I would ask about any boot loader with cryptography or any secure way to update
firmware "off-factory", but I ask before: Worth it?
Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use it for
two or three years already. Now we're "moving up" to Cortex-M0 and M3.
Our product need to have a boot loader, either online (GPRS, low speed) and off
line (uart or usb, faster).
The only good point of using AES on a BL that I see is difficult the copy,
because they will copy you product and it will be better, but they will need to
spend time and money developing a new one instead of just copying yours.
Ok than, but the time to develop an encrypted BL worth it?
Do you guys use any kind of secure BL?
Or it's just too much security to think about?
Best regards.
AndrRairan.
Use or not a secure boot loader?
Started by ●March 14, 2012
Reply by ●March 14, 20122012-03-14
Dear Andr
I think it's completely up to you to decide if it's worth to implement a
"secure" boot loader.
From my point of view it depends how attractive the product is on the
market (how much money can one make with it) and how close Asian guys
come to your product
(note that manpower costs very, very little money in e.g. China).
I myself decided to implement a secure boot loader for our intelligent
displays - see www.iLCD.info - already from the beginning of the
development and have not seen
any clones until now (but possibly the product is not attractive enough
to be cloned - I'll never will know that until it becomes cloned ;-))
Best regards
Herbert
Am 14.03.2012 15:05, schrieb AndrRairan:
> I would ask about any boot loader with cryptography or any secure way to update firmware "off-factory", but I ask before: Worth it?
>
> Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use it for two or three years already. Now we're "moving up" to Cortex-M0 and M3.
> Our product need to have a boot loader, either online (GPRS, low speed) and off line (uart or usb, faster).
>
> The only good point of using AES on a BL that I see is difficult the copy, because they will copy you product and it will be better, but they will need to spend time and money developing a new one instead of just copying yours.
>
> Ok than, but the time to develop an encrypted BL worth it?
> Do you guys use any kind of secure BL?
> Or it's just too much security to think about?
> Best regards.
> AndrRairan.
>
I think it's completely up to you to decide if it's worth to implement a
"secure" boot loader.
From my point of view it depends how attractive the product is on the
market (how much money can one make with it) and how close Asian guys
come to your product
(note that manpower costs very, very little money in e.g. China).
I myself decided to implement a secure boot loader for our intelligent
displays - see www.iLCD.info - already from the beginning of the
development and have not seen
any clones until now (but possibly the product is not attractive enough
to be cloned - I'll never will know that until it becomes cloned ;-))
Best regards
Herbert
Am 14.03.2012 15:05, schrieb AndrRairan:
> I would ask about any boot loader with cryptography or any secure way to update firmware "off-factory", but I ask before: Worth it?
>
> Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use it for two or three years already. Now we're "moving up" to Cortex-M0 and M3.
> Our product need to have a boot loader, either online (GPRS, low speed) and off line (uart or usb, faster).
>
> The only good point of using AES on a BL that I see is difficult the copy, because they will copy you product and it will be better, but they will need to spend time and money developing a new one instead of just copying yours.
>
> Ok than, but the time to develop an encrypted BL worth it?
> Do you guys use any kind of secure BL?
> Or it's just too much security to think about?
> Best regards.
> AndrRairan.
>
Reply by ●March 14, 20122012-03-14
I think it would also depend on the complexity of the firmware. For
some projects the hardware is not that difficult, but most of the value
is in the firmware. For something like that you would especially not
want someone to copy your hardware and then use your binary firmware on it.
I just implemented encryption in my usb bootloader using XTEA, and it
was simple enough there's really no reason not to do it. There's a
library called libtomcrypt that supports a number of different kinds of
encryption that might be helpful for you.
http://libtom.org/
On 03/14/2012 09:17 AM, g...@demmel.com wrote:
> Dear Andr
>
> I think it's completely up to you to decide if it's worth to implement a
> "secure" boot loader.
>
> From my point of view it depends how attractive the product is on the
> market (how much money can one make with it) and how close Asian guys
> come to your product
> (note that manpower costs very, very little money in e.g. China).
>
> I myself decided to implement a secure boot loader for our intelligent
> displays - see www.iLCD.info - already from the beginning of the
> development and have not seen
> any clones until now (but possibly the product is not attractive enough
> to be cloned - I'll never will know that until it becomes cloned ;-))
>
> Best regards
> Herbert
>
> Am 14.03.2012 15:05, schrieb AndrRairan:
>> I would ask about any boot loader with cryptography or any secure way to update firmware "off-factory", but I ask before: Worth it?
>>
>> Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use it for two or three years already. Now we're "moving up" to Cortex-M0 and M3.
