How to secure your application using a serial loader and secure boot manager

Embedded design specifications require the ability to dynamically update a device’s firmware in the field. This can be achieved via a bootloader, often also called a boot manager when an extra set of validation, management and update functions are available together with a loader to provide a method to download images to the on-chip flash update slot.

The pragmatics of designing a boot manager and loader are somewhat difficult to discuss. There can be so many different requirements placed on it, e.g. the mechanism for getting the new application into the MCU. For some, it will be through the serial peripheral of the MCU and for others, it might be Over the Air (OTA).

The capability of updating the firmware, especially for IoT devices, makes the product vulnerable if there isn’t any mechanism to prohibit unauthorized reprogramming and reconfiguring of the system. Adding the functionality of validating the source of the code via an encryption/decryption layer is the first step to make the boot manager secure.

A secure boot manager can itself reprogram the firmware running on an embedded device or system, when the transferred content by the loader is encrypted and validated by an authenticated authority.

If you want to learn more, watch our on-demand webinar! The webinar explores the use of a combined secure boot manager and reference serial loader for securing your application. Working with a secure boot manager and serial loader can be somewhat tricky, but with our tips and tricks, you should be well on your way to enable a successful and secure dynamic software update mechanism for your MCU in the field.