Skip to main content
Evgeniy Vasyliev
Evgeniy Vasyliev
Associate III
March 11, 2022
Question

Securely program bootloader remotely in STM32

  • March 11, 2022
  • 2 replies
  • 3954 views

Normally the bootloader is the first thing to program in the MCU by the manufacturer,. Bootloader contains a way how to update the firmware of the device from the firmware file (encrypted), which is openly passed to the customer. Hence the bootloader is concidered to the the most secret thing to take care of.

But what to do if there is no way to go physically to the place where the newly manufacured devices are located and physically program the bootloader? Is there any way to remotely program the bootloader in a secured way, so that the people having the devices could not steal or sniff it? Are there any ready solutions to this problem?

The MCU related is STM32F427.

This topic has been closed for replies.

2 replies

TDK
TDK
Super User
March 11, 2022

Yes, see https://www.st.com/en/embedded-software/x-cube-sbsfu.html

"If you feel a post has answered your question, please click ""Accept as Solution""."
Evgeniy Vasyliev
Evgeniy VasylievAuthor
Associate III
March 11, 2022

Thank you, I have checked it, but this seems to be a bootloader, which is able to securely update the firmware. The question here is a bit different: how to program the bootloader itself securely?

TDK
TDK
Super User
March 11, 2022
You need to trust one layer of the onion. Or crest a boot loader for the boot loader.
"If you feel a post has answered your question, please click ""Accept as Solution""."
Tesla DeLorean
Tesla DeLorean
Guru
March 11, 2022

Depends on who you trust.

You could send pre-programmed and secure chips to your PCBA / contract manufacturer. This could be full, or partial, and then have your loader decrypt/program parts, or have a comms link to secure site that could also sign against Unique ID, so you could track/lock per IC

Distributors classically offer programming ICs as a value-add service

Tips, Buy me a coffee, or three.. PayPal VenmoUp vote any posts that you find helpful, it shows what's working..
Evgeniy Vasyliev
Evgeniy VasylievAuthor
Associate III
March 11, 2022

Well, I agree with you, programming the MCUs seems to be the most rational solution here, but sometimes it is not possible and we need to work completely remotely and allow the final customer to program the bootloader and firmware.

Today I found the following post: https://www.segger.com/products/debug-probes/j-link/tools/j-link-remote-server/. It explains about a tunnel mode allowing to connect to a programmer over the internet, however it does not explain how secure it is in meaning if the owner of the PC/laptop with inserted programmer can sniff the bootloader code.

I assume that there should be some solution for this field as MCUs are used in billions of devices worldwide. There should be some approach to make it work. If not - then this is an open field to make a new startup! =)

Pavel A.
Pavel A.
Super User
March 12, 2022

@Evgeniy Vasyliev​ ST definitely supports what you want.

But only on newer STM32 series and using the CubeProgrammer software.

Please read on "secure manufacturing" here: https://www.st.com/content/st_com/en/ecosystems/stm32trust.html

STM32F4 is very old. Not sure it supports the first-time secure install scenario.

If you figure out how to do secure 1st time install on old MCUs then sure, make a startup ;)

Terms & ConditionsAccessibility statement