Bootware™ 1.0
Make IoT infrastructure resilient to compromised updates and bricked devices
with unified security management tools and trusted hardware.
Unified security management tools and trusted hardware for resilient IoT infrastructure.
The resilient unifying layer between bare metal and software.
Making IoT infrastructure resilient to compromised updates and bricked hardware.
+ A/B updates managed in secure silicon.
+ Encrypted filesystem and user kernel.
+ Signed images and updates.
+ Fallback and recovery options.
+ Seamless integration with Raspberry Pi OS and Ubuntu.
+ Easy upgrade path from standard RPi products.
+ Available on Zymbit HSM, compute and edge node products.
+ Optimized for ARMv8 CPUs.
Bootware Simplifies Compliance and Availability
Unified security management tools and trusted hardware that scale – from prototype to pilot to long term deployments.
Bootware Transforms IoT Architecture
Unified Security Stack
Bootware delivers a unified and autonomous trust plane across popular ARM compute hardware, firmware, boot chain and OS.
+ Identity management
+ Device security
+ Network access
+ Credential management
+ Updates
+ Recovery
The Missing Layer
Bootware introduces a secure unified layer that connects diverse untrusted edge devices and IoT endpoints to trusted enterprise network, security and data services.
Bootware Services
A/B updates with cryptographic isolation.
Robust update schema backed by secure silicon.
- Keep devices current with frequent operational and security updates.
- A/B filesystems are cryptographically isolated, including boot artifacts.
- Updates are supervised by an independent security controller.
- Roll back to a stable filesystem in case of failed or compromised updates.
Encrypted filesystem and kernel.
Protects your data, IP and credentials from unauthorized access.
- Data and kernel are encrypted with keys managed in the HSM.
- Keys are scrubbed upon device penetration to prevent access to data.
- Works seamlessly with A/B updates.
Automatic recovery from failed updates.
MInimze operational downtime when A/B updates occasionally but inevitably fail.
Loss of network access, loss of power and incorrect signatures, are a few common failure modes. When updates fail it is essential that a device has the possibility to recover to some trusted operational state, and preferably without human intervention, remote or local.
Bootware supports three levels of trusted recovery.
- Failed update of Image-A > revert to Image-B.
- Failed Image-B > revert to Safe Recovery mode.
- Failed Safe > revert to user intervention.
Signed images and updates.
Ensures that all update images come from a known and verified source, and have not been tampered with.
- Only devices with the correct HSM keys will be able to authenticate the source and pull these secure updates.
Key storage in secure silicon.
Reduces the risk of exposing cryptographic keys through physical access and sideband attacks.
- Cryptographic keys are created, managed and stored in a special purpose secure element with grid protection.
- Logical and physical access is restricted through multiple layers of cryptography, hardware and tamper sensors.
Supervised boot with user defined artifacts.
Reduce the risk of compromised boot chains and bricked devices.
- Zymbit S2, S3 level devices use an independent security controller to supervise the boot process.
- Boot artifacts are individually verified for integrity and authenticity against a user defined manifest.
- Security policies can be put in place to prevent failed and compromised updates.
Seamless integration with Raspberry Pi OS and Ubuntu.
Develop and deploy using popular Ubuntu and Raspberry Pi OS tools.
- Push secure updates to systems with Debian based OS.
- Support for custom kernel builds.
- Switch between Bullseye and Ubuntu 22.04 during development.
Supported on Zymbit secure compute products
Bootware services are available on a wide range of Zymbit professional components.
- Secure Compute
- Secure Edge Node
- Secure Carrier Board
- (Security Modules V1.1)
- See details for supported features.
Choice of Professional Components
Bootware supports all Zymbit professional components, with increasing levels of security, supervision and safe recovery.
| BOOTWARE 1.0 |
SECURE CARRIER BOARDS | SECURE COMPUTE | SECURE EDGE NODE |
|---|---|---|---|
 |
 |
 |
 |
BOOTWARE 1.0 – CORE SERVICES |
SECURE CARRIER BOARDS | SECURE COMPUTE | SECURE EDGE NODE |
| Bootware Resilience Level 1 – Secure hardware and cryptographic engine. 2 – Supervised filesystem and boot chain. 3 – Safe recovery to trusted state. |
1,2,3 |
1,2,3 |
1,2,3 |
| A/B updates managed in secure silicon | |||
| Encrypted filesystem | |||
| Encrypted kernel | |||
| A/B cryptographic isolation | |||
| Key storage in secure silicon | |||
| Supervised boot with multiple artifacts and policies | |||
| Automatic recovery from OS failure | |||
| Support for Ubuntu and Raspberry Pi OS, standard kernels | |||
| Support for Ubuntu and Raspberry Pi OS, custom kernels | |||
| BOOTWARE 2.0 – PREMIUM SERVICES |
SECURITY MODULES –>
SECURE CARRIER BOARDS | SECURE COMPUTE | SECURE EDGE NODE |
| Baremetal recovery | |||
| Zero trust provisioning, updates, recovery | |||
| BOOTWARE 2.0 – ADD ONS |
SECURE CARRIER BOARDS | SECURE COMPUTE | SECURE EDGE NODE |
| Local certificate authority on device | |||
| Integration with third party security and management tools | |||
| READY TO GET STARTED? |
SECURE CARRIER BOARDS | SECURE COMPUTE | SECURE EDGE NODE |
| Learn more > | Learn more > | Learn more> | |
| BUY NOW | BUY NOW | BUY NOW | |
= standard feature = available feature, dependent upon installed security module and compute module = available feature, OEM support package required |
|||
Turnkey Solutions
Modular Components. Maximum Flexibility
Zymbit professional components are easily configured, accessorized and integrated into secure turnkey solutions. By you, your integrator, or by Zymbit.
