Implement a Bootloader with Secure OTA for a Medical Wearable
Overview
What this challenge is about.
Implement using MCUboot as the secondary-image bootloader. Set up an offline signing pipeline (Ed25519 keys, HSM-backed for production). Implement the OTA client: BLE file transfer, integrity check, MCUboot trigger, rollback on failed boot. Provide a 2-stage rollout (slot-A active, slot-B staged, swap on next boot). Cover: anti-rollback (monotonic version counter), encrypted firmware images, glitch-attack resistance basics. Deliver bootloader + OTA client source, signing pipeline scripts, and a 10-page security analysis for the 510(k) submission.
The Brief
What you'll do, and what you'll demonstrate.
Implement an MCUboot-based bootloader with signed, encrypted, rollback-resistant OTA over BLE suitable for an FDA Class II medical wearable.
Earning criteria — what you'll demonstrate
- Implement a production-grade secure bootloader with MCUboot
- Design a signed-firmware pipeline with HSM integration path
- Add anti-rollback, encryption, and integrity guarantees end-to-end
- Document security claims in a form a regulatory body will accept
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.