Abstract: A system and method of downloading firmware into an embedded device while maintaining the integrity and confidentiality of the firmware is disclosed. In one embodiment, the process comprises four phases. In the first phase, unauthenticated content is written into the memory of the embedded device. In the second phase, this content is verified. In the third step, a secure connection is established between the host and the embedded device. In the fourth step, the firmware is loaded into the embedded device using this secure connection. The firmware is encrypted as it is transferred from the host to the embedded device and is never accessible outside of the embedded device.

Abstract: A system and method for minimizing the likelihood that the secret key used by a bootloader is compromised is disclosed. A bootloader is installed on the device. The bootloader is a software program that performs many functions. These functions may include checking the checksum of the incoming software image for integrity, decrypting the incoming software image using a secret key, deleting data in the FLASH memory, installing the new software image in the FLASH memory and other functions. The bootloader utilizes various techniques to track the versions of the software image being installed. The method counts the number of incomplete attempts that are made when trying to update the software image. By monitoring these parameters, the bootloader can determine when a malicious actor is attempting a side channel attack. In response, the bootloader may not allow a new software image to be loaded or the secret key to be accessed.

Abstract: A system and method for minimizing the likelihood that the secret key used by a bootloader is compromised is disclosed. A bootloader is installed on the device. The bootloader is a software program that performs many functions. These functions may include checking the checksum of the incoming software image for integrity, decrypting the incoming software image using a secret key, deleting data in the FLASH memory, installing the new software image in the FLASH memory and other functions. The bootloader utilizes various techniques to track the versions of the software image being installed. The method also counts the number of incomplete attempts that are made when trying to update the software image. By monitoring these parameters, the bootloader can determine when a malicious actor is attempting a side channel attack. In response, the bootloader may not allow a new software image to be loaded or the secret key to be accessed.

Abstract: A system and method of downloading firmware into an embedded device while maintaining the integrity and confidentiality of the firmware is disclosed. In one embodiment, the process comprises four phases. In the first phase, unauthenticated content is written into the memory of the embedded device. In the second phase, this content is verified. In the third step, a secure connection is established between the host and the embedded device. In the fourth step, the firmware is loaded into the embedded device using this secure connection. The firmware is encrypted as it is transferred from the host to the embedded device and is never accessible outside of the embedded device.