EmbeddedOS / eBoot

eBoot — Secure Bootloader

Production-grade bootloader supporting 24 board ports across 10 architectures with staged boot, A/B slots, secure boot chain, and Ed25519 verification.

Staged Boot 24 Board Ports Secure Boot Chain A/B Slots 10 Architectures
View on GitHub Download Book (PDF)

Key Features

Secure, reliable boot for every embedded platform

Staged Boot (Stage-0 + Stage-1)

Two-stage boot architecture: minimal stage-0 ROM initializes hardware, stage-1 handles full boot logic with peripheral and memory setup.

24 Board Ports

Ready-to-use board support packages for STM32, nRF, ESP32, Raspberry Pi, BeagleBone, RISC-V SiFive, and many more.

A/B Slots with Rollback

Dual firmware slots enable seamless updates with automatic rollback on boot failure, ensuring devices never brick.

Secure Boot Chain (Ed25519)

Cryptographic signature verification at every boot stage using Ed25519 with hardware root-of-trust integration.

Stream-Based Firmware Update

Memory-efficient streaming update engine that can apply firmware images larger than available RAM using chunked transfers.

SMP/AMP/Lockstep Multicore Boot

Boot multiple cores in symmetric, asymmetric, or lockstep configurations with per-core initialization sequences.

UEFI-Style Device Table

Standardized device description table passed from bootloader to OS, enabling hardware-agnostic kernel initialization.

Recovery Mode

Built-in recovery shell with UART/USB console, memory dump, flash erase, and emergency firmware loading capabilities.

Quick Start

Build and flash eBoot to your target board

# Clone the repository
git clone https://github.com/embeddedos-org/eBoot.git
cd eBoot

# Configure for your board
cmake -B build -DEBOOT_BOARD=stm32f4
cmake --build build

# Flash stage-0 + stage-1
cmake --build build --target flash

API Highlights

Core bootloader modules

Module Description Header
eboot/stage0 Minimal ROM boot — clock, memory, and stack init eboot/stage0.h
eboot/stage1 Full boot — peripheral init, image loading, handoff eboot/stage1.h
eboot/secure Secure boot — Ed25519 verification, chain of trust eboot/secure.h
eboot/slot A/B slot management — selection, rollback, metadata eboot/slot.h
eboot/update Streaming firmware update — chunked transfer, verify eboot/update.h
eboot/devtable Device table — UEFI-style hardware description eboot/devtable.h
eboot/multicore Multicore boot — SMP/AMP/Lockstep init eboot/multicore.h
eboot/recovery Recovery mode — console, flash tools, diagnostics eboot/recovery.h