1. Home
  2. /
  3. Use cases
  4. /
  5. Secure boot and OTA updates

Secure boot and OTA updates

Unlike simple signing utilities and tools that may seem appealing at the beginning of your project, SIgnServer goes beyond that. With SignServer, your signing keys are stored securely and efficiently from the start.

hero-sub-2-white

Challenge

Attention: Embedded Developers and Security Experts

In the realm of embedded software development, it is crucial for developers to prioritize firmware signing as a means to achieve secure boot and reliable firmware updates for their devices. Incorporating firmware signing into your build process requires specific steps that will vary depending on your chosen toolchain and platform. While some platforms may offer built-in support for firmware signing, others may necessitate the use of third-party tools.

Irrespective of the toolchain and platform you opt for, it is imperative that you retain complete control over the end-to-end signing processes. This entails ensuring secure storage and execution of signing keys, determining who signs what and when, establishing reliability and efficiency in signing operations as their number increases and being able to demonstrate compliance with regulatory and audit requirements that may be applicable to your project. It is important to bear in mind that relying solely on tools and utilities offered by others may not provide the most suitable and sustainable solution in the long run.

arrow

Solution

End-to-end and secure signing processes

SignServer can be easily deployed from Docker Hub, enabling you to swiftly test or prototype your firmware signing process. This solution goes beyond mere signing utilities and tools that may appear appealing in the early stages of your project. By utilizing SignServer, you gain access to secure and efficient storage of signing keys from the start fro example.

Initially, you can store keys in files, which is recommended for testing and prototyping purposes. However, as your solution progresses, you can leverage hardware security modules (HSMs) for enhanced security. Additionally, SignServer offers scalability and compliance features, ensuring that your solution can evolve and meet the demands of a serious deployment.

You can combine SignServer with EJBCA and they will together provide the necessary functionalities and security measures to facilitate the end-to-end signing process and ensure the integrity and authenticity of firmware images.

Take advantage of our tutorials to get hands-on experience:

  • Set up your Espressif ESP32 board with secure updates
  • Code Signing with SignServer 

Tutorials

SignServer logo thumbnail
Code signing
DevOps
2024-10-29

Sign Code with GitHub Actions and SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
GitHub Actions
SignServer logo thumbnail
Code signing
DevOps
Get started
2023-09-27

Create OpenPGP signatures with SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
OpenPGP
SignServer logo thumbnail
Code signing
Post-quantum
2023-07-04

ML-DSA (Dilithium) Signing Certificate and Signing in SignServer

Set up your first quantum-ready PKI. Create your ML-DSA (Dilithium) Root CAs, Issuing CAs, and end entities for code signing. Then sign data in SignServer. The ML-DSA (Dilithium) algorithm offers strong security and efficiency by l...
ML-DSA
SignServer logo thumbnail
Code signing
2023-06-06

Flexible Code Signing: Try Multiple Formats with SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Signserver
SignServer logo thumbnail
Secure boot OTA
2023-06-05

Set up your ESP32 board with secure updates

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Espressif

Get inspired

Stay up-to-date on the latest SignServer news and updates through our news feed. From product releases to the newest tutorial videos and guides, our feed provides the latest information on all things related to SignServer. Don't miss out on our upcoming events, live or online, designed to provide valuable knowledge and hands-on experiences. Join our community and stay in the know with SignServer.

PKI hierarchies - 1, 2, 3 tiers ?
Installation & Deployment
Tech Update
Ejbca
Signserver
27 May, 2025

#KEYMASTER: What is Linting in the PKI World?

In this episode, Keyfactor’s Sven Rajala welcomes Mike Kushner, a seaso...
Keyfactor Blog
Implementing Cryptography
Blog
Event
21 May, 2025

EJBCA + SignServer = Powered by Bouncy Castle since forever

🎈 Happy 25th, Bouncy Castle! 🎈 From all of us at EJBCA and SignServer: thank...
PKI hierarchies - 1, 2, 3 tiers ?
DevOps
Installation & Deployment
Tech Update
Ejbca
Signserver
7 May, 2025

#KEYMASTER: About Ephemeral and Short-Lived Certificates

Sven Rajala, International PKI Man of Mystery, and Tomas Gustavsson, Chief PK...

Related open-source projects

This website uses cookies

Cookies consist of small text files. They contain data that is stored on your device. To enable us to place certain types of cookies we need to obtain your consent. At PrimeKey Solutions AB, corp. ID no. 556628-3064, we use the following kinds of cookies. To read more about which cookies we use and storage times, click here to access our cookies policy.

Manage your cookie-settings

Necessary cookies

Check to consent to the use of Necessary cookies
Necessary cookies are cookies that must be placed for basic functions to work on the website. Basic functions are, for example, cookies which are needed so that you can use menus on the website and navigate on the site.

Functional cookies

Check to consent to the use of Functional cookies
Functional cookies need to be placed on the website in order for it to perform as you would expect. For example, so that it recognizes which language you prefer, whether or not you are logged in, to keep the website secure, remember login details or to be able to sort products on the website according to your preferences.

Cookies for statistics

Check to consent to the use of Cookies for statistics
For us to measure your interactions with the website, we place cookies in order to keep statistics. These cookies anonymize personal data.

Cookies for ad-tracking

Check to consent to the use of Cookies for ad-tracking
To enable us to offer better service and experience, we place cookies so that we can provide relevant advertising. Another aim of this processing is to enable us to promote products or services, provide customized offers or provide recommendations based on what you have purchased in the past.

Ad measurement user cookies

Check to consent to the use of Ad measurement user cookies
In order to show relevant ads we place cookies to tailor ads for you

Personalized ads cookies

Check to consent to the use of Personalized ads cookies
To show relevant and personal ads we place cookies to provide unique offers that are tailored to your user data