Use Cases
Solutions
Company
Careers

Security Features

Protection mechanisms for secure embedded systems

In safety-critical applications, protecting hard- and software as well as firmware, and communication paths is essential. Security functions safeguard embedded systems against tampering, data theft, and unauthorized access. iesy integrates security features that ensure protection at all levels – from the boot phase to ongoing operation.

Our standards at a glance

  • Chain of Trust, Secure Boot – protection against unsigned code at system startup
  • TPM modules – trust anchors for data and platform integrity
  • Hardware encryption – real-time protection for sensitive data
  • Firmware integrity protection – secure against manipulation
  • Physical tamper protection – safeguards through design and sensors

iesy Expertise

  • Our manufacturing processes are supported by the use of a full chain of trust and a public key infrastructure.
  • iesy implements Trusted Boot, Secure Boot, and integrity checks to reliably detect and prevent tampering.
  • We secure software and update processes with cryptographic methods such as update signing, rollback protection, and dm-verity.
  • We use read-only RootFS and OverlayFS to ensure system integrity is permanently maintained during operation.

Additional context – concise and to the point.

INFO
BOX

Physical Tamper Protection

Mechanical security measures such as housing sensors, seals, and intrusion detection systems prevent unauthorized access. Intrusion detection detects tampering attempts, logs events, or initiates automatic shutdowns. These measures are critical for protecting hardware against sabotage – particularly in safety-critical applications.
Source: NPSA, “Intrusion Detection Systems – Guidance for Security Managers” (section on tamper detection for enclosures), accessed on September 29, 2025

Secure Boot and Firmware Integrity

Secure Boot is a feature implemented in firmware (UEFI) and does not require separate software installation. Configuration is usually performed by the firmware vendor or system integrator during system customization. In projects with high security requirements, iesy ensures correct implementation of Secure Boot mechanisms and signature chains. This guarantees that only trusted, digitally signed firmware and operating system components are loaded during startup.
Source: UEFI Forum, “UEFI Specification – Secure Boot and Driver Signing” (chapter on firmware authentication) , accessed on September 29, 2025

Hardware-Based Trust Anchors (TPM)

Trusted Platform Modules (TPM) provide a hardware-based foundation for establishing trust in a system. They securely store cryptographic keys and enable functions such as device authentication and data encryption – indispensable for protecting sensitive information.
Source: UEFI Forum, “UEFI Specification – TPM interface and boot event measurement (via TCG EFI protocols)”, accessed on September 29, 2025

Full Chain of Trust & Public Key

The Full Chain of Trust verifies each system component before startup, blocking manipulated software. The Public Key Infrastructure (PKI) uses key pairs to encrypt data, validate signatures, and secure software updates. Together, they provide the foundation for tamper-proof embedded systems and build trust in data and communication.
Source: Trusted Computing Group (TCG), “Chain of Trust” and “Public Key Infrastructure”, accessed on 30.09.2025

iesy & friends Newsletter

Sign up now and stay up to date
I agree that my personal data may be used to receive promotional emails and understand that I can withdraw my consent at any time.

iesy GmbH
Darmcher Grund 22
58540 Meinerzhagen

Phone: +49 (2354) 70655 - 0
Fax: +49 (2354) 70655 - 25
Email: info(at)iesy.com

https://www.iesy.com/en/privacy-policy