Glossary · Security Controls

Secure Boot

Boot-time integrity check that an ECU only runs authenticated firmware.

Secure boot establishes a chain of trust from immutable hardware (ROM or fuses) through the bootloader to application firmware. Each stage cryptographically verifies the next before execution, so a tampered image is detected and rejected. It is the foundation that every other ECU control (secure flashing, secure diagnostics, SecOC) depends on.

Related terms

Secure Flashing
Authenticated and integrity-checked update of ECU firmware.
Hardware Security Module (HSM)
Tamper-resistant in-ECU module that stores keys and runs cryptographic operations.
EVITA
European-funded research framework that defined the EVITA full / medium / light HSM profiles.

Secure boot and the chain of trust

Need help applying Secure Boot on a programme? Use the contact form or request a KAVACH demo.

Secure Boot

Secure Flashing

Hardware Security Module (HSM)

EVITA