3 Design

The Secure Firmware Upgrade application for the PIC32CM LS60 MCU utilizes the ATECC608B internal secure element to ensure the safe transfer of the application image to its intended target. Both the host and the client leverage the secure element's capabilities to encrypt, decrypt, and authenticate the application image, therefore, maintaining the integrity and security of the firmware upgrade process.

The Secure Firmware Upgrade application design consists of these modes:

  • Client Firmware Upgrade on Host through PC: The MCU host interacts with the personal computer application using a predefined communication protocol, specifically the UART Firmware Upgrade Protocol, to facilitate the transfer of client firmware to the MCU host.

    The client firmware upgrade task consists of these sub-tasks:

    • Communication
    • Command Processing
    • Programming

    The following diagram illustrates the client firmware upgrade on the host through PC application design.

    Figure 3-1. Client Firmware Upgrade on the Host through PC Application Design
  • Secure Firmware Upgrade on Client through Host: Securely stores the specified firmware image in its secure Flash memory. It transmits encrypted data along with associated tags to the client using a predefined communication protocol, which is explained in the Secure Firmware Upgrade Protocol. The firmware image is then digitally signed with a private key, creating a digital signature that allows the client to verify the authenticity of the incoming firmware. Once the authentication is confirmed, the host sends a reset command to initiate the running of the new firmware.

    The host application consists of the following sub-tasks:

    • Command Initiate
    • Image Reading
    • Image Encryption
    • Communication

    Client: Acquires the encrypted firmware image from the host through the predefined communication protocol, as defined in Secure Firmware Upgrade Protocol. Upon reception, the client decrypts the data and proceeds to program it into the Flash memory following successful tag verification. After the full firmware has been programmed, the client computes the signature and conducts a verification process.

    The client application consists of the following sub-tasks:

    • Communication
    • Command Processing
    • Image Decryption
    • Programming

    The following diagram illustrates the Secure Firmware Upgrade application design.

    Figure 3-2. Secure Firmware Upgrade on Client through Host Application Design