Secure and Encrypted Boot in Zephyr RTOS Using Hardware Keys and TrustZone

Learn about secure booting implementation in Zephyr RTOS through this technical presentation that explores MCUboot's capabilities for asymmetric cryptographic signature verification and enhanced security features. Discover how MCUboot enables secure booting using public key verification, with the hash embedded in the binary or securely stored using hardware keys. Examine advanced security features of embedded SoCs like i.MX RT, including High Assurance Boot (HAB), Data Co-Processor (DCP), and Trusted Firmware-M (TF-M) implementation for TrustZone in devices such as nRF91. Follow along with practical demonstrations using NXP i.MX RT to understand HAB implementation for signed and encrypted MCUboot, establishing hardware root of trust, and booting Zephyr RTOS with OTP key verification. Gain insights into securing TrustZone-enabled SoCs using TF-M backend and OTP mechanisms for robust embedded system security.