Secure Boot and Firmware Update Mechanism for ARM Cortex-M Series MCUs

Abstract

The use of embedded systems and Internet of Things (IoT) applications has seen massive growth over the years, and this has led to increased criticality of the security of Microcontroller Units (MCUs), especially those of ARM Cortex-M architecture. Systems of this type can be threatened by such sources as untrustworthy code execution, modifying or destroying the firmware, and insufficient update procedures. This paper introduces a lightweight design secured boot and firmware updating architecture, which is very helpful and focused on the resource-constrained conditions especially on the ARM Cortex-M series MCUs. The architecture proposed consists of a ROM-based, secured bootloader, computing a cryptographic hash (SHA-256) of the firmware that is loaded and executed, and asymmetric digital signature verification based on RSA or ECDSA verification of the downloaded and loaded firmware, and a rollback protection method to ensure that the firmware that runs is authenticated and up to date. That approach uses Trusted Firmware-M (TF-M) to deploy trusted execution environments that separate safe areas of functionality with the assistance of ARM TrustZone technology to isolate secure functions in non-secure regions of application. In updating firmware, we propose certain two-bank image deployment, version-protected manifest checking and secured delivery by encrypted communication. This approach guards against actions on the usual vulnerability of the firmware spoofing, downgrade attacks and post-deployment modification. The experimental analysis of STM32L5 Platforms that incorporate Cortex-M33 microcontroller shows that the system has a very low performance overhead in terms of signature verification and boot time verification using combination of 10 0 to 13 0 ECC vectors and less than 50 KB flash memory is required. Security validation identifies resistance to the execution of unauthorized firmware, firmware tampering, and rollbacks. The design is also shaped in such a manner that it is modular and can be scaled easily to fit into other Cortex-M development environments without resorting to proprietary extensions. On the whole, the suggested framework would be an effective and thorough security model towards safe boot and firmware updates in ARM Cortex-M based devices, strengthening trust on applications that are going to be used in industrial IoT, medical operations and on critical system integrations. The study is a first step towards realistic, standards-compliant non-emergency secure firmware management in low-power low-cost embedded systems.