This work addresses the vulnerability of traditional firmware integrity verification mechanisms to insider threats and single points of failure, which undermines the security of cyber-physical systems (CPS). To overcome these limitations, the paper proposes the first decentralized firmware verification framework built on the Ethereum blockchain. By leveraging smart contracts to store SHA-256 hashes of firmware images, the framework enables tamper-proof, transparent, and trustless real-time verification. The design eliminates reliance on centralized authorities and seamlessly integrates with existing security mechanisms such as secure boot, Trusted Platform Modules (TPMs), and zero-trust architectures. Scalability is enhanced through Layer-2 solutions and IPFS integration. A prototype deployed on the Sepolia testnet demonstrates reliable verification with low gas consumption, highlighting the framework’s practical viability and potential for real-world adoption.

Firmware integrity is a foundational requirement for securing Cyber-Physical Systems (CPS), where malicious or compromised firmware can result in persistent backdoors, unauthorized control, or catastrophic system failures. Traditional verification mechanisms such as secure boot, digital signatures, and centralized hash databases are increasingly inadequate due to risks from insider threats and single points of failure. In this paper, we propose a decentralized firmware integrity verification framework built on the Ethereum blockchain, offering tamper-proof, transparent, and trustless validation. Our system stores SHA-256 hashes of firmware binaries within smart contracts deployed on the Ethereum Sepolia testnet, using Web3 and Infura for seamless on-chain interaction. A Python-based client tool computes firmware hashes and communicates with the blockchain to register and verify firmware authenticity in real-time. We implement and evaluate a fully functional prototype using real firmware samples, demonstrating successful contract deployment, hash registration, and integrity verification through live blockchain transactions. Experimental results confirm the reliability and low cost (in gas fees) of our approach, highlighting its practicality and scalability for real-world CPS applications. To enhance scalability and performance, we discuss extensions using Layer-2 rollups and off-chain storage via the InterPlanetary File System (IPFS). We also outline integration pathways with secure boot mechanisms, Trusted Platform Module (TPM)-based attestation, and zero-trust architectures. This work contributes a practical and extensible model for blockchain-based firmware verification, significantly strengthening the defense against firmware tampering and supply chain attacks in critical CPS environments.