#firmware

Securing OTA: what you're flashing, and who signed it

“Own the update path and you own the fleet. An OTA pipeline you can't fully trust isn't a feature — it's a backdoor you built and shipped on purpose.”

Secure Boot: how a device trusts its own code

“If the check that decides 'is this code mine?' lives in rewritable flash, an attacker just rewrites the check. The root of trust has to be something no software can touch.”

OTA firmware updates without bricking the fleet

“Bricking a device in the field is a quarter you don't get back.”

OTA firmware over Bluetooth — pushing the ROM through the phone

“A brick in the field is a support call, a warranty replacement, and a one-star review. We've shipped about a million units. The math on getting OTA wrong is not subtle — so the device assumes every transfer will be interrupted and every image might be hostile, and is only surprised when it isn't.”