Embedded system designers want to control what software runs on their system. This enhances security of a system, and makes it much more difficult for unauthorized software to run during the boot of a system. However, to ship a system with the secure boot feature enabled, fundamental changes need to be made to the way the system is designed, manufactured, deployed, and maintained. Many companies have used signing services for operating system drivers, but supporting the secure boot infrastructure on a product line is a much more difficult proposition.


This paper discusses aspects of this problem and reviews resources that can help solve it. The focus is on embedded systems, but the principles are applicable to any computer system. Remember that releasing a system with secure boot peaks hacker interest and makes the system a target, so every effort must be made to minimize security holes from design phase to field deployment.