Secure Firmware Download – Use Case Example

Last modified by Microchip on 2023/11/09 08:54

In this use case example, we will demonstrate the authentication of a firmware update. The example we've chosen uses asymmetric cryptography to establish a chain of trust to validate the update.

Preparing a Secure Digital Envelope

The Original Equipment Manufacturer (OEM) Signer module contains a secure device with a unique set of Manufacturing Public and Private keys. It also contains a Manufacturing Certificate that has a digital signature root of trust which is a critical component in the Chain of Trust.

The Firmware Update is prepared to be sent to the field by the following steps:

The Firmware Update is processed by a Hash Function to create a Firmware Digest.
The Firmware Digest is signed by the Manufacturing Private Key (which is securely stored inside the OEM Signer CryptoAuthentication™ device).

Digital Envelope

A Digital Envelope is created containing the Firmware Update, Digital Signature, Manufacturing Public Key and Manufacturing Certificate.
The Manufacturing Public Key will be used to verify the Digital Signature.
The Manufacturing Certificate contains a digital signature of the Manufacturing Public Key by the Signing Authority.

The Digital Envelope can be delivered to the field via a USB Flash Drive, email, or download.

Digital Envelope can be delivered to the field via a USB Flash Drive

Firmware Update in the Field

The Field Unit contains a CryptoAuthentication device. Contained in the device is the Authority Public Key.

The following steps verify that the Firmware Update is authentic:

The digital envelope arrives from the OEM.

Manufacturing Certificate

The Manufacturing Certificate is validated against the Authority’s Public Key contained in the Field Unit.
If it verifies, go to Step 3.
Otherwise, if it does not verify, discard the Firmware Update and DO NOT update the Field Unit’s firmware.
The Firmware Update is processed by a Hash Function to create a Firmware Digest.

Firmware Digest

The Firmware Digest is verified against the Firmware Update’s Digital Signature and Manufacturing Public Key.
If it verifies, go to Step 5.
Otherwise, if it does not verify, discard the Firmware Update and DO NOT update the Field Unit’s firmware.

The Firmware Update has been verified as authentic. Proceed with the firmware update of the field unit.

he Firmware Update has been verified as authentic.

Back to top