>> Our product need to have a boot loader, either online (GPRS, low speed) and off line (uart or usb, faster).
>>
>> The only good point of using AES on a BL that I see is difficult the copy, because they will copy you product and it will be better, but they will need to spend time and money developing a new one instead of just copying yours.
>>
>> Ok than, but the time to develop an encrypted BL worth it?
>> Do you guys use any kind of secure BL?
>> Or it's just too much security to think about?
>> Best regards.
>> AndrRairan.
>>
some projects the hardware is not that difficult, but most of the value
is in the firmware. For something like that you would especially not
want someone to copy your hardware and then use your binary firmware on it.
I just implemented encryption in my usb bootloader using XTEA, and it
was simple enough there's really no reason not to do it. There's a
library called libtomcrypt that supports a number of different kinds of
encryption that might be helpful for you.
http://libtom.org/
On 03/14/2012 09:17 AM, g...@demmel.com wrote:
> Dear Andr
>
> I think it's completely up to you to decide if it's worth to implement a
> "secure" boot loader.
>
> From my point of view it depends how attractive the product is on the
> market (how much money can one make with it) and how close Asian guys
> come to your product
> (note that manpower costs very, very little money in e.g. China).
>
> I myself decided to implement a secure boot loader for our intelligent
> displays - see www.iLCD.info - already from the beginning of the
> development and have not seen
> any clones until now (but possibly the product is not attractive enough
> to be cloned - I'll never will know that until it becomes cloned ;-))
>
> Best regards
> Herbert
>
> Am 14.03.2012 15:05, schrieb AndrRairan:
>> I would ask about any boot loader with cryptography or any secure way to update firmware "off-factory", but I ask before: Worth it?
>>
>> Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use it for two or three years already. Now we're "moving up" to Cortex-M0 and M3.
>> Our product need to have a boot loader, either online (GPRS, low speed) and off line (uart or usb, faster).
>>
>> The only good point of using AES on a BL that I see is difficult the copy, because they will copy you product and it will be better, but they will need to spend time and money developing a new one instead of just copying yours.
>>
>> Ok than, but the time to develop an encrypted BL worth it?
>> Do you guys use any kind of secure BL?
>> Or it's just too much security to think about?
>> Best regards.
>> AndrRairan.
>>
Reply by ●March 14, 20122012-03-14
Hi
The uTasker project includes encryption support of Serial and Ethernet boot loading. This allows code to be distributed in encrypted form. http://www.utasker.com/docs/uTasker/uTaskerBoot_003.PDF
There is also password protection on its USB-MSD boot loader (to stop code being read out without entering the correct password phrase, but the actual copy itself is not encrypted in the present version but maye shortly). Video demos [http://www.youtube.com/watch?v=H4TYM9jY2-g and http://www.youtube.com/watch?v=e4oFBn_M5wo]
Regards
Mark
--- In l..., Moses McKnight wrote:
>
> I think it would also depend on the complexity of the firmware. For
> some projects the hardware is not that difficult, but most of the value
> is in the firmware. For something like that you would especially not
> want someone to copy your hardware and then use your binary firmware on it.
>
> I just implemented encryption in my usb bootloader using XTEA, and it
> was simple enough there's really no reason not to do it. There's a
> library called libtomcrypt that supports a number of different kinds of
> encryption that might be helpful for you.
> http://libtom.org/
>
> On 03/14/2012 09:17 AM, groups@... wrote:
> > Dear Andr
> >
> > I think it's completely up to you to decide if it's worth to implement a
> > "secure" boot loader.
> >
> > From my point of view it depends how attractive the product is on the
> > market (how much money can one make with it) and how close Asian guys
> > come to your product
> > (note that manpower costs very, very little money in e.g. China).
> >
> > I myself decided to implement a secure boot loader for our intelligent
> > displays - see www.iLCD.info - already from the beginning of the
> > development and have not seen
> > any clones until now (but possibly the product is not attractive enough
> > to be cloned - I'll never will know that until it becomes cloned ;-))
> >
> > Best regards
> > Herbert
> >
> > Am 14.03.2012 15:05, schrieb AndrRairan:
> >> I would ask about any boot loader with cryptography or any secure way to update firmware "off-factory", but I ask before: Worth it?
> >>
> >> Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use it for two or three years already. Now we're "moving up" to Cortex-M0 and M3.
> >> Our product need to have a boot loader, either online (GPRS, low speed) and off line (uart or usb, faster).
> >>
> >> The only good point of using AES on a BL that I see is difficult the copy, because they will copy you product and it will be better, but they will need to spend time and money developing a new one instead of just copying yours.
