Skillquality 0.46

security-updates

Secure boot and firmware update workflows for Zephyr RTOS. Covers MCUboot integration, production image signing, DFU protocols (MCUmgr), fail-safe rollback mechanisms, and mbedTLS crypto basics. Trigger when implementing over-the-air (OTA) updates, securing the boot process, or m

Price

free

Protocol

skill

Verified

Endpoint

https://skills.sh/beriberikix/zephyr-agent-skills/security-updates

What it does

Zephyr Security & Updates

Build production-ready, secure embedded systems using Zephyr's modular security stack and MCUboot bootloader.

Core Workflows

1. MCUboot Integration

Set up the secure bootloader and define fail-safe flash partitions.

Reference: mcuboot_integration.md
Key Tools: CONFIG_BOOTLOADER_MCUBOOT, fixed-partitions, Devicetree.

2. Image Signing

Ensure firmware integrity with production-grade digital signatures.

Reference: image_signing.md
Key Tools: imgtool.py, ECDSA-P256, RSA.

3. DFU Protocols

Transport updates securely using MCUmgr or cloud-based OTA.

Reference: dfu_protocols.md
Key Tools: mcumgr, Golioth OTA, SMP transport.

4. Rollback Protection

Implement atomic swaps and image confirmation to prevent bricking devices.

Reference: rollback_protection.md
Key Tools: boot_write_img_confirmed(), mcumgr image test.

5. Crypto Basics

Implement secure storage and cryptographic operations using mbedTLS.

Reference: crypto_basics.md
Key Tools: CONFIG_MBEDTLS, TF-M, secure storage.

Quick Start (Kconfig for Secure Boot)

# Enable MCUboot support in application
CONFIG_BOOTLOADER_MCUBOOT=y

# Build with MCUboot using Sysbuild
west build -b nucleo_f401re --sysbuild samples/basic/blinky

Professional Patterns (Security-First)

Production Keys: Never use default MCUboot keys. Provision unique keys during manufacturing.
Heartbeat Confirmation: Only confirm a new image after the application has successfully connected to its cloud backend.
Version Integrity: Enable version monotonicity to prevent accidental or malicious firmware downgrades.

Automation Tools

mcuboot_version_guard.py: Enforce monotonic semantic version progression in update pipelines.

Examples & Templates

mcuboot_prj_fragment.conf: Starter secure-boot + image-management config fragment.

Validation Checklist

Signed image verifies at boot and unsigned/tampered image is rejected.
DFU flow completes end-to-end and boots into the new slot.
Rollback behavior triggers correctly when image confirmation is withheld.
Key handling and version policy prevent downgrade and test-key usage in production configs.

Resources

References:
- mcuboot_integration.md: Partition layouts and setup.
- image_signing.md: Key management and imgtool usage.
- dfu_protocols.md: MCUmgr commands and cloud OTA.
- rollback_protection.md: Swap mechanisms and confirmation code.
- crypto_basics.md: mbedTLS and secure storage.
Scripts:
- mcuboot_version_guard.py: Version monotonicity checker for release gates.
Assets:
- mcuboot_prj_fragment.conf: Secure-update config baseline.

Capabilities

skillsource-beriberikixskill-security-updatestopic-agent-skillstopic-agentic-codingtopic-zephyr-rtos

Install

Installnpx skills add beriberikix/zephyr-agent-skills

Sourcehttps://github.com/beriberikix/zephyr-agent-skills/tree/main/skills/security-updates

skills.shhttps://skills.sh/beriberikix/zephyr-agent-skills/security-updates

Transportskills-sh

Protocolskill

Quality

0.46/ 1.00

deterministic score 0.46 from registry signals: · indexed on github topic:agent-skills · 25 github stars · SKILL.md body (3,095 chars)

Provenance

Indexed fromgithub

Enriched2026-04-24 07:01:42Z · deterministic:skill-github:v1 · v1

First seen2026-04-18

Last seen2026-04-24

Agent access

JSONhttps://clawmart.sh/api/listings/dfDZgc