What is Secure Boot?
Secure Boot is a security mechanism in modern hardware platforms that ensures only signed and trusted Firmware and software are loaded during a deviceβs boot process. It prevents tampered or malicious code from taking hold before the operating system or process automation system is fully started.
In OT environments, Secure Boot prevents attackers from injecting persistent Malware onto PLCs, HMIs, or industrial PCs via bootable media or Firmware modifications.
π§ How does Secure Boot work?
- Root of Trust β The processor or bootloader cryptographically verifies that the firmware is signed
- Verification β Each layer (BIOS/UEFI, firmware, bootloader, OS) is loaded only if valid
- Blocking unknown code β Unsigned or modified binaries are rejected
- Chain of trust β Only verified updates, drivers, and kernels are accepted
- Logging (optional) β Errors from failed verifications can be logged or signalled
π Relevance in OT context
| Component | Secure Boot application |
|---|---|
| PLC / RTU | Only original, validated firmware is accepted |
| HMI / Panel PC | Prevents rootkits or tampered OS images |
| Engineering Station | Protects against infected boot media or untrusted drivers |
| Historian / SCADA | Integration with TPM or UEFI boot control in Windows/Linux environments |
| IIoT devices | Verification of firmware on every restart or remote update |
Secure Boot is a core measure for Defense in Depth within OT systems.
β Secure Boot vs. Firmware Signing
| Security layer | Goal |
|---|---|
| Secure Boot | Prevents the system from booting with untrusted code |
| Firmware Signing | Ensures firmware can only be modified with a valid signature |
The two are complementary. Secure Boot controls what may be loaded; Firmware Signing controls what may be installed.
π Secure Boot and CSIR labels
| Label | Reason |
|---|---|
| VSE | Secure Boot is a system-technical measure at firmware level |
| VSP | A policy for firmware integrity can be supportive |
| Conformance | IEC 62443-3-3 SR 5.1 requires measures against unauthorised firmware |
β οΈ Limitations and points of attention
- Some older OT devices do not support Secure Boot
- Vendor firmware must indeed be cryptographically signed
- Misconfiguration can block legitimate updates
- Must be combined with an update policy and patch management
π In summary
Secure Boot prevents the booting of unauthorised or tampered Firmware and software. In OT this is essential to prevent persistent attacks on controllers, HMIs, and Embedded devices β especially in systems with physical or remote access.