Xintang: Secure In-System-Programming protects firmware burning security

火辣西米秀

Xintang: Secure In-System-Programming protects firmware burning security [Copy link]

 

In system programming (ISP) provides a convenient way to update firmware on a complete product. Even on a brand new product without any firmware installed, ISP can be used to install the initial firmware.

The general ISP needs to transmit the firmware data to the chip through the transmission interface. During the transmission process, the data will be exposed on the transmission interface, so there is a risk of being stolen, so it is only suitable for use in the laboratory development stage. Once the product development is completed and the foundry is commissioned to produce it, in order to protect the firmware burning security, the transmission communication will be encrypted to protect the firmware, which is equivalent to establishing a secure channel for ISP transmission and burning operations.

Take the M2351 microcontroller of Nuvoton Technology as an example. It has a built-in secure ISP function that can burn firmware securely to prevent theft during transmission. To enable the secure ISP function, you can first set it up through the ICP tool provided by the manufacturer. If you need to use UART as the ISP transmission interface, you need to set the Boot Loader UART1 TXD/RXD pin function selection to confirm the transmission pin to be used.

Figure 1 UART1 pin settings

When the ISP function is turned on, you can use the ISP tool provided by the manufacturer to connect to the microcontroller and perform burning operations.

When using USB as the ISP connection interface, the user does not need to do any prior configuration. Just connect the device's USB socket to the USB port on the PC with a USB cable, open Secure ISPTool and click the connect button to work normally.

Figure 2 USB connection interface settings

If you use UART1 as the transmission interface, you need to connect the current microcontroller UART1 pin to the PC serial port, and then you can connect to Secure ISPTool normally.

Figure 3 UART1 connected to the PC serial port settings

When the microcontroller is successfully connected to Secure ISPTool, the basic information of the microcontroller will be displayed on the Tool, and the microcontroller settings and firmware burning can be performed. Moreover, these actions will be protected by the secure channel, and attackers will not be able to steal the transmitted firmware by monitoring the data on the communication interface.

Figure 4 Basic information displayed after the microcontroller is connected to ISP

Figure 5 ISP firmware file burning

ISP is a common function on microcontrollers. It allows users to test and burn product firmware during product production without the need for additional hardware. However, because ISP data is transmitted through a transmission interface, information will be exposed during the transmission process, causing the risk of product firmware being stolen. This is especially true when the product is produced by an external processing plant, which poses an even greater risk of being counterfeited.

To avoid this problem, you can use a secure ISP. During the firmware transmission process, all data will be encrypted with high-strength cryptography to ensure that the data cannot be stolen. This can protect the product firmware from being stolen, thereby eliminating the possibility of counterfeiting.