Device Security
Secure Bootstraps for Connected Products
Keys, attestation flows, and update policies explained without mystique.
Format: Blended · Level: Advanced · Duration: 5 weeks
Tuition (informational): 1,320,000 KRW
Lead mentor
Worked on wearable provisioning; prefers plain-language risk registers.
Overview
Security copy often scares teams into paralysis. Here you implement a minimal secure boot path, rotate signing keys with a checklist, and wire attestation evidence into a mock provisioning service. We highlight where external reviewers will ask questions so you can prepare evidence calmly.
What is included
- Key ceremony walkthrough with paper trail template
- Signed image pipeline on reference hardware
- Attestation token validation lab
- Rollback counters and fuse policy discussion
- Threat-modeling session for supply chain tamper
- Update policy draft with staged rollout
- Office hours on Korean personal data handling references
Outcomes
- Produce a signed firmware artifact with checksum manifest
- Draft an attestation evidence packet for reviewers
- List three explicit non-goals for your security posture
Participant notes
-
Key ceremony template alone justified Secure Bootstraps. Still wish we had one more week on HSM vendor quirks—that is the honest trade-off.
Jiwoo · Seoul · 4/5
-
Attestation lab mirrors how we now package evidence before external reviewers visit. Plain-language risk register is a quiet win.
Nadia El-Sayed · HelioSense Labs · survey