Altaf Hussain of Freescale has a nicely-written article on device trust in Axiom:
https://twitter.com/AvnetDesignWire/status/661974412296630272
Not too long ago, a factory could close its gates and guard its doors to ensure security and safety inside. However, to get the same level of security in today’s interconnected world, a factory must also carefully protect electronic communication in and out of the factory. This type of “information security” is already happening everyday on the web – conduct a simple Google search for “trust” and you’ll notice that Hypertext Transfer Protocol Secure (HTTPS) is used to provide secure, encrypted communication. However, securing electronic communication is not enough. Factories must also guard against potential threats from unsecured information entering the physical environment (such as a USB pen drive carrying a Trojan horse brought from outside the factory). To begin evaluating who or what can be trusted, system builders and buyers of industrial networking applications must consider the following questions:
* Are the devices real or clones?
* Is the device manufactured using my components and software?
* Is this my application code and third party code I bought?
* Is this my data?
* Is this an authorized operator?
To ensure that all the answers are “YES”, there has to be a root of trust all the way from the component, through the application, to the communication link. Now the question is: how is this root of trust achieved? […]
Full article below. Also see end of article for URL to PDF edition:
http://design.avnet.com/axiom/who-can-you-trust/?UTM_Campaign=na-frs-axm-twt-aug2015
Firmware Security 