Firmware Code Signing
Sign firmware images and OTA update packages with hardware-backed keys. On-device verification runs at boot using the embedded C SDK, enforcing a cryptographic chain from factory to field.
Sign Once. Verify Everywhere.
Firmware Image Signing
Sign full firmware binaries or update manifests using ECDSA P-256, Ed25519, or RSA-PSS. Signing keys are managed by ErlySign and optionally backed by HSM.
Secure Boot Chain
The embedded C SDK provides a boot-time signature verification routine. On failed verification, the device refuses to boot — preventing firmware tampering attacks.
OTA Update Signing
Each OTA update package is signed before delivery. The device SDK verifies the package signature before applying the update, ensuring only authorized firmware runs.
Anti-Rollback Protection
Version monotonicity enforcement via signed version counters. Devices reject firmware with a version number below the last successful update — preventing rollback attacks.
Sign in Your CI/CD Pipeline
The ErlySign Python SDK integrates directly into your build system. One API call signs your firmware binary and returns a detached signature file ready for OTA packaging.
# Install ErlySign Python SDK pip install erlysign-sdk # Sign a firmware binary in your CI pipeline from erlysign import Client client = Client(api_key="es_prod_...") result = client.code_signing.sign( key_id="prod-ota-key-v2", file="build/firmware_v1.4.2.bin", algorithm="ECDSA_P256_SHA256" ) # result.signature_file -> firmware_v1.4.2.bin.sig # Attach to OTA package manifest
Compatible with GitHub Actions, Jenkins, GitLab CI, and any CI/CD environment with Python 3.8+.
Secure every firmware release
Start signing firmware in your CI/CD pipeline. Pilot provisioning for 100 devices included.