Robotics / Solutions / Firmware attestation
Solution

RATS Firmware Attestation for Robots: Trust the Firmware Before You Trust the Robot

Remote firmware attestation lets a robot prove, with hardware-rooted cryptographic evidence, that its running firmware and policy match a signed known-good reference before it is allowed to act. RankShield Robotics implements this as an IETF RATS verifier: the robot is the attester, RankShield appraises its evidence, and a tampered or downgraded build is quarantined rather than trusted.

ACTION RECEIPTunverified
robotur-10e · cell-7
actionarm.move → pose_4
algML-DSA-65 · post-quantum
digest0x9f2a4c1be7…
sealed to the RankShield Network ✓
post-quantum signature ✓
RFC 6962 inclusion proof ✓
Verify independently
DEMONSTRATION · ANYONE CAN CHECK A RECEIPT AGAINST THE PUBLIC LOG

Key takeaways

What is remote firmware attestation for robots?

Remote firmware attestation is a process in which a robot produces signed, hardware-rooted evidence about the software it is actually running, and a separate verifier decides whether that state is trustworthy before granting the robot any privileged role. It replaces the assumption that a robot is running the firmware you shipped with a checkable proof that it is.

The problem it solves is specific to embodied systems. A robot in the field can have its firmware modified by a supply-chain implant, a malicious over-the-air update, a local exploit, or an operator who rolled back to an older, vulnerable build. Once the firmware is altered, everything the robot reports about itself is suspect, because the compromised software is the thing doing the reporting. Attestation breaks that circular trust by rooting the evidence in hardware the running software cannot fully control.

In practice, attestation measures the boot chain and key firmware components, records those measurements in a protected location, and signs them with a key that never leaves the hardware. The robot sends this signed report to a verifier, which compares it to the reference values for the build and policy that robot is supposed to be running.

  • Detects tampering, a modified bootloader, kernel, or application image produces measurements that no longer match the reference.
  • Detects downgrade, a robot flashed back to a known-vulnerable version is caught even though its firmware is otherwise "legitimate."
  • Detects drift, a policy or configuration that has been changed away from the approved baseline is visible in the evidence.

For RankShield, attestation is one of the conditions the pre-actuation authorization gate checks before it allows a high-consequence action. A robot that cannot prove a clean firmware state does not get to move first and be inspected later.

How does the IETF RATS and EAT model work?

The IETF Remote Attestation Procedures (RATS) architecture, defined in RFC 9334, splits attestation into clear roles: an attester produces evidence, a verifier appraises it against reference values and policy, and a relying party acts on the resulting attestation result. RankShield maps to this model deliberately, so trust decisions are expressed in a standards vocabulary auditors already recognize.

RATS roleWho fills itWhat it does
AttesterThe robotCollects hardware-rooted measurements of its firmware and policy and signs them as evidence.
VerifierRankShield RoboticsAppraises the evidence against signed reference values and endorsements, and issues an attestation result.
Relying partyThe authorization gate / fleet planeConsumes the attestation result and decides whether to trust the robot for privileged actions.

The evidence itself is conveyed as an Entity Attestation Token (EAT), the IETF format for carrying attestation claims about a device. EAT lets the robot express claims such as its measured boot state, firmware version, and security posture in a compact, signed token the verifier can parse consistently across robot models and vendors. Because EAT is a standard rather than a proprietary blob, a mixed-vendor fleet can present evidence to one verifier without a bespoke integration per robot type.

The RATS split matters for a second reason: separation of duties. The robot that produces evidence is not the party that decides whether the evidence is acceptable. That is what makes an attestation result defensible, the verifier applies an appraisal policy the operator controls, and independent parties can audit both the reference values and the verdicts. See the RankShield Robotics platform for how attestation fits alongside identity, authorization, and provenance.

How does it detect tampered or downgraded firmware?

RankShield detects tampered or downgraded firmware by comparing the robot's measured firmware state against signed reference values for the exact build and policy that robot is authorized to run, any mismatch fails appraisal. The reference values describe what a healthy robot of that model, on that approved firmware version, should measure. The evidence describes what it actually measures. Trust is the intersection of the two.

