2.4 Secure Firmware Upgrade Implementation on PIC32CM LS60 MCU
The security aspect of the firmware update is dependent on various cryptographic elements, such as hash functions, digital signature algorithms, and encryption protocols. Leveraging the secure element (ATECC608B) embedded in the PIC32CM LS60 MCU, these security features can be effectively integrated.
The following figure illustrates the secure firmware upgrade that takes place between the PIC32CM LS60 MCU and Host PC.
The secure firmware upgrade process is initiated on the host through a series of steps:
- The target firmware is encrypted utilizing the private key.
- The authentication tag is encrypted using the same private key.
- To authenticate the target firmware on the client side, a hash function is applied to generate a firmware digest.
- The firmware digest is then signed with the private key to produce a digital signature for the firmware.
- A public key is derived to facilitate the verification of the firmware based on the private key.
Note: Encrypted firmware is divided into smaller segments based on the
client's page size requirements.
For the client, the secure firmware upgrade is executed through the following procedures:
- The encrypted firmware is decrypted with the private key, which is verified by the decrypted authentication tag.
- Decrypted image is programmed into the target Flash memory.
- A digest is computed for the received firmware.
- The firmware's integrity is authenticated by using the public key in conjunction with the received signature and the calculated digest.