Secure and Reliable Firmware Update in Embedded Systems
Abstract
A reliable firmware update ensures that a device will not become unusable at the end of the process. A secure update ensures that only authentic firmware can be installed on the device. Microcontroller manufacturers have their own solutions for a secure and reliable update, however, each solution is tailored to its devices. This work presents a generic solution for a secure and reliable firmware update process. A reference implementation was performed using the STM32L562QE microcontroller in order to validate the proposed solution and to demonstrate that it is possible to obtain a safe and reliable upgrade without relying on proprietary solutions from microcontroller manufacturers.
Keywords:
Firmware Update, Reliability, Integrity
References
Beningo, J. (2015). Bootloader design for microcontrollers in embedded systems.
Bouazzouni, M. A., Conchon, E., and Peyrard, F. (2018). Trusted mobile computing: An overview of existing solutions. Future Generation Computer Systems, 80:596–612.
Dhobi, R., Gajjar, S., Parmar, D., and Vaghela, T. (2019). Secure rmware update over the air using trustzone. In 2019 Innovations in Power and Advanced Computing Technologies (i-PACT), volume 1, pages 1–4.
Jain, N., Mali, S. G., and Kulkarni, S. (2016). Ineld rmware update: Challenges and solutions. In 2016 International Conference on Communication and Signal Processing (ICCSP), pages 1232–1236.
Landwehr, C. (2001). Computer security. International Journal of Information Security, 1:3–13.
Nikolov, N. (2018). Research rmware update over the air from the cloud. In 2018 IEEE XXVII International Scientic Conference Electronics ET, pages 1–4.
NIST (2015). Secure Hash Standards. National Institute of Standards and Technology.
OMG (2017). Omg unied modeling language (omg uml).
Russel, D. and Gangemi, G. T. (1991). Computer Security Basics. O’Reilly & Associates.
STMicroelectronics (2020a). Getting started with projects base on the stm32l5 series in stm32cubeide.
STMicroelectronics (2020b). Overview of secure boot and secure rmware update solution on arm trustzone stm32l5 series microcontrollers.
STMicroelectronics (2020c). Reference manual stm32l552xx and stm32l562xx advanced arm-based 32-bit mcus.
USB-IF (2010). Universal Serial Bus Class Denitions for Communications Devices. USB-IF.
Bouazzouni, M. A., Conchon, E., and Peyrard, F. (2018). Trusted mobile computing: An overview of existing solutions. Future Generation Computer Systems, 80:596–612.
Dhobi, R., Gajjar, S., Parmar, D., and Vaghela, T. (2019). Secure rmware update over the air using trustzone. In 2019 Innovations in Power and Advanced Computing Technologies (i-PACT), volume 1, pages 1–4.
Jain, N., Mali, S. G., and Kulkarni, S. (2016). Ineld rmware update: Challenges and solutions. In 2016 International Conference on Communication and Signal Processing (ICCSP), pages 1232–1236.
Landwehr, C. (2001). Computer security. International Journal of Information Security, 1:3–13.
Nikolov, N. (2018). Research rmware update over the air from the cloud. In 2018 IEEE XXVII International Scientic Conference Electronics ET, pages 1–4.
NIST (2015). Secure Hash Standards. National Institute of Standards and Technology.
OMG (2017). Omg unied modeling language (omg uml).
Russel, D. and Gangemi, G. T. (1991). Computer Security Basics. O’Reilly & Associates.
STMicroelectronics (2020a). Getting started with projects base on the stm32l5 series in stm32cubeide.
STMicroelectronics (2020b). Overview of secure boot and secure rmware update solution on arm trustzone stm32l5 series microcontrollers.
STMicroelectronics (2020c). Reference manual stm32l552xx and stm32l562xx advanced arm-based 32-bit mcus.
USB-IF (2010). Universal Serial Bus Class Denitions for Communications Devices. USB-IF.
Published
2021-10-04
How to Cite
SELL, Paulo Fylippe; MELLO, Emerson Ribeiro de; MATOS, Roberto de.
Secure and Reliable Firmware Update in Embedded Systems. In: WORKSHOP ON SCIENTIFIC INITIATION AND UNDERGRADUATE WORKS - BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 21. , 2021, Evento Online.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2021
.
p. 219-231.
DOI: https://doi.org/10.5753/sbseg_estendido.2021.17354.
