Skip to main content
J
jijomathew
Associate III
January 24, 2025
Question

Prevent unauthorised Firmware updates using USB DFU

  • January 24, 2025
  • 2 replies
  • 1569 views

Title edited to be more descriptive than just "USB"

HI,

I Need help, My application Requires  Firmware updates using USB DFU Mode, and planning to make a custom Pc software that updates code using USB. How can I Make sure that only my Pc software should have access to connect the STM 32 using USB and update the code , How i can implement this security feature in My application? Does the USB library provide any authentication techniques So that I can integrate it for My custom application?

Thanks and Regards 

JIJO 

2 replies

TDK
TDK
Super User
January 24, 2025

Newer STM32 chips (i.e. STM32N6) have more advanced and complicated security settings like this. I would suggest reading up on those and determining if those are sufficient. Also read up on SBSFU to see if that is acceptable.

X-CUBE-SBSFU - Secure boot & secure firmware update software expansion for STM32Cube - STMicroelectronics

 

In general, if someone wants to change the firmware on a chip, you are not going to be able to fully prevent it. Consider the case where the chip is physically replaced.

"If you feel a post has answered your question, please click ""Accept as Solution""."
    J
    jijomathewAuthor
    Associate III
    February 5, 2025

     

    Hello,

    SBSFU examples are there for Y modem Protocol for updates Is it Possible for USB DFU?

    KnarfB
    KnarfB
    Super User
    February 5, 2025

    You may start with the How to use the ST Open Bootloader for STM32 Microc... - STMicroelectronics Community code and extend that to your needs. 

    There are 3rd party bootloaders like homepage [OpenBLT Bootloader] which has a dual (commercial/open source) licensing model. Here they are discussing security features: Security options of the OpenBLT bootloader - Feaser Developer Blog

    hth

    KnarfB

    Terms & ConditionsAccessibility statement