> >>
> >> Ok than, but the time to develop an encrypted BL worth it?
> >> Do you guys use any kind of secure BL?
> >> Or it's just too much security to think about?
> >>
> >>
> >> Best regards.
> >> AndrRairan.
> >>
> >
> >
> >
> >
> >
> >
The uTasker project includes encryption support of Serial and Ethernet boot loading. This allows code to be distributed in encrypted form. http://www.utasker.com/docs/uTasker/uTaskerBoot_003.PDF
There is also password protection on its USB-MSD boot loader (to stop code being read out without entering the correct password phrase, but the actual copy itself is not encrypted in the present version but maye shortly). Video demos [http://www.youtube.com/watch?v=H4TYM9jY2-g and http://www.youtube.com/watch?v=e4oFBn_M5wo]
Regards
Mark
--- In l..., Moses McKnight wrote:
>
> I think it would also depend on the complexity of the firmware. For
> some projects the hardware is not that difficult, but most of the value
> is in the firmware. For something like that you would especially not
> want someone to copy your hardware and then use your binary firmware on it.
>
> I just implemented encryption in my usb bootloader using XTEA, and it
> was simple enough there's really no reason not to do it. There's a
> library called libtomcrypt that supports a number of different kinds of
> encryption that might be helpful for you.
> http://libtom.org/
>
> On 03/14/2012 09:17 AM, groups@... wrote:
> > Dear Andr
> >
> > I think it's completely up to you to decide if it's worth to implement a
> > "secure" boot loader.
> >
> > From my point of view it depends how attractive the product is on the
> > market (how much money can one make with it) and how close Asian guys
> > come to your product
> > (note that manpower costs very, very little money in e.g. China).
> >
> > I myself decided to implement a secure boot loader for our intelligent
> > displays - see www.iLCD.info - already from the beginning of the
> > development and have not seen
> > any clones until now (but possibly the product is not attractive enough
> > to be cloned - I'll never will know that until it becomes cloned ;-))
> >
> > Best regards
> > Herbert
> >
> > Am 14.03.2012 15:05, schrieb AndrRairan:
> >> I would ask about any boot loader with cryptography or any secure way to update firmware "off-factory", but I ask before: Worth it?
> >>
> >> Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use it for two or three years already. Now we're "moving up" to Cortex-M0 and M3.
> >> Our product need to have a boot loader, either online (GPRS, low speed) and off line (uart or usb, faster).
> >>
> >> The only good point of using AES on a BL that I see is difficult the copy, because they will copy you product and it will be better, but they will need to spend time and money developing a new one instead of just copying yours.
> >>
> >> Ok than, but the time to develop an encrypted BL worth it?
> >> Do you guys use any kind of secure BL?
> >> Or it's just too much security to think about?
> >>
> >>
> >> Best regards.
> >> AndrRairan.
> >>
> >
> >
> >
> >
> >
> >
Reply by ●March 15, 20122012-03-15
My decision to use a secure bootloader was because I have software features that
can be purchased and turned on in the firmware. I'm using a low resource
version of AES.
--- In l..., Andr� Rairan wrote:
>
> I would ask about any boot loader with cryptography or any secure way to update firmware "off-factory", but I ask before: Worth it?
>
> Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use it for two or three years already. Now we're "moving up" to Cortex-M0 and M3.
> Our product need to have a boot loader, either online (GPRS, low speed) and off line (uart or usb, faster).
>
> The only good point of using AES on a BL that I see is difficult the copy, because they will copy you product and it will be better, but they will need to spend time and money developing a new one instead of just copying yours.
>
> Ok than, but the time to develop an encrypted BL worth it?
> Do you guys use any kind of secure BL?
> Or it's just too much security to think about?
>
>
> Best regards.
> Andr� Rairan.
>
--- In l..., Andr� Rairan wrote:
>
> I would ask about any boot loader with cryptography or any secure way to update firmware "off-factory", but I ask before: Worth it?
>
> Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use it for two or three years already. Now we're "moving up" to Cortex-M0 and M3.
> Our product need to have a boot loader, either online (GPRS, low speed) and off line (uart or usb, faster).
>
> The only good point of using AES on a BL that I see is difficult the copy, because they will copy you product and it will be better, but they will need to spend time and money developing a new one instead of just copying yours.
>
> Ok than, but the time to develop an encrypted BL worth it?
> Do you guys use any kind of secure BL?
> Or it's just too much security to think about?
>
>
> Best regards.
> Andr� Rairan.
>
Reply by ●March 16, 20122012-03-16
This is a great post.
May I ask something concerning the subject?
