Bootware®

The one tool that simplifies security, updates and recovery for fleets of unattended devices

The one tool that streamlines your bare-metal-to-OS updates for enhanced device security and long-term reliability.

  • A/B updates managed in secure silicon.
  • Encrypted filesystem and user kernel.
  • Signed images and updates.
  • Fallback and recovery options.
  • Seamless integration with Raspberry Pi OS and Ubuntu.
  • Easy upgrade path from standard RPi products.
  • Available on most Zymbit products. 

 

https://www.zymbit.com/wp-content/uploads/2024/09/zymbit-bootware-graphic-chip-boot-path-2024.09.17c-1500x1000-1-640x427.png

Bootware simplifies compliance and availability

Unified security management tools and trusted hardware that scale - from prototype to pilot to long term deployments.

Bootware completes the missing layer

Unified security stack

Bootware delivers a unified and autonomous trust plane across popular ARM compute hardware, firmware, boot chain and OS.

+ Identity management

+ Device security

+ Network access

+ Credential management

+ Updates

+ Recovery

zymbit secure compute module with verified boot

Robust metal to OS boot chain

zymbit secure compute module with verified boot

Isolate and manage untrusted devices with enterprise integrations

Bootware introduces a secure unified layer that connects diverse untrusted edge devices and IoT endpoints to trusted enterprise network, security and data services.
zymbit secure compute module with verified boot

Bootware services

A/B updates with cryptographic isolation.

Robust update schema backed by secure silicon.

  • Keep devices current with frequent operational and security updates.
  • A/B filesystems are cryptographically isolated, including boot artifacts.
  • Updates are supervised by an independent security controller. 
  • Roll back to a stable filesystem in case of failed or compromised updates.

Encrypted filesystem and kernel.

Protects your data, IP and credentials from unauthorized access. 

  • Data and kernel are encrypted with keys managed in the HSM.
  • Keys are scrubbed upon device penetration to prevent access to data.
  • Works seamlessly with A/B updates.

Automatic recovery from failed updates.

MInimze operational downtime when A/B updates occasionally but inevitably fail.

Loss of network access, loss of power and incorrect signatures, are a few common failure modes. When updates fail it is essential that a device has the possibility to recover to some trusted operational state, and preferably without human intervention, remote or local.  

Bootware supports three levels of trusted recovery. 

  • Failed update of Image-A > revert to Image-B.
  • Failed Image-B > revert to Safe Recovery mode.
  • Failed Safe > revert to user intervention.

 

Signed images and updates.

Ensures that all update images come from a known and verified source, and have not been tampered with. 

  • Only devices with the correct HSM keys will be able to authenticate the source and pull these secure updates.

Key storage in secure silicon.

Reduces the risk of exposing cryptographic keys through physical access and sideband attacks. 

  • Cryptographic keys are created, managed and stored in a special purpose secure element with grid protection. 
  • Logical and physical access is restricted through multiple layers of cryptography, hardware and tamper sensors. 

Supervised boot with user defined artifacts.

Reduce the risk of compromised boot chains and bricked devices.

  • Zymbit S2, S3 level devices use an independent security controller to supervise the boot process. 
  • Boot artifacts are individually verified for integrity and authenticity against a user defined manifest. 
  • Security policies can be put in place to prevent failed and compromised updates.

Seamless integration with Raspberry Pi OS and Ubuntu.

Develop and deploy using popular Ubuntu and Raspberry Pi OS tools.

  • Push secure updates to systems with Debian based OS.
  • Support for custom kernel builds.
  • Switch between Bullseye and Ubuntu 22.04 during development.

Supported on Zymbit secure compute products

Bootware services are available on a wide range of Zymbit professional components.

Choice of professional components

Bootware supports all Zymbit professional components, with increasing levels of security, supervision and safe recovery.
 BOOTWARE 1
BASE BOARDS SECURITY MODULES SECURE COMPUTE MODULES SECURE EDGE NODES
 BOOTWARE 1 - CORE SERVICES
BASE BOARDS SECURITY MODULES SECURE COMPUTE MODULES SECURE EDGE NODES
  Platform Resilience Level
1 =Secure silicon & cryptographic engine.
2+Safe recovery to trusted state.
3+Supervised filesystem and boot chain.
4+Baremetal recovery.

1,2,3,4

1,2

1,2,3,4

1,2,3,4
A/B updates
Security Contex Management Host CPU Zymbit HXM Zymbit HXM
Encrypted filesystem
Encrypted kernel
 A/B cryptographic isolation
Key storage in secure silicon
Supervised boot with multiple artifacts and policies
Automatic recovery from OS failure
Support for Ubuntu and Raspberry Pi OS, standard kernels
Support for Ubuntu and Raspberry Pi OS, custom kernels
         
 BOOTWARE 2.0 - PREMIUM SERVICES
BASE BOARDS SECURITY MODULES SECURE COMPUTE MODULES SECURE EDGE NODES
Baremetal recovery
Zero trust provisioning, updates, recovery
Managed power system integration
         
BOOTWARE 2.0 - ADD ONS
BASE BOARDS SECURITY MODULES SECURE COMPUTE MODULES SECURE EDGE NODES
Local certificate authority on device
Integration with third party security and management tools
         
 READY TO GET STARTED?
BASE BOARDS SECURITY MODULES SECURE COMPUTE MODULES SECURE EDGE NODES
Learn more > Learn more > Learn more > Learn more>
BUY NOW BUY NOW BUY NOW BUY NOW

= available feature, dependent upon installed security module and compute module
= standard feature
= available feature, OEM support package required

Turnkey Solutions

Modular Components. Maximum Flexibility.

