CommScope, TI boost secure boot for industrial devices

CommScope has introduced a hardware-backed bootloader signing service for Texas Instruments' Arm-based AM6x processors, in a move that targets stricter cybersecurity rules and growing demand for secure boot in industrial and embedded systems.

The solution is built on CommScope's PRiSM (Permission Rights Signing Manager) platform. It connects with TI's image build process for the AM6x family. It also uses a FIPS-certified Hardware Security Module for protection of cryptographic keys and centralised key lifecycle management.

CommScope positions the service as "out-of-the-box" for equipment makers that use TI's AM6x processors. The company targets manufacturers that do not want to design and operate their own key management and signing infrastructure as regulatory pressure on device security increases.

Secure boot relies on cryptographic signatures on firmware images. The device checks the signature before it runs any code. If attackers gain access to the private signing key, they can push malicious firmware that still passes the integrity check, which undermines security features inside the processor.

CommScope states that its PRiSM-based offering keeps signing keys inside HSMs and under strict process control. The service records every use of those keys, which supports audit requirements in industry frameworks and new regulations such as the EU Cyber Resilience Act.

TI partnership

Texas Instruments has promoted secure boot across its Sitara processor portfolio as industrial and edge devices face more frequent and sophisticated attacks.

"Secure boot is a cornerstone of system integrity and robust protection against software tampering," said Sonia Ghelani, Product Line Manager, Sitara Processors, Texas Instruments. "With CommScope's production-grade infrastructure and HSM-protected signing keys, we're enabling customers to fully leverage TI's security capabilities, which help simplify secure boot adoption and defend against today's sophisticated cyberattacks."

The CommScope service links directly into TI's software development kit and image build flow for the AM6x line. Developers can call a cloud-accessible API during their build and release pipelines. The signing step then takes place in a controlled environment backed by HSMs, rather than on local developer machines or general-purpose servers.

This approach reflects a wider industry shift away from ad hoc handling of firmware signing keys. Many device makers still store keys in software or on shared servers, which creates risks of leakage, insider threats and undetected misuse.

Regulatory pressure

Bootloader security and auditable signing processes are coming under closer scrutiny as connected devices fall within new horizontal and sector-specific rules. The European Union's Cyber Resilience Act requires hardware and software products with digital elements to meet baseline security requirements and support security throughout the product lifecycle.

CommScope is targeting manufacturers that must demonstrate how they manage cryptographic material that underpins secure boot. The company says the PRiSM service offers a standardised and monitored process for key creation, storage and use, and captures a detailed log of all signing operations.

The platform generates signing keys through a controlled process with multiple parties. It then deploys those keys into FIPS-certified HSMs, where the keys remain non-exportable. The system applies role-based access control and eToken authentication for authorised engineers and build systems.

This structure restricts signing operations to approved users and tools. It also provides a consistent data source for internal compliance teams and external auditors.

Focus on manufacturers

CommScope is pitching the AM6x solution at device makers that operate large or distributed development teams and that are subject to security mandates in fields such as industrial automation, networking and critical infrastructure.

The company describes PRiSM as suitable for integration into Continuous Integration and Continuous Delivery pipelines. The aim is that teams keep their existing build workflows while moving key handling and signing into a controlled service.

Bootloader signing often becomes a bottleneck in regulated markets. Many organisations rely on manual processes, isolated hardware tokens or small internal PKI deployments. These approaches can slow down releases and introduce human error.

CommScope argues that centralising and automating signing operations through PRiSM can reduce this friction while keeping control over which images are signed and under what conditions. The audit trail records who signed which firmware, when and from which system.

"Security should never be a barrier to product innovation," said Craig Coogan, CTO & VP, Product & Strategy, Access Network Solutions, CommScope. "By collaborating with TI, we help device makers simplify secure boot adoption, reduce development friction, and deliver trusted products into regulated markets with confidence. We handle the underlying complexity so device manufacturers can focus on what they do best to improve productivity, streamline development, and strengthen security outcomes."

CommScope plans to make the secure boot package for AM6x processors available in the first quarter of 2026. TI customers will be able to request onboarding and access documentation and walkthroughs as they prepare devices for tighter cybersecurity rules and audits.