Bootware® builds core resilience into every device

Bootware delivers core device security, ironclad updates, and self recovery—in a simple unified software solution.

Harden Linux edge devices, unlock innovation

Zymbit Bootware unified security and resilience tool for IoT edge.

Less complexity, more resilience

Bootware manages the complexity of binding together operating system, boot chain and bare metal—into a robust and maintainable compute platform.

Bootware binds software and hardware together into a robust, cryptographically linked compute platform—from secure boot to kernel to application and containerized work loads.

https://www.zymbit.com/wp-content/uploads/2025/02/zymbit-bootware-linux-core-binding-2025.02.19_1200x.jpg

Core device security

Bootware binds and anchors the chain of trust to bare metal security and supervisory functions within a device. 

When used with Zymbit hardware, Bootware supports a layered trust model, with autonomous validation of physical device integrity, tamper sensors for environmental and power attacks.   

 

https://www.zymbit.com/wp-content/uploads/2025/02/zymbit-bootware-architecure-overview-3-scaled.jpg

Robust boot schema

Bootware manages the device from the moment it is powered on. 

Starting very early in the boot process ensures that the system has successfully booted into user mode. Bootware is able to manage and recover the system without relying on a functional bootable Linux image.

Bootware supports Ubuntu and Raspberry Pi OS as standard. Contact Zymbit for support of other Linux distributions. 

zymbit secure compute module with verified boot

Ironclad updates

Zymbit A/B update schema is built upon Zymbit’s hardened boot chain, which ensures consistent integrity and reliability.  Other A/B update schema rely on user mode functionality which can be compromised.  

A/B image management works seamless with encrypted file systems, signed images and updates.  

Fallback and recovery options.

 

zymbit secure compute module with verified boot

Bootware services

A/B updates with cryptographic isolation

Robust update schema backed by secure silicon.

  • Keep devices current with frequent operational and security updates.
  • A/B filesystems are cryptographically isolated, including boot artifacts.
  • Updates are supervised by an independent security controller. 
  • Roll back to a stable filesystem in case of failed or compromised updates.

Encrypted filesystem and kernel

Protects your data, IP and credentials from unauthorized access. 

  • Data and kernel are encrypted with keys managed in the HSM.
  • Keys are scrubbed upon device penetration to prevent access to data.
  • Works seamlessly with A/B updates.

Automatic recovery from failed updates

Minimize operational downtime when A/B updates inevitably fail.

Loss of network access, loss of power and incorrect signatures, are a few common failure modes. When updates fail it is essential that a device has the possibility to recover to some trusted operational state, and preferably without human intervention, remote or local.  

Bootware supports three levels of trusted recovery. 

  • Failed update of Image-A > revert to Image-B.
  • Failed Image-B > revert to Safe Recovery mode.
  • Failed Safe > revert to user intervention.

 

Signed images and updates

Ensures that all update images come from a known and verified source, and have not been tampered with. 

  • Only devices with the correct HSM keys will be able to authenticate the source and pull these secure updates.

Key storage in secure silicon

Reduces the risk of exposing cryptographic keys through physical access and sideband attacks. 

  • Cryptographic keys are created, managed and stored in a special purpose secure element with grid protection. 
  • Logical and physical access is restricted through multiple layers of cryptography, hardware and tamper sensors. 

Supervised boot with user defined artifacts

Reduce the risk of compromised boot chains and bricked devices.

  • Zymbit S2, S3 level devices use an independent security controller to supervise the boot process. 
  • Boot artifacts are individually verified for integrity and authenticity against a user defined manifest. 
  • Security policies can be put in place to prevent failed and compromised updates.

Seamless integration with Raspberry Pi OS and Ubuntu

Develop and deploy using popular Ubuntu and Raspberry Pi OS tools.

  • Push secure updates to systems with Debian based OS.
  • Support for custom kernel builds.
  • Switch between Bullseye and Ubuntu 22.04 during development.

Supported on Zymbit secure compute products

Bootware services are available on a wide range of Zymbit professional components.

Easy to integrate, at any scale

https://www.zymbit.com/wp-content/uploads/2024/09/zymbit-bootware-graphic-chip-only-2024.09.17-c-160x160.png

Security Modules

zymbit security module - HSM4

Edge Compute Nodes

zymbit secure compute module with verified boot

Reference Designs & Dev Kits

zymbit developer kit

Choice of professional components

Bootware supports all Zymbit professional components, with increasing levels of security, supervision and safe recovery.
 BOOTWARE 1
BASE BOARDS SECURITY MODULES SECURE COMPUTE MODULES SECURE EDGE NODES
 BOOTWARE 1 - CORE SERVICES
BASE BOARDS SECURITY MODULES SECURE COMPUTE MODULES SECURE EDGE NODES
  Platform Resilience Level
1 =Secure silicon & cryptographic engine.
2+Safe recovery to trusted state.
3+Supervised filesystem and boot chain.
4+Baremetal recovery.

1,2,3,4

1,2

1,2,3,4

1,2,3,4
A/B updates
Security Contex Management Host CPU Zymbit HXM Zymbit HXM
Encrypted filesystem
Encrypted kernel
 A/B cryptographic isolation
Key storage in secure silicon
Supervised boot with multiple artifacts and policies
Automatic recovery from OS failure
Support for Ubuntu and Raspberry Pi OS, standard kernels
Support for Ubuntu and Raspberry Pi OS, custom kernels
         
 BOOTWARE 2.0 - PREMIUM SERVICES
BASE BOARDS SECURITY MODULES SECURE COMPUTE MODULES SECURE EDGE NODES
Baremetal recovery
Zero trust provisioning, updates, recovery
Managed power system integration
         
BOOTWARE 2.0 - ADD ONS
BASE BOARDS SECURITY MODULES SECURE COMPUTE MODULES SECURE EDGE NODES
Local certificate authority on device
Integration with third party security and management tools
         
 READY TO GET STARTED?
BASE BOARDS SECURITY MODULES SECURE COMPUTE MODULES SECURE EDGE NODES
Learn more > Learn more > Learn more > Learn more>
BUY NOW BUY NOW BUY NOW BUY NOW

= available feature, dependent upon installed security module and compute module
= standard feature
= available feature, OEM support package required

Pricing

Check out Bootware Core for free!

When you're ready, purchase the Bootware services, hardware and technical support that best fit your needs.

Choose the plan that fits your needs.

Check out Bootware Core for free. When your ready purchase the Bootware services, hardware and technical support you need.

Prototyping

Free

Up to 10 devices

Bootware Core

  • A/B updates
  • Encrypted filesystem
  • Encrypted kernel
  • A/B cryptrographic isolation
  • Key storage in secure silicon
  • Supervised boot
  • Multiple artifacts & policies

Support

  • Community support

Pilot

$2400/year

Up to 200 devices

Bootware Core

  • A/B updates
  • Encrypted filesystem
  • Encrypted kernel
  • A/B cryptrographic isolation
  • Key storage in secure silicon
  • Supervised boot
  • Multiple artifacts & policies

 

Bootware Premium

  • Baremetal recovery
  • Zero touch provisioning
  • Standard integrations
  • Unlocked pilot hardware 

Support

  • Support Level 1

Scale

$12/device/year

1K to 5K devices

Bootware Core

  • A/B updates
  • Encrypted filesystem
  • Encrypted kernel
  • A/B cryptrographic isolation
  • Key storage in secure silicon
  • Supervised boot
  • Multiple artifacts & policies

 

Bootware Premium

  • Baremetal recovery
  • Zero touch provisioning
  • Standard integrations
  • Custom integrations
  • Custom hardware support

Support

  • Service Level 2

Enterprise

Quoted Pricing

Above 10K Devices

Bootware Core

  • A/B updates
  • Encrypted filesystem
  • Encrypted kernel
  • A/B cryptrographic isolation
  • Key storage in secure silicon
  • Supervised boot
  • Multiple artifacts & policies

 

Bootware Premium

  • Baremetal recovery
  • Zero touch provisioning
  • Standard integrations
  • Custom integrations
  • Custom hardware support

Support

  • Service Level Agreements

Documentation

Get Started with Bootware >
  • Bootware
  • Secure Edge Nodes
  • Secure Compute Modules
  • Developer Kits 

Ready to try Bootware?

I HAVE QUESTIONS
If you need help with your application, or want to discuss a custom solution then contact us today.
EXPLORE ALL ZYMBIT PRODUCTS
Explore and choose the best Zymbit product for your application. If you have questions or need something custom then were ready to help.
https://www.zymbit.com/wp-content/uploads/2017/11/Zymbit-Logo-noBG-small.png

120 Cremona Drive, Goleta, 

California, 93117, USA

+1 (805) 481 4570

GET UPDATES

Subscribe to email updates.