What is the flashing routine in a secured bootloader?
Does the firmware binary is encrypted and decrypted by the bootloeader
before self flashing it in the memory?
What about using UniqueID masks to avoid cloning? Do you think it is
possible to come up with an algorithm that will not hugely consume memory
or manufacturing configuration time (in case of using one firmware per
unique id)?
At.
Em 15 de mar de 2012 13:14, fhriley escreveu:
> **
> My decision to use a secure bootloader was because I have software
> features that can be purchased and turned on in the firmware. I'm using a
> low resource version of AES.
> --- In l..., Andr� Rairan wrote:
> >
> > I would ask about any boot loader with cryptography or any secure way to
> update firmware "off-factory", but I ask before: Worth it?
> >
> > Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use
> it for two or three years already. Now we're "moving up" to Cortex-M0 and
> M3.
> > Our product need to have a boot loader, either online (GPRS, low speed)
> and off line (uart or usb, faster).
> >
> > The only good point of using AES on a BL that I see is difficult the
> copy, because they will copy you product and it will be better, but they
> will need to spend time and money developing a new one instead of just
> copying yours.
> >
> > Ok than, but the time to develop an encrypted BL worth it?
> > Do you guys use any kind of secure BL?
> > Or it's just too much security to think about?
> >
> >
> > Best regards.
> > Andr� Rairan.
> >
>
May I ask something concerning the subject?
What is the flashing routine in a secured bootloader?
Does the firmware binary is encrypted and decrypted by the bootloeader
before self flashing it in the memory?
What about using UniqueID masks to avoid cloning? Do you think it is
possible to come up with an algorithm that will not hugely consume memory
or manufacturing configuration time (in case of using one firmware per
unique id)?
At.
Em 15 de mar de 2012 13:14, fhriley escreveu:
> **
> My decision to use a secure bootloader was because I have software
> features that can be purchased and turned on in the firmware. I'm using a
> low resource version of AES.
> --- In l..., Andr� Rairan wrote:
> >
> > I would ask about any boot loader with cryptography or any secure way to
> update firmware "off-factory", but I ask before: Worth it?
> >
> > Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use
> it for two or three years already. Now we're "moving up" to Cortex-M0 and
> M3.
> > Our product need to have a boot loader, either online (GPRS, low speed)
> and off line (uart or usb, faster).
> >
> > The only good point of using AES on a BL that I see is difficult the
> copy, because they will copy you product and it will be better, but they
> will need to spend time and money developing a new one instead of just
> copying yours.
> >
> > Ok than, but the time to develop an encrypted BL worth it?
> > Do you guys use any kind of secure BL?
> > Or it's just too much security to think about?
> >
> >
> > Best regards.
> > Andr� Rairan.
> >
>
Reply by ●March 16, 20122012-03-16
Felipe,
Unique ID would work if the devices were interconnected in some way and had
a way to check redundancy (like network cards on the same LAN). If you sell
the devices to different customers, it may be hard to check unicity (hence
cloning).
Cheers
--
Olivier Gautherot
o...@gautherot.net
On Fri, Mar 16, 2012 at 6:47 AM, Felipe de Andrade Neves Lavratti <
f...@gmail.com> wrote:
> This is a great post.
>
> May I ask something concerning the subject?
>
> What is the flashing routine in a secured bootloader?
> Does the firmware binary is encrypted and decrypted by the bootloeader
> before self flashing it in the memory?
>
> What about using UniqueID masks to avoid cloning? Do you think it is
> possible to come up with an algorithm that will not hugely consume memory
> or manufacturing configuration time (in case of using one firmware per
> unique id)?
>
> At.
>
> Em 15 de mar de 2012 13:14, fhriley escreveu:
>
> > **
> >
> >
> > My decision to use a secure bootloader was because I have software
> > features that can be purchased and turned on in the firmware. I'm using a
> > low resource version of AES.
> >
> >
> > --- In l..., Andr� Rairan wrote:
> > >
> > > I would ask about any boot loader with cryptography or any secure way
> to
> > update firmware "off-factory", but I ask before: Worth it?
> > >
> > > Today I use a Microchip PIC AES-256 boot loader provided on a AN, we
> use
> > it for two or three years already. Now we're "moving up" to Cortex-M0 and
> > M3.
> > > Our product need to have a boot loader, either online (GPRS, low speed)
> > and off line (uart or usb, faster).
> > >
> > > The only good point of using AES on a BL that I see is difficult the
> > copy, because they will copy you product and it will be better, but they
> > will need to spend time and money developing a new one instead of just
> > copying yours.
