Firmware Verification

Overview

Firmware verification ensures devices run untampered code. Sentinel hashes the firmware binary, validates the signature chain, and optionally anchors the proof on Solana.

Verify firmware

const proof = await sentinel.verify.firmware({
  robotId: 'clx1a2b3c...',
  version: '2.4.1',
  firmwareData: Buffer.from(firmwareBinary),
});

Response:

{
  "verified": true,
  "hash": "SHA-256:a4e8f3b2c1d4e5f6a7b8c9d0...",
  "signature": "0x7f3a8b2c...",
  "previousHash": "SHA-256:b5f9g4c3d2e5f6g7...",
  "trustScoreUpdate": {
    "before": 70,
    "after": 100
  }
}

Firmware verification is the highest-weighted factor in trust scoring (+30 points).

Verification process

•Binary hashed with SHA-256
•Hash signed with the device's private key
•Signature validated against the registered public key
•Hash chain integrity checked (links to previous firmware record)
•Trust score recalculated

On-chain anchoring

Create an immutable, publicly verifiable record on Solana:

const anchor = await sentinel.solana.anchor({
  hash: proof.hash,
  robotDid: device.did,
  proofType: 'firmware',
});

Response:

{
  "txSignature": "5Kj8mN2x...",
  "slot": 258491032,
  "explorerUrl": "https://explorer.solana.com/tx/5Kj8mN2x..."
}

Cost: < $0.001 per proof. Provides a timestamp and hash that cannot be disputed or modified.

When to verify

| Scenario | Recommendation | |----------|---------------| | After firmware update | Required | | On device boot | Recommended (zero-trust boot) | | Periodic runtime check | Optional (high-security environments) |

Failure handling

If verification fails:

•Trust score drops immediately
•Fleet operator receives an alert
•Device can be automatically quarantined (configurable)

Device Registration Telemetry Signing