Implementing UEFI-based Secure Boot and OTA Updates for Embedded ARM Devices

Explore the implementation of UEFI-based Secure Boot and Over-the-Air (OTA) updates for embedded ARM devices in this informative conference talk. Dive into the challenges and solutions encountered while applying the concept to a real 64-bit ARM device. Learn about adopting pre-integrated OTA update methods combined with Secure Boot, as upstreamed to the Civil Infrastructure Platform project. Discover key topics such as UEFI-based Secure Boot via U-Boot, U-Boot hardening techniques, building unified kernel images with device tree override options, and creating read-only rootfs with persistent overlays and integrity protection. While the pre-integration is demonstrated using the Debian-based embedded system builder Isar, gain insights into generic concepts and solutions that can be easily transferred to other (meta-)distributions.