Introduction

Modern embedded systems often necessitate firmware upgrades to rectify issues or incorporate additional functionalities. Concurrently, safeguarding intellectual property is of paramount importance. While microcontrollers are equipped with formidable firmware security features, the firmware remains susceptible to interception during the transfer process from external sources. A solution to this issue is to implement a secure firmware upgrade and ensure that only encrypted versions of the firmware are released to the public.

This document outlines the process for securely upgrading firmware using the PIC32CM LS60 Curiosity Pro Evaluation Kits. The secure firmware upgrade mechanism is implemented on the host, while a secure bootloader is implemented on the client, which utilizes the onboard ATECC608B cryptographic co-processor. The host evaluation board generates a digest and signature for the application, encrypts the application using symmetric keys, and transmits it to the client through the UART interface. Upon receiving the encrypted image, the client decrypts it and verifies the application using the signature and the host’s public key. If the verification is successful, the new firmware is executed.