1. Home
  2. /
  3. Use cases
  4. /
  5. Secure boot and OTA updates

Secure boot and OTA updates

Unlike simple signing utilities and tools that may seem appealing at the beginning of your project, SIgnServer goes beyond that. With SignServer, your signing keys are stored securely and efficiently from the start.

hero-sub-2-white

Challenge

Attention: Embedded Developers and Security Experts

In the realm of embedded software development, it is crucial for developers to prioritize firmware signing as a means to achieve secure boot and reliable firmware updates for their devices. Incorporating firmware signing into your build process requires specific steps that will vary depending on your chosen toolchain and platform. While some platforms may offer built-in support for firmware signing, others may necessitate the use of third-party tools.

Irrespective of the toolchain and platform you opt for, it is imperative that you retain complete control over the end-to-end signing processes. This entails ensuring secure storage and execution of signing keys, determining who signs what and when, establishing reliability and efficiency in signing operations as their number increases and being able to demonstrate compliance with regulatory and audit requirements that may be applicable to your project. It is important to bear in mind that relying solely on tools and utilities offered by others may not provide the most suitable and sustainable solution in the long run.

arrow

Solution

End-to-end and secure signing processes

SignServer can be easily deployed from Docker Hub, enabling you to swiftly test or prototype your firmware signing process. This solution goes beyond mere signing utilities and tools that may appear appealing in the early stages of your project. By utilizing SignServer, you gain access to secure and efficient storage of signing keys from the start fro example.

Initially, you can store keys in files, which is recommended for testing and prototyping purposes. However, as your solution progresses, you can leverage hardware security modules (HSMs) for enhanced security. Additionally, SignServer offers scalability and compliance features, ensuring that your solution can evolve and meet the demands of a serious deployment.

You can combine SignServer with EJBCA and they will together provide the necessary functionalities and security measures to facilitate the end-to-end signing process and ensure the integrity and authenticity of firmware images.

Take advantage of our tutorials to get hands-on experience:

  • Set up your Espressif ESP32 board with secure updates
  • Code Signing with SignServer 

Tutorials

SignServer logo thumbnail
Code signing
DevOps
2024-10-29

Sign Code with GitHub Actions and SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
GitHub Actions
SignServer logo thumbnail
Code signing
DevOps
Get started
2023-09-27

Create OpenPGP signatures with SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
OpenPGP
SignServer logo thumbnail
Code signing
Post-quantum
2023-07-04

ML-DSA (Dilithium) Signing Certificate and Signing in SignServer

Set up your first quantum-ready PKI. Create your ML-DSA (Dilithium) Root CAs, Issuing CAs, and end entities for code signing. Then sign data in SignServer. The ML-DSA (Dilithium) algorithm offers strong security and efficiency by l...
ML-DSA
SignServer logo thumbnail
Code signing
2023-06-06

Flexible Code Signing: Try Multiple Formats with SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Signserver
SignServer logo thumbnail
Secure boot OTA
2023-06-05

Set up your ESP32 board with secure updates

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Espressif

Get inspired

Stay up-to-date on the latest SignServer news and updates through our news feed. From product releases to the newest tutorial videos and guides, our feed provides the latest information on all things related to SignServer. Don't miss out on our upcoming events, live or online, designed to provide valuable knowledge and hands-on experiences. Join our community and stay in the know with SignServer.

Keyfactor Release
Release
19 December, 2024

EJBCA 9.0 – Upgraded Technology Stack

EJBCA Community 9.0 is here, introducing support for an upgraded technology s...
PKI hierarchies - 1, 2, 3 tiers ?
Industrial Cybersecurity & IoT
Tech Update
Ejbca
Signserver
12 December, 2024

#KEYMASTER: PKI Themes across the IoT Frontier – From Centralized Trust to Interoperability and Code Signing

IoT ecosystems are heavily segmented across industries, with each sector, lik...
Keyfactor Release
Implementing Cryptography
Post-Quantum Cryptography
Release
Ejbca
Signserver
4 December, 2024

NIST PQC Support and more – Bouncy Castle C# .NET 2.5.0

New release: Bouncy Castle C# .NET 2.5.0

Related open-source projects