Choose the components you need.
- Base boards
- Power sources
- Compute modules
- Storage, I/O, communications and accessories
- Tamper proof enclosures
Secure Edge Nodes
Modular compute hardware that’s secure and easily customized.
- Fully enclosed, tamper responsive
- Secure compute module, Linux OS
- Hardware security supervisor
- Baseboard with extensive IO and user upgrades
- Pre-configured security and software
Secure Base Boards
Choose the components you need.
- Base boards
- Power sources
- Compute modules
- Storage, I/O, communications and accessories
- Tamper proof enclosures
Developer Kits
Choose the compute platform, OS, base board and budget that’s right for your application. Kits include everything you need to get up and running quickly.
SCB400
Full Linux edge compute development platform.
- ARM A72 x4 @1.8GHz
- Industrial grade base board
- Supports SCM4 and CM4 compute
- +12-24VDC, POE power options
- NMVE M.2 mass storage expansion
- Bootware S3 support
- Easy upgrade to Zymbit secure edge node.
SCB040
Ideal for full Linux embedded node applications
- ARM A72 x4 @1.8GHz
- SCM4 compute module
- Small base board with I/O
- 5VDC power input
- Bootware S3 support
SCB004
Lite Linux embedded endpoints
- ARM A53 x4 @1.0GHz
- RPI Zero compute
- Small base board GPIO pass through
- Integrated Zymbit HSM
- 5VDC power input
- Bootware S1.1 support
Secure Silicon
Zymbit Unified Security Controllers
Combining the essential elements of security management, supervised hardware and safe recovery.
Increasing levels of device security, integrity and resilience
- S1 – Secure silicon with cryptographic engine
- S2 – Supervised hardware, filesystem updates and bootchain management
- S3 – Safe recovery to trusted state
Pricing
Check out Bootware Core for free!
When you’re ready, purchase the Bootware services, hardware and technical support that best fit your needs.
Choose the plan that fits your needs.
Check out Bootware Core for free. When your ready purchase the Bootware services, hardware and technical support you need.
Prototyping
Free
Up to 10 devices
Bootware Core
- A/B updates
- Encrypted filesystem
- Encrypted kernel
- A/B cryptrographic isolation
- Key storage in secure silicon
- Supervised boot
- Multiple artifacts & policies
Support
- Community support
Pilot
$2400/year
Up to 200 devices
Bootware Core
- A/B updates
- Encrypted filesystem
- Encrypted kernel
- A/B cryptrographic isolation
- Key storage in secure silicon
- Supervised boot
- Multiple artifacts & policies
Bootware Premium
- Baremetal recovery
- Zero touch provisioning
- Standard integrations
- Unlocked pilot hardware
Support
- Support Level 1
Scale
$12/device/year
1K to 5K devices
Bootware Core
- A/B updates
- Encrypted filesystem
- Encrypted kernel
- A/B cryptrographic isolation
- Key storage in secure silicon
- Supervised boot
- Multiple artifacts & policies
Bootware Premium
- Baremetal recovery
- Zero touch provisioning
- Standard integrations
- Custom integrations
- Custom hardware support
Support
- Service Level 2
Enterprise
Quoted Pricing
Above 10K Devices
Bootware Core
- A/B updates
- Encrypted filesystem
- Encrypted kernel
- A/B cryptrographic isolation
- Key storage in secure silicon
- Supervised boot
- Multiple artifacts & policies
Bootware Premium
- Baremetal recovery
- Zero touch provisioning
- Standard integrations
- Custom integrations
- Custom hardware support
Support
- Service Level Agreements
Documentation
Using Bootware 1.0 >
- Getting started
- Software APIs – python, C, C++
- Tutorials
- FAQ & troubleshooting
Using Bootware 1.0 >
- Getting started
- Software APIs – python, C, C++
- Tutorials
- FAQ & troubleshooting
Getting Started >
- Bootware
- Secure Edge Nodes
- Secure Compute Modules
- Developer Kits
Ready to try Bootware 1.0?
I HAVE QUESTIONS
If you need help with your application, or want to discuss a custom solution then contact us today.
EXPLORE ALL ZYMBIT PRODUCTS
Explore and choose the best Zymbit product for your application. If you have questions or need something custom then were ready to help.