> > >
> > > Ok than, but the time to develop an encrypted BL worth it?
> > > Do you guys use any kind of secure BL?
> > > Or it's just too much security to think about?
> > >
> > >
> > > Best regards.
> > > Andr� Rairan.
> > >
> >
> >
> >
>
>
>
Unique ID would work if the devices were interconnected in some way and had
a way to check redundancy (like network cards on the same LAN). If you sell
the devices to different customers, it may be hard to check unicity (hence
cloning).
Cheers
--
Olivier Gautherot
o...@gautherot.net
On Fri, Mar 16, 2012 at 6:47 AM, Felipe de Andrade Neves Lavratti <
f...@gmail.com> wrote:
> This is a great post.
>
> May I ask something concerning the subject?
>
> What is the flashing routine in a secured bootloader?
> Does the firmware binary is encrypted and decrypted by the bootloeader
> before self flashing it in the memory?
>
> What about using UniqueID masks to avoid cloning? Do you think it is
> possible to come up with an algorithm that will not hugely consume memory
> or manufacturing configuration time (in case of using one firmware per
> unique id)?
>
> At.
>
> Em 15 de mar de 2012 13:14, fhriley escreveu:
>
> > **
> >
> >
> > My decision to use a secure bootloader was because I have software
> > features that can be purchased and turned on in the firmware. I'm using a
> > low resource version of AES.
> >
> >
> > --- In l..., Andr� Rairan wrote:
> > >
> > > I would ask about any boot loader with cryptography or any secure way
> to
> > update firmware "off-factory", but I ask before: Worth it?
> > >
> > > Today I use a Microchip PIC AES-256 boot loader provided on a AN, we
> use
> > it for two or three years already. Now we're "moving up" to Cortex-M0 and
> > M3.
> > > Our product need to have a boot loader, either online (GPRS, low speed)
> > and off line (uart or usb, faster).
> > >
> > > The only good point of using AES on a BL that I see is difficult the
> > copy, because they will copy you product and it will be better, but they
> > will need to spend time and money developing a new one instead of just
> > copying yours.
> > >
> > > Ok than, but the time to develop an encrypted BL worth it?
> > > Do you guys use any kind of secure BL?
> > > Or it's just too much security to think about?
> > >
> > >
> > > Best regards.
> > > Andr� Rairan.
> > >
> >
> >
> >
>
>
>
Reply by ●March 16, 20122012-03-16
Hello,
All cortex devices from NXP have a unique number, that can be read by the software. You could code your software to only accept 1 specific number. The drawback is that every device will need there own software.
--
kevin
--- In l..., Olivier Gautherot wrote:
>
> Felipe,
>
> Unique ID would work if the devices were interconnected in some way and had
> a way to check redundancy (like network cards on the same LAN). If you sell
> the devices to different customers, it may be hard to check unicity (hence
> cloning).
>
> Cheers
> --
> Olivier Gautherot
> olivier@...
>
>
> On Fri, Mar 16, 2012 at 6:47 AM, Felipe de Andrade Neves Lavratti <
> felipelav@...> wrote:
>
> > This is a great post.
> >
> > May I ask something concerning the subject?
> >
> > What is the flashing routine in a secured bootloader?
> > Does the firmware binary is encrypted and decrypted by the bootloeader
> > before self flashing it in the memory?
> >
> > What about using UniqueID masks to avoid cloning? Do you think it is
> > possible to come up with an algorithm that will not hugely consume memory
> > or manufacturing configuration time (in case of using one firmware per
> > unique id)?
> >
> > At.
> >
> > Em 15 de mar de 2012 13:14, fhriley escreveu:
> >
> > > **
> > >
> > >
> > > My decision to use a secure bootloader was because I have software
> > > features that can be purchased and turned on in the firmware. I'm using a
> > > low resource version of AES.
> > >
> > >
> > > --- In l..., Andr� Rairan wrote:
> > > >
> > > > I would ask about any boot loader with cryptography or any secure way
> > to
> > > update firmware "off-factory", but I ask before: Worth it?
> > > >
> > > > Today I use a Microchip PIC AES-256 boot loader provided on a AN, we
> > use
> > > it for two or three years already. Now we're "moving up" to Cortex-M0 and
> > > M3.
> > > > Our product need to have a boot loader, either online (GPRS, low speed)
> > > and off line (uart or usb, faster).
> > > >
> > > > The only good point of using AES on a BL that I see is difficult the
> > > copy, because they will copy you product and it will be better, but they
> > > will need to spend time and money developing a new one instead of just
> > > copying yours.
> > > >
> > > > Ok than, but the time to develop an encrypted BL worth it?
