OTA

Device security discussions often include: “The firmware is signed, so it is secure.”

That is only partly true. A firmware signature proves that the firmware was authorized by a trusted private key and was not modified. It does not automatically answer whether the firmware is encrypted, whether old versions can be rolled back, whether every boot stage verifies the next stage, how signing keys are protected, or whether the device can recover after update failure.