Tampering is caught because measurement is cryptographic. A single altered byte in the bootloader, kernel, or application image changes its hash, and the reported measurement no longer matches the reference. An attacker cannot quietly patch the firmware and also make the measurement look unchanged, because the measurement is taken and signed by hardware the attacker's modified software does not control.

Downgrade is caught separately and deliberately, because it is a common real-world attack: rolling a robot back to an older, signed-but-vulnerable firmware to reopen a patched hole. The appraisal policy encodes a minimum acceptable version, so an otherwise "valid" older build still fails. This directly addresses field patterns like the 2025 humanoid exploits and disclosures such as CVE-2026-8153 in Universal Robots PolyScope, where an outdated or modified controller build is the entry point.

Attack on firmwareHow attestation catches it
Malicious code implantModified image produces a measurement that no longer matches the reference value.
Downgrade to vulnerable buildVersion below the appraisal policy's minimum fails, even if the old image is validly signed.
Unauthorized configuration changePolicy or configuration drift shows up as a measurement outside the approved baseline.
Forged "healthy" reportSignature is verified against a hardware-held key that compromised software cannot produce.

Honest scope: attestation proves the firmware state matches an approved reference; it does not certify that the approved firmware is free of undiscovered vulnerabilities. It tells you the robot is running the software you vetted, at the version you require, unmodified, which is the precondition for every other trust decision.

Why does firmware attestation need a hardware root of trust?

Attestation needs a hardware root of trust because software alone cannot vouch for itself, if the firmware is compromised, so is anything it reports about its own integrity. The root of trust is a small, protected hardware element that measures and signs the boot chain before the potentially compromised software gets to run, breaking the circular dependency where a rootkit reports "all clean."

RankShield does not reinvent this layer; it consumes the roots of trust robots already ship with, so attestation interoperates with existing hardware rather than competing with it.

Hardware root of trustRole in robot attestation
TPM (Trusted Platform Module)Stores measurements in protected registers and signs attestation quotes with a key that never leaves the chip.
DICE (Device Identifier Composition Engine)Derives layered identities from immutable hardware secrets, ideal for smaller robot controllers without a full TPM.
Secure elementHolds the robot's private key and performs signing in tamper-resistant hardware, isolated from the main processor.

The key property in every case is that the signing key is generated and used inside the hardware and is never exportable. That is what lets a verifier distinguish a genuine measurement from a forged one: only the real hardware can produce a signature that validates against the endorsed key registered during enrollment. This is the same hardware anchor that gives each robot its per-robot cryptographic identity, identity and firmware attestation share a root, so a robot's "who it is" and "what it is running" are provable together.

Because the root of trust sits below the application and OS, it also survives firmware updates: a legitimate update changes the measurements to a new, approved reference, while the underlying hardware identity and signing capability persist. RankShield's role is to hold the correct reference values and endorsements and appraise against them, not to replace the silicon that produces the evidence.

How does attestation gate a robot's network and privileged access?

A robot's attestation result becomes a precondition for access: only a robot that presents fresh, passing firmware evidence is admitted to privileged actions and sensitive network segments, and a failing robot is quarantined. Attestation is not a one-time boot check that is forgotten afterward, it is an input the fleet plane and the authorization gate consult before granting trust.

When a robot's evidence appraises as healthy, it is allowed to enroll, receive policy, and have its high-consequence actuation commands authorized by the pre-actuation authorization gate. When appraisal fails, tampered image, downgraded version, or policy drift, the robot is contained rather than trusted.

  • Privileged actions are withheld. The gate treats a failed or missing attestation result as a denial condition, so the robot cannot perform high-consequence motion even if it is otherwise online.
  • Network access is optionally restricted. The robot can be steered onto a quarantine segment, cut off from sensitive OT systems and from lateral paths that let one compromise spread across a fleet.
  • The event is recorded. The failed appraisal and the quarantine decision are written to tamper-evident action provenance, so there is verifiable evidence of when and why a robot was contained.

