Bootware 1.2 available!

davidgs_zymbit1 · October 7, 2024, 4:19pm

For those of you who have been waiting, we released Bootware 1.2 last week! It’s a major release, with a ton of new features and ease-of-use improvements.

A/B updates with cryptographic isolation.

Keep devices current with frequent operational and security updates.
A/B filesystems are cryptographically isolated, including boot artifacts.
Updates are supervised by an independent security controller.
Roll back to a stable filesystem in case of failed or compromised updates.

Encrypted filesystem and kernel.

Data and kernel are encrypted with keys managed in the HSM.
Keys are scrubbed upon device penetration to prevent access to data.
Works seamlessly with A/B updates.

Automatic recovery from failed updates.

Loss of network access, loss of power and incorrect signatures, are a few common failure modes. When updates fail it is essential that a device has the possibility to recover to some trusted operational state, and preferably without human intervention, remote or local.

Bootware supports three levels of trusted recovery.

Failed update of Image-A > revert to Image-B.
Failed Image-B > revert to Safe Recovery mode.
Failed Safe > revert to user intervention.

Signed images and updates.

Only devices with the correct HSM keys will be able to authenticate the source and pull these secure updates.

Key storage in secure silicon.

Cryptographic keys are created, managed and stored in a special purpose secure element with grid protection.
Logical and physical access is restricted through multiple layers of cryptography, hardware and tamper sensors.

Supervised boot with user defined artifacts.

Zymbit S2, S3 level devices use an independent security controller to supervise the boot process.
Boot artifacts are individually verified for integrity and authenticity against a user defined manifest.
Security policies can be put in place to prevent failed and compromised updates.

Seamless integration with Raspberry Pi OS and Ubuntu.

Push secure updates to systems with Debian based OS.
Support for custom kernel builds.
Switch between Bullseye and Ubuntu 22.04 during development.

Supported on Zymbit secure compute products

Secure Compute
Secure Edge Node
Secure Carrier Board
(Security Modules V1.1)
See details for supported features.

Topic		Replies	Views
Zymkey4 + CM4 + Secure Boot ZYMKEY4	3	29	October 18, 2024
Encrypting both SD and external USB HD ZYMKEY4	6	795	September 2, 2022
Raspberry Pi 4 Secure Boot Vs Zymkey 4i business case ZYMKEY4	1	676	November 16, 2022
Welcome to the Community! Secure Compute Module	1	7	September 11, 2024
Zymbit + U-Boot - A / B Partitions ZYMKEY4	1	813	December 31, 2017