3 Design
The Secure Firmware Upgrade application for the PIC32CM LS60 MCU utilizes the ATECC608B internal secure element to ensure the safe transfer of the application image to its intended target. Both the host and the client leverage the secure element's capabilities to encrypt, decrypt, and authenticate the application image, therefore, maintaining the integrity and security of the firmware upgrade process.
The Secure Firmware Upgrade application design consists of these modes:
- Client Firmware Upgrade on Host through PC: The MCU host interacts with the personal
computer application using a predefined communication protocol, specifically the
UART Firmware Upgrade Protocol, to
facilitate the transfer of client firmware to the MCU host.
The client firmware upgrade task consists of these sub-tasks:
- Communication
- Command Processing
- Programming
The following diagram illustrates the client firmware upgrade on the host through PC application design.
Figure 3-1. Client Firmware Upgrade on the Host through PC Application Design - Secure Firmware Upgrade on Client through Host: Securely stores the specified
firmware image in its secure Flash memory. It transmits encrypted data along with
associated tags to the client using a predefined communication protocol, which is
explained in the Secure Firmware Upgrade Protocol. The firmware image is then digitally signed with a private key,
creating a digital signature that allows the client to verify the authenticity of
the incoming firmware. Once the authentication is confirmed, the host sends a reset
command to initiate the running of the new firmware.
The host application consists of the following sub-tasks:
- Command Initiate
- Image Reading
- Image Encryption
- Communication
Client: Acquires the encrypted firmware image from the host through the predefined communication protocol, as defined in Secure Firmware Upgrade Protocol. Upon reception, the client decrypts the data and proceeds to program it into the Flash memory following successful tag verification. After the full firmware has been programmed, the client computes the signature and conducts a verification process.
The client application consists of the following sub-tasks:
- Communication
- Command Processing
- Image Decryption
- Programming
The following diagram illustrates the Secure Firmware Upgrade application design.
Figure 3-2. Secure Firmware Upgrade on Client through Host Application Design