices. With secure boot, firmware signed with an approved cryptographic key can run upon device bootup. It’s like a gatekeeper that stops unsigned or tampered code from executing and compromising the system (Fig. 2).
Verified boot extends this trust by checking cryptographic hashes or signatures at all boot chain stages, starting from the bootloader, through intermediate firmware stages, to the operating system and applications. This helps prevent attackers from injecting malicious firmware or modifying low-level system components. If verified boot detects tampering in the chain, it stops the boot or rolls back to a trusted state.
Overall, secure/verified boot includes enablement tools, device software, and cloud support, allowing teams to install boot-level protections on compatible hardware platforms.
Lastly, Thistle’s Control Center shows the businesses’ device fleets and security posture. Viewed on a web interface, teams can manage update campaigns, monitor rollout status, and check firmware versions across devices. If a device doesn’t have the most recent critical patch, the control center highlights that information so that operators can take action (Fig. 3).
All three of these products work together to help keep IoT and other devices secure over time. By combining OTA updates, secure boot, and centralized device fleet management, manufacturers can lower operational risk, quickly patch vulnerabilities, and maintain long-term device reliability. Even better, this doesn’t require manual processes to run.
In the video above, Thistle Technologies Founder and CEO Window Snyder discusses the features and benefits of these products.
About the Author
William G. Wong
Senior Content Director - Electronic Design and Microwaves & RF
I am Editor of Electronic Design focusing on embedded, software, and systems. As Senior Content Director, I also manage Microwaves & RF and I work with a great team of editors to provide engineers, programmers, developers and technical managers with interesting and useful articles and videos on a regular basis. Check out our free newsletters to see the latest content.
You can send press releases for new products for possible coverage on the website. I am also interested in receiving contributed articles for publishing on our website. Use our template and send to me along with a signed release form.
Check out my blog, AltEmbedded on Electronic Design, as well as his latest articles on this site that are listed below.
You can visit my social media via these links:
- AltEmbedded on Electronic Design
- Bill Wong on Facebook
- @AltEmbedded on Twitter
- Bill Wong on LinkedIn
I earned a Bachelor of Electrical Engineering at the Georgia Institute of Technology and a Masters in Computer Science from Rutgers University. I still do a bit of programming using everything from C and C++ to Rust and Ada/SPARK. I do a bit of PHP programming for Drupal websites. I have posted a few Drupal modules.
I still get a hand on software and electronic hardware. Some of this can be found on our Kit Close-Up video series. You can also see me on many of our TechXchange Talk videos. I am interested in a range of projects from robotics to artificial intelligence.
Cabe Atwell
Technology Editor, Electronic Design
Cabe is a Technology Editor for Electronic Design.
Engineer, Machinist, Maker, Writer. A graduate Electrical Engineer actively plying his expertise in the industry and at his company, Gunhead. When not designing/building, he creates a steady torrent of projects and content in the media world. Many of his projects and articles are online at element14 & SolidSmack, industry-focused work at EETimes & EDN, and offbeat articles at Make Magazine. Currently, you can find him hosting webinars and contributing to Electronic Design and Machine Design.
Cabe is an electrical engineer, design consultant and author with 25 years’ experience. His most recent book is “Essential 555 IC: Design, Configure, and Create Clever Circuits”
Cabe writes the Engineering on Friday blog on Electronic Design.