This quarantine-on-failure behavior is what turns attestation from a report into an enforcement point. It is also how attestation supports zero-trust segmentation for robot fleets: trust is never assumed from network location, it is earned per robot by presenting evidence that appraises cleanly, and it is re-checked rather than granted once. A remediated robot re-attests, passes, and is readmitted automatically.

How does firmware attestation support IEC 62443 integrity?

Firmware attestation provides direct, auditable evidence for the software and firmware integrity requirements at the core of IEC 62443, letting a robot demonstrate its integrity continuously rather than asserting it in a one-time checklist. IEC 62443, the industrial automation and control systems security standard that ISO 10218:2025 increasingly points robot risk assessments toward, expects protection against unauthorized modification of software and a way to verify integrity over the system lifecycle.

Attestation maps onto those expectations cleanly. It produces verifiable proof that firmware has not been modified, it enforces a minimum approved version to block downgrade, and it generates a record of each appraisal that an assessor can inspect. That converts an integrity control from a claim into demonstrable evidence.

IEC 62443 integrity concernWhat RATS attestation contributes
Software / firmware integrityCryptographic proof the running build matches an approved, signed reference.
Protection from unauthorized modificationAny tamper or drift fails appraisal and triggers quarantine.
Verifiable evidence over the lifecycleEach appraisal and its verdict are recorded as tamper-evident provenance.
Segmentation / least privilegeAttestation result gates admission to sensitive segments and privileged actions.

The same evidence is reusable across the wider regulatory picture. It feeds the corruption-protection and integrity expectations of the EU Machinery Regulation 2023/1230 and supports the cyber-risk-assessment mandate introduced in ISO 10218:2025. For how these fit together, see the ISO 10218 and IEC 62443 compliance map.

Honest scope: RankShield is an attestation and evidence layer. It supplies the integrity proof and the audit record that certification against IEC 62443 requires; it complements your controls, functional-safety systems, and middleware security rather than replacing them, and it does not by itself constitute a completed certification. When you are ready to see it on your fleet, request early access.

Frequently asked questions

Is firmware attestation the same as code signing?

No, though they work together. Code signing proves an image came from a trusted source before it is installed. Firmware attestation proves what is actually running on the robot right now, measured and signed by hardware after boot. Code signing can be bypassed by a downgrade to an older signed image or by a runtime compromise; attestation catches both because it appraises the live, measured state against a required reference version.

Can attestation catch a robot rolled back to an older, signed firmware?

Yes. Downgrade is a first-class check. The appraisal policy encodes a minimum acceptable firmware version, so a robot flashed back to a validly signed but known-vulnerable build fails appraisal and is quarantined, even though its image is otherwise legitimate.

What if a robot has no TPM or secure element?

Attestation needs some hardware root of trust to be trustworthy. Many robot controllers ship with a TPM, a secure element, or DICE-capable silicon suited to smaller devices. RankShield consumes whichever root of trust the hardware provides. Where none exists, the evidence is weaker and RankShield labels that posture honestly rather than overstating the assurance.

Does attestation replace my antivirus or detection tooling?

No. Attestation is preventive and verifies integrity before trust is granted; detection watches for suspicious behavior after the fact. They are complementary. RankShield adds the standards-native verification and quarantine layer that detection tools do not provide, and it works alongside SROS2, DDS-Security, and any EDR you run.

Which standards does firmware attestation align to?

It follows IETF RATS (RFC 9334) with Entity Attestation Token evidence, roots trust in TPM, DICE, or secure-element hardware, and produces integrity evidence relevant to IEC 62443, ISO 10218:2025, and the corruption-protection expectations of the EU Machinery Regulation 2023/1230.

Keep exploring

Verify the firmware before you trust the robot.

RATS-native firmware attestation with hardware-rooted evidence and quarantine-on-failure, deployed on a bounded set of robots in weeks.

Request early access