Secureboot Architect

Architecture & Design

• Develop and document secure boot flows for STM32 microcontrollers (Cortex-M series), ensuring robust protection against unauthorized code execution.
• Design and implement Root of Trust (RoT) and Chain of Trust (CoT) mechanisms to establish a secure foundation for system integrity.
• Collaborate with hardware teams to define secure provisioning processes, key storage solutions, and tamper-resistance strategies.
• Define secure firmware update strategies (OTA, USB, UART, or custom methods) leveraging authenticated and encrypted images for integrity and confidentiality.

Security Implementation

• Implement and guide the development of a secure bootloader in C/C++ for STM32 platforms, enforcing cryptographic validation of firmware.
• Leverage STM32 security features such as TrustZone-M, MPU, hardware crypto accelerators, secure memory regions, PCROP, RDP, and TZEN for enhanced protection.
• Integrate cryptographic primitives including RSA/ECC for authentication, SHA-256/512 for hashing, and AES-GCM/CCM for encryption and integrity.
• Establish secure firmware signing workflows and manage certificates to maintain a trusted update process.