Bootware™ 1.0

Making IoT infrastructure resilient to compromised updates and bricked devices
with unified security management tools and trusted hardware.

Unified security management tools and trusted hardware for resilient IoT infrastructure.

The resilient unifying layer between bare metal and software.

Making IoT infrastructure resilient to compromised updates and bricked hardware.

+ A/B updates managed in secure silicon.

+ Encrypted files system and user kernel.

+ Signed images and updates.

+ Fallback and bare metal recovery options.

+ Seamless integration with Raspberry Pi OS and Ubuntu.

+ Easy upgrade path from standard RPi products.

+ Available on Zymbit HSM, compute and edge node products. 

+ Optimized for ARMv8 CPUs.

 

https://www.zymbit.com/wp-content/uploads/2023/06/Zymbit-Bootware-1.png

Bootware Simplifies Compliance and Availability

Unified security management tools and trusted hardware that scale – from prototype to pilot to long term deployments.

Bootware Transforms IoT Architecture

The Missing Layer

Bootware introduces a secure unified layer that connects diverse untrusted edge devices and IoT endpoints to trusted enterprise network, security and data services.
zymbit secure compute module with verified boot
zymbit secure compute module with verified boot

Unified Security Stack

Bootware delivers a unified and autonomous trust plane across popular ARM compute hardware, firmware, boot chain and OS.

+ Identity management

+ Device security

+ Network access

+ Credential management

+ Updates

+ Recovery

zymbit secure compute module with verified boot

Bootware Services

A/B updates with cryptographic isolation

Robust update scheme that keeps devices current with operational and security updates.

  • Apply updates to a backup filesystem and roll back to a stable filesystem in case of critical errors.
  • A/B filesystems with boot artifacts isolation and keys. A/B are independent of each other and supervised by the HSM

Encrypted filesystem and kernel.

Protects your data, IP and credentials from unauthorized access. 

  • Data and kernel are encrypted by keys stored in the HSM.
  • Keys are scrubbed and prevents access to data upon device penetration.

Signed images and updates

Ensures that all update images come from a known and verified source, and have not been tampered with. 

  • Only devices with the correct HSM keys will be able to authenticate and pull these secure updates.

Key storage in secure silicon

Reduces the risk of exposing cryptographic keys through physical access and sideband attacks. 

  • Cryptographic keys are created, managed and stored in special purpose secure element with grid protection. 
  • Logical and physical access is restricted through multiple layers of cryptography, hardware and tamper sensors. 

Supervised boot with multiple artifacts and policies

HSM will monitor the device as soon as it powers on.

  • Zymbit S2, S3 level devices use an independent security controller to supervise the boot process. 
  • Boot artifacts are individually verified for integrity and authenticity against a user defined manifest. 
  • Security policies can be put in place to prevent failed and compromized updates.

Automatic recovery from OS failure

A/B updates occasionally fail due to one of many reasons. Loss of network access, loss of power, incorrect signatures, are a few common failure modes. In the event of a failed update it is essential that a device has the possibility to recover to some operational state, and preferably without human intervention, remote or local.  

Bootware supports three levels of recovery. 

  • Failed update of Image-A > revert to Image-B
  • Failed Image-B > revert to Safe Recovery mode
  • Failed Safe > rever to user intervention

 

Seamless integration with Raspberry Pi OS and Ubuntu

  • Develop using popular Ubuntu and Raspberry Pi OS tools.
  • Push secure updates to systems with Debian based OS.

Supported on Zymbit secure compute products.

Bootware services are available on a wide range of Zymbit professional components

Choice of Professional Components

Bootware will support all Zymbit professional components, with increasing levels of security, supervision and safe recovery.
SECURITY MODULES –>
 BOOTWARE 1.0
SECURE CARRIER BOARDS SECURE COMPUTE SECURE EDGE NODE
 BOOTWARE 1.0 – CORE SERVICES
SECURE CARRIER BOARDS SECURE COMPUTE SECURE EDGE NODE
 Bootware Resilience Level
1 – Secure hardware and cryptographic engine.
2 – Supervised filesystem and boot chain.
3 – Safe recovery to trusted state.

