Introduction to Secure boot and Secure firmware update

1. What is the Secure boot and secure firmware update

Secure boot and secure firmware update, allows to ensure only authorized software can be executed on the device.

It is the Root Of Trust that's checks and activates the security mechanisms, verifies the authenticity and integrity of the code executed in the platform.

It uses cryptography to verify the next stage code and any metadata, and to manage the updates.

Execution of the next stage proceeds only if any validation checks on the verified metadata pass. This include version comparison, boot conditions, …

Update of the next stage rely on cryptography to decrypt and authenticate the received image. The installation is done following different strategies which depends on the HW capacities.

The secure boot

Consider reset of the platform through an immutable code.

Immutability can be guarantied thanks to ROMCode technology, or any mechanisms that allows to make code immutable. Typically in STM32 microcontrollers this is done thanks to write protection mechanism on flash memory.

This immutable code must be small, simple and verifiable. This minimize the risk of a vulnerability that cannot be corrected. The complex steps are handled by the next stage.

Secure Firmware update:

Allows to control the install of new firmware versions. Updatability of the platform is a key point to ensure security considering vulnerability risks.

Allows to ensure the secure update of the stage following the Immutable code.

Could be implemented following different strategies (one/two slots, A/B system, no update, recovery, ...). But in all cases must take care of version control. Most of the time, the images are received by the applications (means a reset is needed to launch image update process).

2. References