MCUboot � Secure Bootloader for Microcontrollers
MCUboot is an open-source, hardware-independent secure bootloader for 32-bit microcontrollers. It provides the root of trust at the firmware level � ensuring that only cryptographically signed, authentic firmware images can execute on a device. MCUboot is the de facto bootloader for Zephyr RTOS and is increasingly required for CRA compliance.
Why MCUboot Matters
Without a secure bootloader, anyone with physical or remote access can flash modified firmware onto a device � bypassing all software security. MCUboot prevents this by:
- Verifying signatures before executing any firmware image
- Managing firmware slots for safe over-the-air (OTA) updates
- Rolling back to a known-good image if a new update fails
- Encrypting firmware images to prevent reverse engineering
Key Features
| Feature | Description |
|---|---|
| Image signing | Ed25519, ECDSA-P256, RSA-2048/3072 signature verification |
| Encrypted images | AES-CTR-128/256 firmware encryption at rest |
| Dual-slot update | Primary + secondary slot for fail-safe firmware swaps |
| Swap using scratch | Resumable updates � survives power loss mid-update |
| Rollback protection | Monotonic version counters prevent downgrade attacks |
| Serial recovery | MCUmgr protocol for USB/UART recovery if OTA fails |
| Measured boot | Hash chain for hardware attestation (TPM/TrustZone) |
Update Modes
| Mode | Mechanism | Power-Loss Safe | Flash Wear |
|---|---|---|---|
| Swap (scratch) | Copy primary ? scratch, secondary ? primary | ? Resumable | Higher |
| Swap (move) | In-place sector shuffling (no scratch area) | ? Resumable | Medium |
| Overwrite | Direct overwrite of primary slot | ? | Lowest |
| Direct XIP | Execute from either slot (no copy) | ? | None |
Supported Platforms
MCUboot is OS and hardware independent. It supports:
- RTOS: Zephyr, FreeRTOS, Apache NuttX, Apache Mynewt, Mbed OS, RIOT
- Vendors: Nordic (nRF52/53/91), STMicroelectronics (STM32L5, STM32U5, STM32H5), NXP (LPC, i.MX RT), Espressif (ESP32), Infineon/Cypress (PSoC 6)
- Architectures: ARM Cortex-M, RISC-V, Xtensa
CRA Compliance Connection
The EU Cyber Resilience Act mandates that connected products implement:
- ? Authenticated firmware updates � MCUboot provides this via image signing
- ? Rollback protection � MCUboot enforces monotonic version counters
- ? Vulnerability management infrastructure � MCUboot enables rapid security patch deployment via OTA
Related Terms
- Secure Boot � The broader concept of verified boot chains; MCUboot is the implementation layer for MCU-based systems.
- OTA Update � MCUboot manages the firmware slot swapping that makes secure OTA possible.
- CRA � EU legislation requiring secure boot and authenticated updates for all connected products.
MCUboot is our default bootloader for all embedded development projects � ensuring CRA-compliant secure boot and OTA from day one. See our Embedded Security & IoT capabilities.
Official References
- MCUboot � open-source secure bootloader � MCUboot project (official documentation)
- Regulation (EU) 2024/2847 (CRA) � secure boot requirements � EUR-Lex