Securing an embedded device starts with a secure boot—that is, booting into a trusted operating system. On an embedded Linux system, this means:

  • The CPU is booting a trusted bootloader,

  • the bootloader is loading a trusted Linux kernel, and

  • the Linux kernel is booting a trusted user space.