I've had a bit of a difficulty of understanding the actual benefits of proper secure boot vs zero protection.
I've arrived at this understanding: secure boot sometimes allows you to recover a compromised fleet without recalls. Instruct the customer to disconnect the device, reboot it and then somehow reflash it before getting infected again? Seems fraught with errors though.
When I worked with IoT HW companies in Taiwan their understanding tended to be along the lines of: "it makes the device secure" or "it prevents the firmware from being used by clone devices".
It also prevents "contempt of business model". Makes a SW or HW bypass for ink cartridge pairing or game piracy or monthly widget subscription difficult or impossible. May also make any vulnerability patchable.
If you depend on your firmware remaining secret, however, you have to contend with the black hat version of the presenters. They are expert at extracting firmware and cloning. Some applications choose FPGAs in part because the equivalent of their firmware (the bitstream) is itself nearly impossible to reverse engineer. That means that a one-for-one clone is possible, but you can't alter the design, and have to use the exact same part.
I've arrived at this understanding: secure boot sometimes allows you to recover a compromised fleet without recalls. Instruct the customer to disconnect the device, reboot it and then somehow reflash it before getting infected again? Seems fraught with errors though.
When I worked with IoT HW companies in Taiwan their understanding tended to be along the lines of: "it makes the device secure" or "it prevents the firmware from being used by clone devices".
(It's been a while since I worked in this area.)