1. Home
  2. /
  3. Use cases
  4. /
  5. Secure boot and OTA updates

Secure boot and OTA updates

Unlike simple signing utilities and tools that may seem appealing at the beginning of your project, SIgnServer goes beyond that. With SignServer, your signing keys are stored securely and efficiently from the start.

hero-sub-2-white

Challenge

Attention: Embedded Developers and Security Experts

In the realm of embedded software development, it is crucial for developers to prioritize firmware signing as a means to achieve secure boot and reliable firmware updates for their devices. Incorporating firmware signing into your build process requires specific steps that will vary depending on your chosen toolchain and platform. While some platforms may offer built-in support for firmware signing, others may necessitate the use of third-party tools.

Irrespective of the toolchain and platform you opt for, it is imperative that you retain complete control over the end-to-end signing processes. This entails ensuring secure storage and execution of signing keys, determining who signs what and when, establishing reliability and efficiency in signing operations as their number increases and being able to demonstrate compliance with regulatory and audit requirements that may be applicable to your project. It is important to bear in mind that relying solely on tools and utilities offered by others may not provide the most suitable and sustainable solution in the long run.

arrow

Solution

End-to-end and secure signing processes

SignServer can be easily deployed from Docker Hub, enabling you to swiftly test or prototype your firmware signing process. This solution goes beyond mere signing utilities and tools that may appear appealing in the early stages of your project. By utilizing SignServer, you gain access to secure and efficient storage of signing keys from the start fro example.

Initially, you can store keys in files, which is recommended for testing and prototyping purposes. However, as your solution progresses, you can leverage hardware security modules (HSMs) for enhanced security. Additionally, SignServer offers scalability and compliance features, ensuring that your solution can evolve and meet the demands of a serious deployment.

You can combine SignServer with EJBCA and they will together provide the necessary functionalities and security measures to facilitate the end-to-end signing process and ensure the integrity and authenticity of firmware images.

Take advantage of our tutorials to get hands-on experience:

  • Set up your Espressif ESP32 board with secure updates
  • Code Signing with SignServer 

Tutorials

SignServer logo thumbnail
Code signing
DevOps
Get started
2023-09-27

Create OpenPGP signatures with SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
OpenPGP
SignServer logo thumbnail
Code signing
Post-quantum
2023-07-04

ML-DSA (Dilithium) Signing Certificate and Signing in SignServer

Set up your first quantum-ready PKI. Create your ML-DSA (Dilithium) Root CAs, Issuing CAs, and end entities for code signing. Then sign data in SignServer. The ML-DSA (Dilithium) algorithm offers strong security and efficiency by l...
ML-DSA
SignServer logo thumbnail
Code signing
2023-06-06

Flexible Code Signing: Try Multiple Formats with SignServer

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Signserver
SignServer logo thumbnail
Secure boot OTA
2023-06-05

Set up your ESP32 board with secure updates

{At sit et cras neque etiam cursus vulputate tempor enim. Quisque suspendisse nunc massa eleifend est ultrices. Facilisi ut a augue pellentesque quam nibh. Sit nisl.|=##=|162821}
Espressif

Get inspired

Stay up-to-date on the latest SignServer news and updates through our news feed. From product releases to the newest tutorial videos and guides, our feed provides the latest information on all things related to SignServer. Don't miss out on our upcoming events, live or online, designed to provide valuable knowledge and hands-on experiences. Join our community and stay in the know with SignServer.

Streamlining-PKI-Management-and-TLS-Certificate-Issuance-2400×1260-1-980×546
DevOps
Installation & Deployment
Blog
Ejbca
26 January, 2024

New EJBCA article on the Docker blog

The EJBCA Community Edition (CE) has been available on Docker Hub for approxi...
Streamlining-PKI-Management-and-TLS-Certificate-Issuance-2400×1260-1-980×546
DevOps
Installation & Deployment
Blog
Ejbca
26 January, 2024

New EJBCA article on the Docker blog

The EJBCA Community Edition (CE) has been available on Docker Hub for approxi...
Keyfactor Release
Implementing Cryptography
Post-Quantum Cryptography
Release
Ejbca
23 January, 2024

Bouncy Castle Java LTS unleashes accelerated hardware power on Intel and ARM architectures in latest release

We are proud to announce a new release of our Bouncy Castle Long Term Stable...

Related open-source projects