Secure Boot and Encryption in MCUs (Microcontroller Units) are critical features used to protect embedded systems from unauthorized access, tampering, and code theft. Here's a clear explanation of each:

What is Secure Boot?
Definition:
Secure Boot is a security feature that verifies the authenticity and integrity of firmware before it's executed by the MCU.

How It Works:

1. Boot ROM code (inaccessible and immutable) is executed first.
2. The bootloader checks a digital signature on the firmware (e.g., using RSA or ECDSA).
3. If the signature is valid, the firmware is loaded and executed.
4. If not, the boot halts or enters a recovery mode.

Purpose:

• Prevent unauthorized firmware from running.
• Ensure system integrity and trust from the first instruction.

Implemented With:

• Public-key cryptography (asymmetric: RSA, ECC)
• Hash algorithms (SHA-256)
• Certificates or embedded public keys

What is Encryption in MCUs?
Definition:
Encryption protects data or firmware by converting it into an unreadable format unless a secret key is known.

Use Cases in MCUs:

1. Firmware Encryption: Prevents reverse engineering of firmware code.
2. Secure Communication: Protects data in transit (e.g., TLS, AES).
3. Data Protection: Secures stored credentials, configurations, or logs.

Common Encryption Methods:

• AES (Advanced Encryption Standard) – Symmetric encryption (fast and lightweight)
• ECC (Elliptic Curve Cryptography) – For key exchange and signatures
• TLS/SSL – For encrypted internet connections

Summary Table

In Practice (Examples):

• STM32 MCUs: Support Secure Boot via STM32Trust framework and firmware encryption using AES.
• ESP32: Has Secure Boot with RSA signature verification and flash encryption.
• NXP Kinetis/RT: Support HAB (High Assurance Boot) and AES-128/256 encryption.