Microcontrollers are used in more and more critical applications like pump controls, servo inverters, sensors with field bus connections, and smart meters. This makes protecting their firmware – during production and in all later updates – an essential factor for the safety of users and the commercial success of the businesses involved. Several security rules need to be followed:
- Code integrity: Controllers must only load firmware from a trusted source, with a reliable guarantee that it has not been tampered with.
- Secrecy: Firmware must not be readable on their way into the controller to prevent reverse engineering and copying.
- Authorization: Code can only be loaded and decrypted in the authorized and licensed controller.
- Licensing: Features can be activated with secure licenses.
Based on the popular CodeMeter solution for desktop and embedded systems, CodeMeter µEmbedded was developed specifically with the needs of microcontroller-operated systems in mind: code integrity, license controls, protection against reverse engineering, and copy protection. Everything with a tiny footprint of approximately 60KB.
CodeMeter μEmbedded protects the controller’s firmware against tampering, reverse engineering, and illicit copying during transmission and update processes. It also empowers OEMs (whose software is running on the controller) to add or authorize additional features in their software or hardware in later license updates, putting even more capabilities at the disposal of the end user without having to change the device in question.
The XMC4500 controllers are initially programmed by the OEM in a secure environment, where the secure Boot Strap Loader (BSL) is added and an individual license file is created, bound to the chip ID, and loaded onto the microcontroller. The BSL includes the ExEngine, CmActLicense, and CodeMeter µEmbedded, all of which work together to decrypt the firmware when it is needed. Once completed, the BSL and license can only be modified by the OEMs themselves, since the copy protections of the XMC prevent any changes to the loader in the field.
The OEM develops the firmware in Infineon DAVETM or a similar environment and can then execute the encryption capabilities of ExProtector via a visual DAVE plug-in. This creates an encrypted version of the firmware that can be loaded onto the controller or sent as a secure update file even via normally insecure channels like emails.
To make the footprint as small as possible, the features of CodeMeter were kept to the bare-bones minimum. This naturally includes the chosen encryption capabilities and compatibility to the full-scale CodeMeter versions and CodeMeter License Central. Licenses can still be created directly from within the OEM’s code.
CodeMeter µEmbedded is available now. It comes with a plug-in for DAVE and Protection Suite with AxProtector included. With this powerful package, creating secure firmware could not be easier.
KEYnote 32 – Edition Fall 2016