Zymbit professional components are easily configured, accessorized and integrated into secure turnkey solutions. By you, your integrator, or by Zymbit.
Choose the components you need. 
  • Base boards
  • Power sources
  • Compute modules
  • Storage, I/O, communications and accessories
  • Tamper proof enclosures
zymbit secure compute motherboard secure side

Secure Edge Nodes

Modular compute hardware that’s secure and easily customized.
  • Fully enclosed, tamper responsive
  • Secure compute module, Linux OS
  • Hardware security supervisor
  • Baseboard with extensive IO and user upgrades
  • Pre-configured security and software
zymbit secure compute motherboard secure side

Base Boards

Choose the components you need. 
  • Base boards
  • Power sources
  • Compute modules
  • Storage, I/O, communications and accessories
  • Tamper proof enclosures
zymbit secure compute motherboard secure side

Developer Kits

Choose the compute platform, OS, base board and budget that's right for your application. Kits include everything you need to get up and running quickly.
Zymbit secure compute module with Raspberry Pi

SEN400 ProtoKit

Full Linux edge compute development platform.

  • ARM A72 x4 @1.8GHz
  • Industrial grade base board
  • Supports SCM4 and CM4 compute 
  • +12-24VDC,  POE power options
  • NMVE M.2 mass storage expansion
  • Bootware S3 support
  • Easy upgrade to Zymbit secure edge node. 
Zymbit secure compute module with Raspberry Pi

SCB040

Ideal for full Linux embedded node applications

  • ARM A72 x4 @1.8GHz
  • SCM4 compute module
  • Small base board with I/O
  • 5VDC power input
  • Bootware S3 support

 

 

Zymbit secure compute module with Raspberry Pi

SCB004

Lite Linux embedded endpoints

  • ARM A53 x4 @1.0GHz
  • RPI Zero compute 
  • Small base board GPIO pass through
  • Integrated Zymbit HSM
  • 5VDC power input 
  • Bootware S1.1 support

 

Unified Platform Supervisor

Supervises security, resilience, availability and recovery of different target platform types.

Zymbit PSX Platform Supervisor

Unified technology that delivers platform security, resilience, availability and recovery.
Zymbit secure compute module with Raspberry Pi

Pricing

Check out Bootware Core for free!

When you're ready, purchase the Bootware services, hardware and technical support that best fit your needs.

Choose the plan that fits your needs.

Check out Bootware Core for free. When your ready purchase the Bootware services, hardware and technical support you need.

Prototyping

Free

Up to 10 devices

Bootware Core

  • A/B updates
  • Encrypted filesystem
  • Encrypted kernel
  • A/B cryptrographic isolation
  • Key storage in secure silicon
  • Supervised boot
  • Multiple artifacts & policies

Support

  • Community support

Pilot

$2400/year

Up to 200 devices

Bootware Core

  • A/B updates
  • Encrypted filesystem
  • Encrypted kernel
  • A/B cryptrographic isolation
  • Key storage in secure silicon
  • Supervised boot
  • Multiple artifacts & policies

 

Bootware Premium

  • Baremetal recovery
  • Zero touch provisioning
  • Standard integrations
  • Unlocked pilot hardware 

Support

  • Support Level 1

Scale

$12/device/year

1K to 5K devices

Bootware Core

  • A/B updates
  • Encrypted filesystem
  • Encrypted kernel
  • A/B cryptrographic isolation
  • Key storage in secure silicon
  • Supervised boot
  • Multiple artifacts & policies

 

Bootware Premium

  • Baremetal recovery
  • Zero touch provisioning
  • Standard integrations
  • Custom integrations
  • Custom hardware support

Support

  • Service Level 2

Enterprise

Quoted Pricing

Above 10K Devices

Bootware Core

  • A/B updates
  • Encrypted filesystem
  • Encrypted kernel
  • A/B cryptrographic isolation
  • Key storage in secure silicon
  • Supervised boot
  • Multiple artifacts & policies

 

Bootware Premium

  • Baremetal recovery
  • Zero touch provisioning
  • Standard integrations
  • Custom integrations
  • Custom hardware support

Support

  • Service Level Agreements

Documentation

Using Bootware >
  • Getting started
  • Software APIs – python, C, C++
  • Tutorials
  • FAQ & troubleshooting
Getting Started >
  • Bootware
  • Secure Edge Nodes
  • Secure Compute Modules
  • Developer Kits 

Ready to try Bootware?

I HAVE QUESTIONS
If you need help with your application, or want to discuss a custom solution then contact us today.
EXPLORE ALL ZYMBIT PRODUCTS
Explore and choose the best Zymbit product for your application. If you have questions or need something custom then were ready to help.
https://www.zymbit.com/wp-content/uploads/2017/11/Zymbit-Logo-noBG-small.png

120 Cremona Drive, Goleta, 

California, 93117, USA

+1 (805) 481 4570

GET UPDATES

Subscribe to email updates.