1,2,3

1,2,3

1,2,3
A/B updates managed in secure silicon
Encrypted filesystem
Encrypted kernel
 A/B cryptographic isolation
Key storage in secure silicon
Supervised boot with multiple artifacts and policies
Automatic recovery from OS failure
Support for Ubuntu and Raspberry Pi OS, standard kernels
Support for Ubuntu and Raspberry Pi OS, custom kernels
       
 BOOTWARE 2.0 – PREMIUM SERVICES
SECURE CARRIER BOARDS SECURE COMPUTE SECURE EDGE NODE
Baremetal recovery
Zero trust provisioning, updates, recovery
       
BOOTWARE 2.0 – ADD ONS
SECURE CARRIER BOARDS SECURE COMPUTE SECURE EDGE NODE
Local certificate authority on device
Integration with third party security and management tools
       
 READY TO GET STARTED?
SECURE CARRIER BOARDS SECURE COMPUTE SECURE EDGE NODE
Learn more > Learn more > Learn more>
BUY NOW BUY NOW BUY NOW

= standard feature
= available feature, dependent upon installed security module and compute module
= available feature, OEM support package required

Turnkey Solutions

Modular Components. Maximum Flexibility

Zymbit professional components are easily configured, accessorized and integrated into secure turnkey solutions. By you, your integrator, or by Zymbit.
Choose the components you need. 
  • Base boards
  • Power sources
  • Compute modules
  • Storage, I/O, communications and accessories
  • Tamper proof enclosures
zymbit secure compute motherboard secure side

Secure Edge Nodes

Modular compute hardware that’s secure and easily customized.
  • Fully enclosed, tamper responsive
  • Secure compute module, Linux OS
  • Hardware security supervisor
  • Baseboard with extensive IO and user upgrades
  • Pre-configured security and software
zymbit secure compute motherboard secure side

Secure Base Boards

Choose the components you need. 
  • Base boards
  • Power sources
  • Compute modules
  • Storage, I/O, communications and accessories
  • Tamper proof enclosures
zymbit secure compute motherboard secure side

Developer Kits

Choose the compute platform, OS, base board and budget that’s right for your application. Kits include everything you need to get up and running quickly.
Zymbit secure compute module with Raspberry Pi

SCB400

Full Linux edge compute development platform.

  • ARM A72 x4 @1.8GHz
  • Industrial grade base board
  • Supports SCM4 and CM4 compute 
  • +12-24VDC,  POE power options
  • NMVE M.2 mass storage expansion
  • Bootware S3 support
  • Easy upgrade to Zymbit secure edge node. 
Zymbit secure compute module with Raspberry Pi

SCB040

Ideal for full Linux embedded node applications

  • ARM A72 x4 @1.8GHz
  • SCM4 compute module
  • Small base board with I/O
  • 5VDC power input
  • Bootware S3 support

 

 

Zymbit secure compute module with Raspberry Pi

SCB004

Lite Linux embedded endpoints

  • ARM A53 x4 @1.0GHz
  • RPI Zero compute 
  • Small base board GPIO pass through
  • Integrated Zymbit HSM
  • 5VDC power input 
  • Bootware S1.1 support

 

Secure Silicon

Zymbit Unified Security Controllers

Combining the essential elements of security management, supervised hardware and safe recovery.

Increasing levels of device security, integrity and resilience

  • S1 – Secure silicon with cryptographic engine
  • S2 – Supervised hardware, filesystem updates and bootchain management
  • S3 – Safe recovery to trusted state

 

 

Zymbit secure compute module with Raspberry Pi

Documentation

Using Bootware 1.0 >
  • Getting started
  • Software APIs – python, C, C++
  • Tutorials
  • FAQ & troubleshooting
Using Bootware 1.0 >
  • Getting started
  • Software APIs – python, C, C++
  • Tutorials
  • FAQ & troubleshooting
Getting Started >
  • Secure Edge Node
  • Secure Compute Modules
  • Developer Kits 

Ready to try Bootware 1.0?

I HAVE QUESTIONS
If you need help with your application, or want to discuss a custom solution then contact us today.
EXPLORE ALL ZYMBIT PRODUCTS
Explore and choose the best Zymbit product for your application. If you have questions or need something custom then were ready to help.
https://www.zymbit.com/wp-content/uploads/2017/11/Zymbit-Logo-noBG-small.png

120 Cremona Drive, Goleta, 

California, 93117, USA

+1 (805) 481 4570

GET UPDATES

Subscribe to email updates.