Bootware®
The one tool that simplifies security, updates and recovery for fleets of unattended devices
The one tool that streamlines your bare-metal-to-OS updates for enhanced device security and long-term reliability.
- A/B updates managed in secure silicon.
- Encrypted filesystem and user kernel.
- Signed images and updates.
- Fallback and recovery options.
- Seamless integration with Raspberry Pi OS and Ubuntu.
- Easy upgrade path from standard RPi products.
- Available on most Zymbit products.
Bootware simplifies compliance and availability
Unified security management tools and trusted hardware that scale - from prototype to pilot to long term deployments.
Bootware completes the missing layer
Unified security stack
Bootware delivers a unified and autonomous trust plane across popular ARM compute hardware, firmware, boot chain and OS.
+ Identity management
+ Device security
+ Network access
+ Credential management
+ Updates
+ Recovery
Robust metal to OS boot chain
Isolate and manage untrusted devices with enterprise integrations
Bootware introduces a secure unified layer that connects diverse untrusted edge devices and IoT endpoints to trusted enterprise network, security and data services.
Bootware services
A/B updates with cryptographic isolation.
Robust update schema backed by secure silicon.
- Keep devices current with frequent operational and security updates.
- A/B filesystems are cryptographically isolated, including boot artifacts.
- Updates are supervised by an independent security controller.
- Roll back to a stable filesystem in case of failed or compromised updates.
Encrypted filesystem and kernel.
Protects your data, IP and credentials from unauthorized access.
- Data and kernel are encrypted with keys managed in the HSM.
- Keys are scrubbed upon device penetration to prevent access to data.
- Works seamlessly with A/B updates.
Automatic recovery from failed updates.
MInimze operational downtime when A/B updates occasionally but inevitably fail.
Loss of network access, loss of power and incorrect signatures, are a few common failure modes. When updates fail it is essential that a device has the possibility to recover to some trusted operational state, and preferably without human intervention, remote or local.
Bootware supports three levels of trusted recovery.
- Failed update of Image-A > revert to Image-B.
- Failed Image-B > revert to Safe Recovery mode.
- Failed Safe > revert to user intervention.
Signed images and updates.
Ensures that all update images come from a known and verified source, and have not been tampered with.
- Only devices with the correct HSM keys will be able to authenticate the source and pull these secure updates.
Key storage in secure silicon.
Reduces the risk of exposing cryptographic keys through physical access and sideband attacks.
- Cryptographic keys are created, managed and stored in a special purpose secure element with grid protection.
- Logical and physical access is restricted through multiple layers of cryptography, hardware and tamper sensors.
Supervised boot with user defined artifacts.
Reduce the risk of compromised boot chains and bricked devices.
- Zymbit S2, S3 level devices use an independent security controller to supervise the boot process.
- Boot artifacts are individually verified for integrity and authenticity against a user defined manifest.
- Security policies can be put in place to prevent failed and compromised updates.
Seamless integration with Raspberry Pi OS and Ubuntu.
Develop and deploy using popular Ubuntu and Raspberry Pi OS tools.
- Push secure updates to systems with Debian based OS.
- Support for custom kernel builds.
- Switch between Bullseye and Ubuntu 22.04 during development.
Supported on Zymbit secure compute products
Bootware services are available on a wide range of Zymbit professional components.
- Secure Compute
- Secure Edge Node
- Secure Carrier Board
- (Security Modules V1.1)
- See details for supported features.
Choice of professional components
Bootware supports all Zymbit professional components, with increasing levels of security, supervision and safe recovery.
| BOOTWARE 1 |
BASE BOARDS | SECURITY MODULES | SECURE COMPUTE MODULES | SECURE EDGE NODES |
|---|---|---|---|---|
 |
 |
 |
 |
 |
BOOTWARE 1 - CORE SERVICES |
BASE BOARDS | SECURITY MODULES | SECURE COMPUTE MODULES | SECURE EDGE NODES |
| Platform Resilience Level 1 =Secure silicon & cryptographic engine. 2+Safe recovery to trusted state. 3+Supervised filesystem and boot chain. 4+Baremetal recovery. |
||||
| A/B updates | ||||
| Security Contex Management | Host CPU | Zymbit HXM | Zymbit HXM | |
| Encrypted filesystem | ||||
| Encrypted kernel | ||||
| A/B cryptographic isolation | ||||
| Key storage in secure silicon | ||||
| Supervised boot with multiple artifacts and policies | ||||
| Automatic recovery from OS failure | ||||
| Support for Ubuntu and Raspberry Pi OS, standard kernels | ||||
| Support for Ubuntu and Raspberry Pi OS, custom kernels | ||||
| BOOTWARE 2.0 - PREMIUM SERVICES |
BASE BOARDS | SECURITY MODULES | SECURE COMPUTE MODULES | SECURE EDGE NODES |
| Baremetal recovery | ||||
| Zero trust provisioning, updates, recovery | ||||
| Managed power system integration | ||||
| BOOTWARE 2.0 - ADD ONS |
BASE BOARDS | SECURITY MODULES | SECURE COMPUTE MODULES | SECURE EDGE NODES |
| Local certificate authority on device | ||||
| Integration with third party security and management tools | ||||
| READY TO GET STARTED? |
BASE BOARDS | SECURITY MODULES | SECURE COMPUTE MODULES | SECURE EDGE NODES |
| Learn more > | Learn more > | Learn more > | Learn more> | |
| BUY NOW | BUY NOW | BUY NOW | BUY NOW | |
= available feature, dependent upon installed security module and compute module = standard feature = available feature, OEM support package required |
||||
Turnkey Solutions
Modular Components. Maximum Flexibility.
