Secure Boot and Secure Update Software Options

Question

Hi, I'm building a medical device that will use an STM32 MCU and requires secure boot and secure firmware updates (over USB-C preferably). I have little experience with implementing secure bootloaders, and am looking for a solution that could allow me to get secure boot working out-of-the-box with minimal setup. I've seen that SBSFU offers example projects for secure boot on some MCUs, while MCUboot is also available for some others. It also looks like the STM32U5 series supports their own secure firmware updates based on AN4992. What's the difference between all of these solutions? Out of all the solutions ST offers for secure boot, which ones are the newest/recommended and easiest to get set up with? Because I'm looking for a low-cost MCU, I've identified the STM32L471, STM32L476, and STM32U575 as potential candidates that could support secure boot, but I'm lost as to how to actually set it up or what software solution to use. I'd love to hear anyone else's suggestions for other MCUs I could use that easily support these security features, or for application notes/resources I could use to learn how to use ST's security solutions.

Mikk Leini · Answer

There's no single right answer to this. What are your secure assets? Firmware code? Patient information? Do you need to comply with some standard? Start from this to find suitable MCU and solution. If you're device is not connected to the internet, you may find simpler way, like authorizing USB access.

It is possible to implement secure boot in SW only with the cheaper MCU which has internal Flash and RAM, but you need to able to lock the debug port to prevent reading out root of trust (RoT) information (bootloader and keys). And you need to be very sure your application does not have any security holes, like out of bounds data access bugs. It's quite straightforward to implement as you don't need to bother with HW quirks, but it's technically not so secure as HW based RoT. If you can afford stepping up your MCU choice then you get cryptographic accelerators to calculate hash (SHA) and encryption/decryption engine (AES) which speed up your validation/upload times. Modern digital signature (DSA) needs to be done in SW anyway, but don't calculate it over the whole binary, only the binary hash and it's metadata.

There are also secure elements - chips that connect to MCU with I2C/SPI, like STSAFE. They can keep keys behind the lock and perform signature checks, but one downside is that if you need to protect against physical attack or you have non-unique keys, then you need to make the communication with secure element also secure. It's another layer of complexity.

If your device security is weak, then consider using unique decryption and signature keys for each device. In case one gets opened, you don't immediately have others at risk. But it makes updates management slightly more complicated.

There's also difference in how you organize update process - does bootloader perform overwrite of old application or it's done by the application into the second slot (A/B boot strategy). This is usually determined by the amount of Flash you have. I think with USB you don't need A/B strategy because if update fails, the user can retry quickly anyway.

I have not used X-CUBE-SBSFU, but based on the documentation it looks it can kickstart your development.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded