Riscure Secure Boot Review is tailored to the needs of embedded device manufacturers who would like to evaluate the strength of their Chain of Trust (CoT) based on the secure boot. Based on our strong expertise in both software and hardware security, Riscure continuously innovates to take in account the constantly evolving security landscape, as well as the customer needs. This service can be delivered in one of several packages so that you can tailor the evaluation depth and budget to your needs. Please select the options in the form below and feel free to get in touch with us, should you have any questions.
What do you get?
Secure Boot Review uses a design review and code review to support you with two main goals:
Depending on the options you have selected you can use the workshop to discuss security issues found and possible mitigations or use our reports with findings and recommendations to evaluate the security risk and disseminate the knowledge among your development team.
Beyond improving the security of your current product, Riscure can also advise on further technical improvements. The provided input helps to raise security awareness among the developers and support security stakeholders on decision-making and risk-managing processes.
Riscure differentiates itself from other labs with its extensive knowledge on embedded and chipset security and by performing thorough and innovative security evaluations in an efficient manner. We have evaluated over 400 products with secure boot feature. Based on the effectiveness of our service, customers frequently come back to us to build a long term relationship. We are fully capable of exceeding the customers expectations due to our extensive expertise in hardware and software security, advanced hardware and software analysis and penetration testing skills and state-of-the-art security test tools.
The Secure Boot Review starts with a workshop lasting two days during which we gather information about the product, we define the threat model and analyze attack mitigation mechanisms. The workshop helps us scope the target source code for the second part of the review.
This is followed by the code review of the boot loader(s) in a risk-based style focusing on the most common vulnerabilities and easiest attack paths first. We typically analyze the software for memory corruptions, sensitive information leakage, synchronization and state issues, logical errors in security critical components, etc. The attacks on the secure boot can include logical, fault injection and side channel attacks, depending on the customer needs and option selection. As logical attacks are usually more scalable, they will get higher attention unless you give them a lower priority during the workshop.