TPM vs Secure Element vs PUF - which should we use?

TPMs are well-supported in PC-class hardware. Secure elements (e.g., NXP A71CH, Microchip ATECC) suit microcontroller-based devices. PUFs offer key generation without storage but are less mature operationally. Choose based on the BOM and expected adversary capability.

Does Secure Boot break field debugging?

It complicates it. Plan for signed debug builds and a secure key-attestation process so service techs can authenticate without breaking the chain of trust.

All terms

CybersecurityConnected & Cyber-Physical Devices Software Lifecycle

Secure Boot

A chain-of-trust mechanism that ensures only cryptographically signed firmware and software can run on a device.

Reviewed by Christian Espinosa, Founder, Blue Goat CyberLast reviewed May 5, 2026

Definition

Secure Boot is a chain-of-trust mechanism - typically rooted in a hardware security element (TPM, PUF, or vendor-specific root key) - that cryptographically verifies each stage of the boot process before executing it. The boot ROM verifies the bootloader, the bootloader verifies the kernel/firmware image, and the firmware verifies application binaries. Any signature failure halts boot or triggers recovery, preventing persistence of malware that survives reboot.

What the regulation says

FDA's 2023 guidance lists boot integrity as an expected security control for connected medical devices, particularly those with persistent storage and network connectivity. NIST SP 800-193 (Platform Firmware Resiliency) defines the protect/detect/recover capabilities for firmware integrity and is the most-cited reference. UEFI Secure Boot is the closest commodity analogue used in PC-based medical workstations.

What this means in practice

Secure Boot dramatically raises the cost of persistent compromise. Without it, an attacker who modifies firmware (via supply-chain, physical access, or remote exploit) gains a foothold that survives every reboot, OS reinstall, and OTA update. Medical devices that handle patient data or actuate therapy generally need secure boot as a baseline.

Common pitfalls

•Storing the root key in firmware-readable memory rather than a hardware secure element.
•Disabling secure boot in 'developer mode' on production devices.
•Failing to plan key rotation - a compromised root key affects every device built with it.

Frequently asked questions

Not by name, but the 2023 guidance expects boot/firmware integrity controls. Secure Boot is the standard implementation for most modern hardware.

Primary references

3 sources

Link health: 1 verified 2 bot-blocked· last checked 2026-05-09

NIST·1FDA·2

Inline markers like [1] jump to the matching reference above.

On this term

Category: Cybersecurity
Sources: 3
Updated: 5/5/2026

Compare with another term

Learn in 60 seconds

A chain-of-trust mechanism that ensures only cryptographically signed firmware and software can run on a device.

·Secure Boot dramatically raises the cost of persistent compromise.
·Without it, an attacker who modifies firmware (via supply-chain, physical access, or remote exploit) gains a foothold that survives every reboot, OS reinstall, and OTA update.
·Medical devices that handle patient data or actuate therapy generally need secure boot as a baseline.

Remember this

Watch out: Storing the root key in firmware-readable memory rather than a hardware secure element.

Related terms

You may also need

Auto-suggested from Cybersecurity and shared keywords.

All Cybersecurity terms

From the Blue Goat network

Related resources and services on this topic.