Secure Firmware Download – Use Case Example

In this use case example, we will demonstrate the authentication of a firmware update. The example we've chosen uses asymmetric cryptography to establish a chain of trust to validate the update.

Preparing a Secure Digital Envelope

The Original Equipment Manufacturer (OEM) Signer module contains a secure device with a unique set of Manufacturing Public and Private keys. It also contains a Manufacturing Certificate that has a digital signature root of trust which is a critical component in the Chain of Trust.

The Firmware Update is prepared to be sent to the field by the following steps:

1

The Firmware Update is processed by a Hash Function to create a Firmware Digest.

2

The Firmware Digest is signed by the Manufacturing Private Key (which is securely stored inside the OEM Signer CryptoAuthentication device).

3

a

A Digital Envelope is created containing the Firmware Update, Digital Signature, Manufacturing Public Key and Manufacturing Certificate.

b

The Manufacturing Public Key will be used to verify the Digital Signature.

c

The Manufacturing Certificate contains a digital signature of the Manufacturing Public Key by the Signing Authority.

The Digital Envelope can be delivered to the field via a USB Flash Drive, email, or download.

sfd-fig-01.png

Firmware Update in the Field

The Field Unit contains a CryptoAuthentication™ device. Contained in the device is the Authority Public Key.

The following steps verify that the Firmware Update is authentic:

1

The digital envelope arrives from the OEM.

2

a

The Manufacturing Certificate is validated against the Authority’s Public Key contained in the Field Unit.

b

If it verifies, go to Step 3.

c

Otherwise, if it does not verify, discard the Firmware Update and DO NOT update the Field Unit’s firmware.

3

The Firmware Update is processed by a Hash Function to create a Firmware Digest.

4

a

The Firmware Digest is verified against the Firmware Update’s Digital Signature and Manufacturing Public Key.

b

If it verifies, go to Step 5.

c

Otherwise, if it does not verify, discard the Firmware Update and DO NOT update the Field Unit’s firmware.

5

The Firmware Update has been verified as authentic. Proceed with the firmware update of the field unit.

sfd-fig-02.png
© 2018 Microchip Technology, Inc.
Notice: ARM and Cortex are the registered trademarks of ARM Limited in the EU and other countries.
Information contained on this site regarding device applications and the like is provided only for your convenience and may be superseded by updates. It is your responsibility to ensure that your application meets with your specifications. MICROCHIP MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WHETHER EXPRESS OR IMPLIED, WRITTEN OR ORAL, STATUTORY OR OTHERWISE, RELATED TO THE INFORMATION, INCLUDING BUT NOT LIMITED TO ITS CONDITION, QUALITY, PERFORMANCE, MERCHANTABILITY OR FITNESS FOR PURPOSE. Microchip disclaims all liability arising from this information and its use. Use of Microchip devices in life support and/or safety applications is entirely at the buyer's risk, and the buyer agrees to defend, indemnify and hold harmless Microchip from any and all damages, claims, suits, or expenses resulting from such use. No licenses are conveyed, implicitly or otherwise, under any Microchip intellectual property rights.