1. Home
  2. /
  3. Use cases
  4. /
  5. Secure boot and OTA updates

Secure boot and OTA updates

Unlike simple signing utilities and tools that may seem appealing at the beginning of your project, SIgnServer goes beyond that. With SignServer, your signing keys are stored securely and efficiently from the start.

hero-sub-2-white

Challenge

Attention: Embedded Developers and Security Experts

In the realm of embedded software development, it is crucial for developers to prioritize firmware signing as a means to achieve secure boot and reliable firmware updates for their devices. Incorporating firmware signing into your build process requires specific steps that will vary depending on your chosen toolchain and platform. While some platforms may offer built-in support for firmware signing, others may necessitate the use of third-party tools.

Irrespective of the toolchain and platform you opt for, it is imperative that you retain complete control over the end-to-end signing processes. This entails ensuring secure storage and execution of signing keys, determining who signs what and when, establishing reliability and efficiency in signing operations as their number increases and being able to demonstrate compliance with regulatory and audit requirements that may be applicable to your project. It is important to bear in mind that relying solely on tools and utilities offered by others may not provide the most suitable and sustainable solution in the long run.

arrow

Solution

End-to-end and secure signing processes

SignServer can be easily deployed from Docker Hub, enabling you to swiftly test or prototype your firmware signing process. This solution goes beyond mere signing utilities and tools that may appear appealing in the early stages of your project. By utilizing SignServer, you gain access to secure and efficient storage of signing keys from the start fro example.

Initially, you can store keys in files, which is recommended for testing and prototyping purposes. However, as your solution progresses, you can leverage hardware security modules (HSMs) for enhanced security. Additionally, SignServer offers scalability and compliance features, ensuring that your solution can evolve and meet the demands of a serious deployment.

You can combine SignServer with EJBCA and they will together provide the necessary functionalities and security measures to facilitate the end-to-end signing process and ensure the integrity and authenticity of firmware images.

Take advantage of our tutorials to get hands-on experience:

  • Set up your Espressif ESP32 board with secure updates
  • Code Signing with SignServer 

Tutorials

SignServer logo thumbnail
Code signing
DevOps
Get started
2023-09-27

Create OpenPGP signatures with SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
OpenPGP
SignServer logo thumbnail
Code signing
Post-quantum
2023-07-04

ML-DSA (Dilithium) Signing Certificate and Signing in SignServer

Home / Use cases / ML-DSA (Dilithium) Signing Certificate and Signing in SignServer ML-DSA (Dilithium) signing certificate and code signing in SignServer Set up your first quantum-ready PKI. Creat...
ML-DSA
SignServer logo thumbnail
Code signing
2023-06-06

Flexible Code Signing: Try Multiple Formats with SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Signserver
SignServer logo thumbnail
Secure boot OAT
2023-06-05

Set up your ESP32 board with secure updates

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Espressif

Get inspired

Stay up-to-date on the latest SignServer news and updates through our news feed. From product releases to the newest tutorial videos and guides, our feed provides the latest information on all things related to SignServer. Don't miss out on our upcoming events, live or online, designed to provide valuable knowledge and hands-on experiences. Join our community and stay in the know with SignServer.

EJBCA Signserver
DevOps
Industrial Cybersecurity & IoT
Installation & Deployment
Signing
Tech Update
Signserver
29 September, 2023

Securing OpenPGP and Debian Packages with Code Signing

This Tech Update, initially published in early 2023, has exciting additional...
Community_Tech_Meetup_Prof1
DevOps
Implementing Cryptography
Industrial Cybersecurity & IoT
Installation & Deployment
Post-Quantum Cryptography
Signing
Blog
Ejbca
Signserver
20 September, 2023

Unveiling the highlights of the Keyfactor Community Tech Meetup 2023

What a remarkable day it was at the Keyfactor Community Tech Meetup 2023, on...
Bouncy Castle
Implementing Cryptography
Post-Quantum Cryptography
Release
Ejbca
Signserver
9 August, 2023

Unveiling the Latest Tech Tweaks in Bouncy Castle Cryptographic APIs

After a flurry of updates since our last Tech Update, BC 1.76 is now availabl...

Related open-source projects