A Secure Boot and Firmware Update Framework for ARM Cortex-M Microcontrollers in Industrial IoT Environments

Abstract

This paper aims at developing and implementing a secure boot and firmware upgrade framework that is uniquely tailored to ARM cortex-M microcontrollers, industrial internet of things (IIoT). Industrial use Industrial controllers using these microcontrollers are common and have low power requirements, and are real-time systems but are becoming exposed to firmware level attacks like code injection, code tampering and code rollback attack. To cope with this, we suggest the idea of a lightweight two-stage boot loader architecture with proper initialization security and authenticated program execution. The architecture uses elliptic curve cryptography (ECC) to verify the digital signature, SHA-256 to check integrity validity, and support confidentiality of the otherwise optional firmware used in over-the-air (OTA) updates using AES-GCM. There is also a secure check-in/check-out system that is built so that it can prevent a rollback attack. It is verified on STM32 Cortex-M4 and M33 microcontrollers and has a low memory cost (+14 KB Flash, +3 KB RAM) and no significant latency effects (<40 ms boot delay). The findings support the fact that the framework offers robust protection against unauthorized modification of the firmware down to the minimum of devices that are resource-constrained. The work scales up and standardizes a security solution that contributes to the safe embedded system design practices of the U.S. IIoT sphere. The framework is more appropriate in industrial control systems, intelligent factory, and critical infrastructure in which embedded trust and firmware integrity are necessary.