Securely installing and booting software of a device to run OS authorized according to a ticket that is validated by a nonce generated by application processor (AP) in booted OS stage prior to entering a restore mode is described. AP in booted OS stage generates a pre-flight nonce that is stored in a trusted location (effaceable storage). AP in booted OS stage performs one-way hash of pre-flight nonce and sends the hashed pre-flight nonce to ticket authorization server. AP enters restore mode. AP in first stage bootloader receives a ticket from the ticket authorization server including a signed copy of the hashed pre-flight nonce. AP in first stage bootloader validates the signed ticket by comparing one-way hash of the pre-flight nonce stored in the trusted location and the hashed nonce in the signed ticket. Pre-flight nonce expires after timeout period and upon reboot of AP. Other embodiments are also described.