> > > > Do you guys use any kind of secure BL?
> > > > Or it's just too much security to think about?
> > > >
> > > >
> > > > Best regards.
> > > > Andr� Rairan.
> > > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> >
> >
> >
> >
All cortex devices from NXP have a unique number, that can be read by the software. You could code your software to only accept 1 specific number. The drawback is that every device will need there own software.
--
kevin
--- In l..., Olivier Gautherot wrote:
>
> Felipe,
>
> Unique ID would work if the devices were interconnected in some way and had
> a way to check redundancy (like network cards on the same LAN). If you sell
> the devices to different customers, it may be hard to check unicity (hence
> cloning).
>
> Cheers
> --
> Olivier Gautherot
> olivier@...
>
>
> On Fri, Mar 16, 2012 at 6:47 AM, Felipe de Andrade Neves Lavratti <
> felipelav@...> wrote:
>
> > This is a great post.
> >
> > May I ask something concerning the subject?
> >
> > What is the flashing routine in a secured bootloader?
> > Does the firmware binary is encrypted and decrypted by the bootloeader
> > before self flashing it in the memory?
> >
> > What about using UniqueID masks to avoid cloning? Do you think it is
> > possible to come up with an algorithm that will not hugely consume memory
> > or manufacturing configuration time (in case of using one firmware per
> > unique id)?
> >
> > At.
> >
> > Em 15 de mar de 2012 13:14, fhriley escreveu:
> >
> > > **
> > >
> > >
> > > My decision to use a secure bootloader was because I have software
> > > features that can be purchased and turned on in the firmware. I'm using a
> > > low resource version of AES.
> > >
> > >
> > > --- In l..., Andr� Rairan wrote:
> > > >
> > > > I would ask about any boot loader with cryptography or any secure way
> > to
> > > update firmware "off-factory", but I ask before: Worth it?
> > > >
> > > > Today I use a Microchip PIC AES-256 boot loader provided on a AN, we
> > use
> > > it for two or three years already. Now we're "moving up" to Cortex-M0 and
> > > M3.
> > > > Our product need to have a boot loader, either online (GPRS, low speed)
> > > and off line (uart or usb, faster).
> > > >
> > > > The only good point of using AES on a BL that I see is difficult the
> > > copy, because they will copy you product and it will be better, but they
> > > will need to spend time and money developing a new one instead of just
> > > copying yours.
> > > >
> > > > Ok than, but the time to develop an encrypted BL worth it?
> > > > Do you guys use any kind of secure BL?
> > > > Or it's just too much security to think about?
> > > >
> > > >
> > > > Best regards.
> > > > Andr� Rairan.
> > > >
> > >
> > >
> > >
> >
> >
> >
> >
> >
> >
> >
> >
> >
Reply by ●March 16, 20122012-03-16
I can't speak for other's secured bootloaders, but this is how mine
works for application programming (non-bootloader):
1) receive encrypted block
2) decrypt it to header and block
3) authenticate it
4) flash it to the location specified by the header
5) verify that the written block matches the one in ram
6) goto 1) until done
7) reset
There is an application checksum that is checked when the device starts up. If it fails, the device enters the bootloader. The encrypted firmware binary is created by an external program that breaks up the unencrypted binary into blocks, adds a header, and encrypts and signs each one.
--- In l..., Felipe de Andrade Neves Lavratti wrote:
>
> This is a great post.
>
> May I ask something concerning the subject?
>
> What is the flashing routine in a secured bootloader?
> Does the firmware binary is encrypted and decrypted by the bootloeader
> before self flashing it in the memory?
>
> What about using UniqueID masks to avoid cloning? Do you think it is
> possible to come up with an algorithm that will not hugely consume memory
> or manufacturing configuration time (in case of using one firmware per
> unique id)?
>
> At.
>
> Em 15 de mar�o de 2012 13:14, fhriley escreveu:
>
> > **
> >
> >
> > My decision to use a secure bootloader was because I have software
> > features that can be purchased and turned on in the firmware. I'm using a
> > low resource version of AES.
> >
> >
> > --- In l..., Andr� Rairan wrote:
> > >
> > > I would ask about any boot loader with cryptography or any secure way to
> > update firmware "off-factory", but I ask before: Worth it?
> > >
> > > Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use
> > it for two or three years already. Now we're "moving up" to Cortex-M0 and
> > M3.
> > > Our product need to have a boot loader, either online (GPRS, low speed)
> > and off line (uart or usb, faster).
> > >
> > > The only good point of using AES on a BL that I see is difficult the
> > copy, because they will copy you product and it will be better, but they
> > will need to spend time and money developing a new one instead of just
> > copying yours.
