Secure boot on an embedded device refers to a chain of trust where everything is secure from the bootloader to the final user space. It assures the end user that the software running on a device comes from a trusted source rather than from an attacker or corruption.

The secure device configuration states are:

  • Open: This is the default state. An open device does not have secure boot enabled and will boot any image, regardless of whether they are signed or the signature is valid. Open devices use a default test key for encryption and decryption.

  • Closed: In the closed state, secure boot features are enabled and only properly signed images will boot the device.

TrustFence features are only fully supported on closed devices.