Upgrading to Measured Boot using wolfBoot 

At wolfSSL, we work together with our customers to enhance embedded security. This includes providing an embedded MCU TPM, MCU secure boot, and similar security options.

Today, there is a de-facto standard for IoT security and that is the use of Secure Boot. However, Secure Boot provides us with only a single check over our system image. Therefore, we want to offer our customers the possibility to upgrade from Secure Boot to using Measured Boot with our fully open-source embedded systems secure boot solution, wolfBoot.

During the lifecycle of IoT products there is configuration and user data being updated that also needs protection. Measured Boot provides us the ability to check not only our application image at boot but do so in stages. We could verify the state of our device configuration before applying it. Additionally, we could verify the integrity of the user settings and data before making them available for use, thus increasing the level of certainty in the state of our system before the user starts using it.

To enable this feature, we have already created integration between wolfBoot and wolfTPM. By using a Trusted Platform Module (TPM) we better protect the SecureBoot process, and using an embedded systems TPM is the best way to do it. Would you like us to extend this process to a Measured Boot?

Do you want the capability to check your device configuration before the system starts?

Would you like to check the system state deeper after an update?

Let us know at facts@wolfssl.com

Yours truly,

The wolfSSL Team