> > >
> > > Ok than, but the time to develop an encrypted BL worth it?
> > > Do you guys use any kind of secure BL?
> > > Or it's just too much security to think about?
> > >
> > >
> > > Best regards.
> > > Andr� Rairan.
> > >
> >
> >
> >
>
>
>
>
1) receive encrypted block
2) decrypt it to header and block
3) authenticate it
4) flash it to the location specified by the header
5) verify that the written block matches the one in ram
6) goto 1) until done
7) reset
There is an application checksum that is checked when the device starts up. If it fails, the device enters the bootloader. The encrypted firmware binary is created by an external program that breaks up the unencrypted binary into blocks, adds a header, and encrypts and signs each one.
--- In l..., Felipe de Andrade Neves Lavratti wrote:
>
> This is a great post.
>
> May I ask something concerning the subject?
>
> What is the flashing routine in a secured bootloader?
> Does the firmware binary is encrypted and decrypted by the bootloeader
> before self flashing it in the memory?
>
> What about using UniqueID masks to avoid cloning? Do you think it is
> possible to come up with an algorithm that will not hugely consume memory
> or manufacturing configuration time (in case of using one firmware per
> unique id)?
>
> At.
>
> Em 15 de mar�o de 2012 13:14, fhriley escreveu:
>
> > **
> >
> >
> > My decision to use a secure bootloader was because I have software
> > features that can be purchased and turned on in the firmware. I'm using a
> > low resource version of AES.
> >
> >
> > --- In l..., Andr� Rairan wrote:
> > >
> > > I would ask about any boot loader with cryptography or any secure way to
> > update firmware "off-factory", but I ask before: Worth it?
> > >
> > > Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use
> > it for two or three years already. Now we're "moving up" to Cortex-M0 and
> > M3.
> > > Our product need to have a boot loader, either online (GPRS, low speed)
> > and off line (uart or usb, faster).
> > >
> > > The only good point of using AES on a BL that I see is difficult the
> > copy, because they will copy you product and it will be better, but they
> > will need to spend time and money developing a new one instead of just
> > copying yours.
> > >
> > > Ok than, but the time to develop an encrypted BL worth it?
> > > Do you guys use any kind of secure BL?
> > > Or it's just too much security to think about?
> > >
> > >
> > > Best regards.
> > > Andr� Rairan.
> > >
> >
> >
> >
>
>
>
>
Reply by ●March 16, 20122012-03-16
mine is almost the same
and regarding using the unique ID to doing it, it's impossible in large production i think.
Another question:
And about security in production? I mean internal production
The bootloader have the key to decrypt, and this BL need to be flashed into uC using a JTAG for example so this bootloader BIN can't be encrypted.
What is a safe way of doing this in production? I can't remove USB drivers because JTAG need it, and with this USB someone can get the bootloader firmware using a thumb drive.
I this is too much worry, because my worker have an NDA, we have cameras in the company, the production have "controlled access" and etc, but maybe is a good and easy way that you guys using
And how you guys do in production with a product that have boot loader?
I have 2 firmwares now a days.
One with BL + APP, this one is flashed with JTAG.
The second one just APP, this one I encrypt and send if need to update.
Before we are flashing BL first, than in production using BL to upload APP, but it take much more time than a JTAG (we use UART, maybe with USB with the time)
Regards.
On Mar 16, 2012, at 12:36 PM, fhriley wrote:
> I can't speak for other's secured bootloaders, but this is how mine works for application programming (non-bootloader):
>
> 1) receive encrypted block
> 2) decrypt it to header and block
> 3) authenticate it
> 4) flash it to the location specified by the header
> 5) verify that the written block matches the one in ram
> 6) goto 1) until done
> 7) reset
>
> There is an application checksum that is checked when the device starts up. If it fails, the device enters the bootloader. The encrypted firmware binary is created by an external program that breaks up the unencrypted binary into blocks, adds a header, and encrypts and signs each one.
>
> --- In l..., Felipe de Andrade Neves Lavratti wrote:
> >
> > This is a great post.
> >
> > May I ask something concerning the subject?
> >
> > What is the flashing routine in a secured bootloader?
> > Does the firmware binary is encrypted and decrypted by the bootloeader
> > before self flashing it in the memory?
> >
> > What about using UniqueID masks to avoid cloning? Do you think it is
> > possible to come up with an algorithm that will not hugely consume memory
> > or manufacturing configuration time (in case of using one firmware per
> > unique id)?
> >
> > At.
