Secure boot for devices which don't have hardware security element
I understand that Root of Trust is necessary for implementing a secure boot on a device. Root of Trust is strong and trust worthy if this comes from hardware security elements like HSM/TPM/..
So for devices which are not having hardware security elements, is there is way to implement Root of Trust in software? what is the right/best practice of implementing RoT and hence secure boot on such devices?
Yes you can. You can use eFuse to store public key of the root certificate. This becomes root of trust. eFuses can be written only once and once eFuses are blown by writing bits into the eFuse array, it is not reversible. To prevent physical tampering with first stage bootloader, it must be burned on non-programmable storage which must be physically hard to replace and may damage the PCB if an attacker tries to. You can use CPU die for this. Using the public key, it can validate signature on second stage bootloader by using PKI. Second stage bootloader can be hardcoded with public key that verifies the kernel and kernel verifies system.
To revoke public key of root certificate, you have to provision empty eFuse arrays which can be later blown to write new public key by pushing OTA updates. To revoke public keys of later stages in chain of trust, replace their hardcoded public keys and recertify their signature. For rollback protection, store last known running version of second stage bootloader in eFuse as well which can be validated on each boot. If you run out of eFuse arrays, you can no longer revoke root public key so they should be used when there is absolute necessity.
Qualcomm Snapdragon and Samsung Exynos SoCs are known to use eFuse to kickstart root of trust and to verify warranty status.