Software Update

Secubit employs a layered and ceremonial model to secure HSM firmware updates. Since the wallet program is a critical component of the custody platform, updates must be delivered in a way that prevents tampering or unauthorized modifications.

In this model, every HSM wallet program update is digitally signed within a controlled ceremony using keys stored inside an HSM. The signing process ensures that only authorized and verified versions of the program can be deployed to HSM.

When the HSM receives an updated program, it verifies the digital signature before loading the new code. If the signature does not match or if the update has been altered, the HSM will reject it. This guarantees that only authentic, integrity-checked, and authorized program can run within the secure environment.

By combining formal signing ceremonies with hardware-based verification, Secubit eliminates the risk of malicious code injection or unauthorized changes, providing confidence that the software foundation of the custody platform remains trustworthy.