> >
> > Em 15 de mar�o de 2012 13:14, fhriley escreveu:
> >
> > > **
> > >
> > >
> > > My decision to use a secure bootloader was because I have software
> > > features that can be purchased and turned on in the firmware. I'm using a
> > > low resource version of AES.
> > >
> > >
> > > --- In l..., Andr� Rairan wrote:
> > > >
> > > > I would ask about any boot loader with cryptography or any secure way to
> > > update firmware "off-factory", but I ask before: Worth it?
> > > >
> > > > Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use
> > > it for two or three years already. Now we're "moving up" to Cortex-M0 and
> > > M3.
> > > > Our product need to have a boot loader, either online (GPRS, low speed)
> > > and off line (uart or usb, faster).
> > > >
> > > > The only good point of using AES on a BL that I see is difficult the
> > > copy, because they will copy you product and it will be better, but they
> > > will need to spend time and money developing a new one instead of just
> > > copying yours.
> > > >
> > > > Ok than, but the time to develop an encrypted BL worth it?
> > > > Do you guys use any kind of secure BL?
> > > > Or it's just too much security to think about?
> > > >
> > > >
> > > > Best regards.
> > > > Andr� Rairan.
> > > >
> > >
> > >
> > >
> >
> >
> >
> >
>
>
and regarding using the unique ID to doing it, it's impossible in large production i think.
Another question:
And about security in production? I mean internal production
The bootloader have the key to decrypt, and this BL need to be flashed into uC using a JTAG for example so this bootloader BIN can't be encrypted.
What is a safe way of doing this in production? I can't remove USB drivers because JTAG need it, and with this USB someone can get the bootloader firmware using a thumb drive.
I this is too much worry, because my worker have an NDA, we have cameras in the company, the production have "controlled access" and etc, but maybe is a good and easy way that you guys using
And how you guys do in production with a product that have boot loader?
I have 2 firmwares now a days.
One with BL + APP, this one is flashed with JTAG.
The second one just APP, this one I encrypt and send if need to update.
Before we are flashing BL first, than in production using BL to upload APP, but it take much more time than a JTAG (we use UART, maybe with USB with the time)
Regards.
On Mar 16, 2012, at 12:36 PM, fhriley wrote:
> I can't speak for other's secured bootloaders, but this is how mine works for application programming (non-bootloader):
>
> 1) receive encrypted block
> 2) decrypt it to header and block
> 3) authenticate it
> 4) flash it to the location specified by the header
> 5) verify that the written block matches the one in ram
> 6) goto 1) until done
> 7) reset
>
> There is an application checksum that is checked when the device starts up. If it fails, the device enters the bootloader. The encrypted firmware binary is created by an external program that breaks up the unencrypted binary into blocks, adds a header, and encrypts and signs each one.
>
> --- In l..., Felipe de Andrade Neves Lavratti wrote:
> >
> > This is a great post.
> >
> > May I ask something concerning the subject?
> >
> > What is the flashing routine in a secured bootloader?
> > Does the firmware binary is encrypted and decrypted by the bootloeader
> > before self flashing it in the memory?
> >
> > What about using UniqueID masks to avoid cloning? Do you think it is
> > possible to come up with an algorithm that will not hugely consume memory
> > or manufacturing configuration time (in case of using one firmware per
> > unique id)?
> >
> > At.
> >
> > Em 15 de mar�o de 2012 13:14, fhriley escreveu:
> >
> > > **
> > >
> > >
> > > My decision to use a secure bootloader was because I have software
> > > features that can be purchased and turned on in the firmware. I'm using a
> > > low resource version of AES.
> > >
> > >
> > > --- In l..., Andr� Rairan wrote:
> > > >
> > > > I would ask about any boot loader with cryptography or any secure way to
> > > update firmware "off-factory", but I ask before: Worth it?
> > > >
> > > > Today I use a Microchip PIC AES-256 boot loader provided on a AN, we use
> > > it for two or three years already. Now we're "moving up" to Cortex-M0 and
> > > M3.
> > > > Our product need to have a boot loader, either online (GPRS, low speed)
> > > and off line (uart or usb, faster).
> > > >
> > > > The only good point of using AES on a BL that I see is difficult the
> > > copy, because they will copy you product and it will be better, but they
> > > will need to spend time and money developing a new one instead of just
> > > copying yours.
> > > >
> > > > Ok than, but the time to develop an encrypted BL worth it?
> > > > Do you guys use any kind of secure BL?
> > > > Or it's just too much security to think about?
> > > >
> > > >
> > > > Best regards.
> > > > Andr� Rairan.
> > > >
> > >
> > >
> > >
> >
> >
> >
> >
>
>
