Open-source firmware release assurance

Release assurance for embedded firmware

AssureLoop helps Zephyr firmware teams produce auditable release evidence: signed images, SBOMs, manifests, trace reports, evidence bundles, update packages, and simulator-first lifecycle checks.

View GitHub repo v0.3 hardware-alpha

release evidence nucleo_h563zi

v0.3 proves a hardware-alpha path on ST NUCLEO-H563ZI with development keys and direct-flash MCUboot validation.

What it is

A release evidence loop for embedded teams

AssureLoop is for embedded firmware developers, founders, maintainers, and reviewers who need a credible record of what was built, what it contains, how it was signed, and how update packages are checked before hardware deployment.

Build Zephyr firmware and collect real build artifacts.
Generate SBOM, manifest, trace report, and evidence bundle.
Verify manifests, bundle contents, update payloads, and hashes.
Exercise simulator-first lifecycle behavior before real OTA.

v0.3 hardware-alpha

What v0.3 proves

The current public hardware-alpha validates one board and one local development workflow. It is narrow on purpose.

Signed image evidence

Board-specific signed image artifacts are packaged with SBOM, manifest hashes, trace data, and evidence bundle verification.

MCUboot boot path

ST NUCLEO-H563ZI boots the AssureLoop demo through MCUboot using local development signing keys.

Update lifecycle checks

Confirmed update, rollback, tampered update rejection, and lower-version update rejection are documented with sample logs.

Release assurance flow

From build output to verified package

Zephyr build
signed image
SBOM
release manifest
evidence bundle
update package
MCUboot validation

Supported hardware-alpha board

ST NUCLEO-H563ZI

v0.3 hardware evidence is scoped to the ST NUCLEO-H563ZI using the Zephyr target nucleo_h563zi. Broad board support is not claimed yet.

Board: ST NUCLEO-H563ZI
Target: nucleo_h563zi
Boot path: MCUboot plus signed app
Evidence: Sample/dev artifacts

Scope boundaries

What AssureLoop is not

Not a new operating system.
Not production OTA.
Not production secure boot.
Not certified safety or cybersecurity compliance.
Not a cloud update service or device fleet manager.

Get started

Run the workflow locally

Clone the repository, follow the contributor quickstart, and run the simulator-first demo before touching hardware.

Host tests

.\scripts\test-tools.ps1

Full simulator demo

.\scripts\full-demo.ps1 -Python py

Hardware-alpha release prep

.\scripts\prepare-v0.3-release.ps1 -Python py

Links and resources

Follow the evidence

GitHub repository v0.3.0 hardware-alpha release Release notes Project documentation Sample artifacts release