← Blog
REV 1.0|2025-05-10

Embedded Security: Secure Boot and Firmware Encryption

EmbeddedSecurityIoTFirmware

Introduction: Why Embedded System Security?

Embedded systems are no longer isolated devices — they are continuously connected via Wi-Fi, BLE, Ethernet, and cellular networks. This connectivity significantly expands the attack surface. Firmware reverse engineering, unauthorized access, and malicious update attacks are real threats.

Especially in defense, medical devices, and industrial automation, device security is no longer optional — it is a mandatory design requirement. Standards like IEC 62443 (industrial), IEC 62304 (medical), and DO-326A (aviation) explicitly require it.

Secure Boot Chain

Secure boot is the mechanism that ensures a device runs only authorized (signed) software at startup.

How It Works

ROM Bootloader (immutable)
  └─ Verify: First-stage bootloader signature
       └─ Verify: Application firmware signature
            └─ Execute: Main application

At each stage, the digital signature of the next stage is verified. If the signature is invalid, the device does not start or enters recovery mode.

ESP32 Example

ESP32 offers eFuse-based secure boot support:

  • Secure Boot v2: RSA-3072 or ECDSA-256 signature verification
  • Flash Encryption: AES-256-XTS flash content encryption
  • eFuse: One-time programmable security bits (irreversible)
Critical: Once eFuses are written, there is no going back. Careful testing during the development phase is essential.

STM32 Example

Security mechanisms in the STM32 family:

  • RDP (Read-out Protection): Level 0 (open), Level 1 (debug restricted), Level 2 (permanent lock)
  • Secure Boot (SBSFU): ST's reference implementation
  • PCROP: Code region protection (readable but not copyable)
  • Firewall: Memory region access control

Flash Encryption

Encrypting firmware in flash memory provides protection in physical access scenarios (device stolen, probe connected to PCB).

Encryption Methods

MethodAdvantageDisadvantage
AES-256-XTSStrong, hardware acceleratedKey management critical
AES-128-CBCWidely supportedWeaker than XTS
ChaCha20Fast in softwareLimited hardware support

Key Management

The weakest link in security is usually not the key itself, but how the key is stored:

  • Hardcoding the key in firmware is the biggest mistake
  • Hardware security modules (HSM) or eFuse should be used
  • Each device should have a unique key written during manufacturing (per-device key)
  • Key derivation functions (KDF) can derive device keys from a master key

Secure Firmware Update (OTA)

A secure OTA mechanism is essential for every product that requires field updates.

OTA Update Steps

  1. Server-side signing: Firmware is signed with the developer's private key
  2. Transport: Encrypted channel over TLS 1.3
  3. Device-side verification: Signature verification with public key
  4. Integrity check: SHA-256 hash comparison
  5. A/B partitioning: Fallback to previous version if update fails
  6. Rollback protection: Version counter preventing old version installation

Anti-Rollback Mechanism

Firmware v3 (version counter: 3)
  ├─ v4 update: Accepted (4 > 3)
  ├─ v3 reinstall: REJECTED (3 <= 3)
  └─ v2 install attempt: REJECTED (2 < 3)

eFuse-based version counters cannot be reversed even with physical tampering.

Attack Vectors and Protection

JTAG/SWD Debug Access

Threat: If the debug port is open, an attacker can read, modify firmware, or fully control the device. Protection:
  • Disable the debug port in production firmware (RDP Level 2, eFuse)
  • Remove test points from the PCB or make access difficult
  • Use debug authentication (certificate-based debug access)

Side-Channel Attacks

Threat: Encryption keys can be obtained through power consumption or electromagnetic emission analysis. Protection:
  • Use constant-time cryptography libraries
  • Prefer hardware-based encryption (AES accelerator)
  • Apply power line filtering and shielding

Fault Injection

Threat: Bypassing security controls through voltage or clock manipulation. Protection:
  • Voltage and clock monitoring (brownout detector, clock security system)
  • Redundant checks for critical decisions
  • Glitch detector hardware

Practical Checklist

Verify the following before releasing a product:

  • Is the debug port disabled in production firmware?
  • Is flash encryption active?
  • Is the secure boot chain complete?
  • Does OTA update perform signature verification?
  • Is there an anti-rollback mechanism?
  • Are encryption keys securely stored (HSM/eFuse)?
  • Is TLS certificate pinning active?
  • Do error messages avoid leaking sensitive information?

Conclusion

Embedded system security must be at the foundation of design, not a feature added at the last stage. Secure boot, flash encryption, and secure OTA mechanisms establish the minimum security level. In the IoT era where the attack surface is continuously expanding, security is no longer a competitive advantage — it is a necessity.