 The search tab to achieve a secure bootloader is to add the authentication of target application inside the bootloader. Similar to the concept that we have described in the former authenticity section, the secure bootloader shall also authenticate the target application by verifying its signature. The part of a code to be signed is only the application. Bootloader code is not part of the data for signature generation or verification. Usually, a metadata or a header area is attached to the application to allow the bootloader to get the necessary information of the data to be verified. The public key will also reside in the bootloader memory area, which is immutable. Bootloader will jump to the target application only if the signature verification is successful. The signature generation flow, again, starts from the creation of a key pair using RSA or ECC. Then the public part of the key will be embedded in the bootloader, and it will become immutable later on. Then hash digest will be computed using the full application former binary and then this digest along with the other necessary information, for example, the formersize, will be combined together and generate the signature using RSA or ECC signing algorithm. And then the full metadata, including the former hash, necessary information, as well as the signature of the metadata will be attached to the application. Then the bootloader, including the public key and the application former, including the metadata, will be programmed to the flash. To verify the signature, the bootloader will first compute the digest of the metadata and verify the signature of the metadata itself. If that is okay, then the bootloader will also compute the digest of the firmware and compare the computed digest with one coming from the metadata. If that is also okay, then the bootloader will jump to the application. If anything goes wrong in any of the steps of the verification, then further action will be taken as an error handler. Now, let's have a hands-on of the bootloader with authentication. The goal of this hands-on is to show the different steps to add application authentication before jumping to the target application in the immutable bootloader. Generates the metadata, header for the application, include information such as size, version, signature, etc. Build a binary of both bootloader and application with metadata, run the device, and check the application signature verification procedure. Secure bootloader sum up. In this section, we have addressed the three main topics of secure bootloader. First, a very simple bootloader only, which is just a standalone bootloader separated from my application with the capability to jump to the target application. Second, make the bootloader shots worthy by ensuring the secure bootloader's single entry point after reset and ensuring the immutability of secure bootloader code. And in the end, we also talked about the authentication of application from bootloader, including the flow of application signing and the flow of signature verification inside the bootloader. Thank you for watching.