Besides servers, PCs and laptops, the modern embedded devices are also connected to the Internet. This extends the former Internet with the Internet of Things, or IoT for short. However the majority of these devices has terrible cyber security, that results in successful cyber attacks against them, which restricts the adoption of IoT devices in areas, where cyber security is an important aspect.
In this paper, I propose a set of fundamental security mechanisms, which together form the basis of a secured firmware architecture for IoT devices. I provide solutions for securing the boot and firmware update processes and apply various firmware/operating system hardening techniques. The secure boot process ensures that after a reset, the device boots into a known and secure state, and the secure firmware update process is necessary to patch the security vulnerabilities identified during operation. The firmware/operating system hardening techniques improve the security of the system and reduce its attack surface even more.