Zymbit professional components are easily configured, accessorized and integrated into secure turnkey solutions. By you, your integrator, or by Zymbit.
Choose the components you need.
- Base boards
- Power sources
- Compute modules
- Storage, I/O, communications and accessories
- Tamper proof enclosures
Secure Edge Nodes
Modular compute hardware that’s secure and easily customized.
- Fully enclosed, tamper responsive
- Secure compute module, Linux OS
- Hardware security supervisor
- Baseboard with extensive IO and user upgrades
- Pre-configured security and software
Base Boards
Choose the components you need.
- Base boards
- Power sources
- Compute modules
- Storage, I/O, communications and accessories
- Tamper proof enclosures
Developer Kits
Choose the compute platform, OS, base board and budget that's right for your application. Kits include everything you need to get up and running quickly.
SEN400 ProtoKit
Full Linux edge compute development platform.
- ARM A72 x4 @1.8GHz
- Industrial grade base board
- Supports SCM4 and CM4 compute
- +12-24VDC, POE power options
- NMVE M.2 mass storage expansion
- Bootware S3 support
- Easy upgrade to Zymbit secure edge node.
SCB040
Ideal for full Linux embedded node applications
- ARM A72 x4 @1.8GHz
- SCM4 compute module
- Small base board with I/O
- 5VDC power input
- Bootware S3 support
SCB004
Lite Linux embedded endpoints
- ARM A53 x4 @1.0GHz
- RPI Zero compute
- Small base board GPIO pass through
- Integrated Zymbit HSM
- 5VDC power input
- Bootware S1.1 support
Unified Platform Supervisor
Supervises security, resilience, availability and recovery of different target platform types.
Zymbit PSX Platform Supervisor
Unified technology that delivers platform security, resilience, availability and recovery.
Pricing
Check out Bootware Core for free!
When you're ready, purchase the Bootware services, hardware and technical support that best fit your needs.
Choose the plan that fits your needs.
Check out Bootware Core for free. When your ready purchase the Bootware services, hardware and technical support you need.
Prototyping
Free
Up to 10 devices
Bootware Core
- A/B updates
- Encrypted filesystem
- Encrypted kernel
- A/B cryptrographic isolation
- Key storage in secure silicon
- Supervised boot
- Multiple artifacts & policies
Support
- Community support
Pilot
$2400/year
Up to 200 devices
Bootware Core
- A/B updates
- Encrypted filesystem
- Encrypted kernel
- A/B cryptrographic isolation
- Key storage in secure silicon
- Supervised boot
- Multiple artifacts & policies
Bootware Premium
- Baremetal recovery
- Zero touch provisioning
- Standard integrations
- Unlocked pilot hardware
Support
- Support Level 1
Scale
$12/device/year
1K to 5K devices
Bootware Core
- A/B updates
- Encrypted filesystem
- Encrypted kernel
- A/B cryptrographic isolation
- Key storage in secure silicon
- Supervised boot
- Multiple artifacts & policies
Bootware Premium
- Baremetal recovery
- Zero touch provisioning
- Standard integrations
- Custom integrations
- Custom hardware support
Support
- Service Level 2
Enterprise
Quoted Pricing
Above 10K Devices
Bootware Core
- A/B updates
- Encrypted filesystem
- Encrypted kernel
- A/B cryptrographic isolation
- Key storage in secure silicon
- Supervised boot
- Multiple artifacts & policies
Bootware Premium
- Baremetal recovery
- Zero touch provisioning
- Standard integrations
- Custom integrations
- Custom hardware support
Support
- Service Level Agreements
Documentation
Using Bootware >
- Getting started
- Software APIs – python, C, C++
- Tutorials
- FAQ & troubleshooting
Getting Started >
- Bootware
- Secure Edge Nodes
- Secure Compute Modules
- Developer Kits
Ready to try Bootware?
I HAVE QUESTIONS
If you need help with your application, or want to discuss a custom solution then contact us today.
EXPLORE ALL ZYMBIT PRODUCTS
Explore and choose the best Zymbit product for your application. If you have questions or need something custom then were ready to help.
