Development of Secure Bootloader for Automotive Tier-1 Customers
ECU Reprogramming capability is one of the pre-requisites of an automotive control unit. And Flash Bootloader is the piece of software that makes it possible.
With control units getting more safety critical, the security of the data to be flashed on to these ECUs assumes much importance.
Automotive Suppliers and OEMs developing applications like ADAS, Telematics, Body Control Modules, etc. require flash Bootloaders equipped with security features such as Digital Signature, Encryption, HMS and others. And that’s why the name Secure Bootloader.
We have been technology partners to several customers who are developing ISO 26262 complaint applications.
Embitel, as one of the leading technology vendors for automotive suppliers and OEMs, has partnered with many customers for the development of such secure bootloaders.
About the Secure Bootloader Solution:
Our Secure Bootloader solution is equipped with five security components- AES-128, Digital Signature, CRC32, HMS Drivers, Secondary Bootloader (SBL). These components ensure that the inter-ECU data transmission is secure and data integrity is not compromised.
Secure Bootloader Solution Overview:
- Cyber Security: It is implemented as per the customer’s requirement as well as the ASIL grade assigned to the project. For one of our customers, we have used AES 128 algorithm for encryption/decryption of the image file. Data is secured using the AES 128 algorithm before sending it to the ECU from the flashing device.
- Secondary Bootloader (SBL): Our Flash Bootloader secured with the help of Secondary Bootloader follows the following sequence:
- A Secondary Bootloader with the Flash driver (A small binary file) gets downloaded to the Bootloader’s RAM.
- Read and Write function is performed by the Bootloader to flash the ECU.
- After the re-programming is completed, the flash driver is deleted from the RAM of the Bootloader.
The Flash Driver, which is responsible for read/write/erase, is implemented outside the Flash Bootloader software. This is a safety mechanism implemented to prevent unintended writing/erasing of the data.
- Digital Signature: Our secure Bootloader solution uses SHA 256 Algorithm for Digital Signature. Depending on the project’s requirements, we have also used AES 128 and other algorithms for the purpose. When secured with Digital Signature, the Bootloader uses SHA-256 algorithm to 256 bits image of the update data. The automotive ECU validates this digital signature before downloading the image file for ECU flashing.
- CRC32: Data Integrity is validated using CRC32 that is an error detecting code which is part of the Base Software of the Bootloader solution. If there is a corruption in the data while ECU flashing, it will be identified by CRC32. In such an instance of corruption, the data will not be accepted by the ECU and will be notified to the flashing tool.
- Hardware Security Module: Some microcontrollers come with built-in HSM module that implements security for the Bootloader. We developed the HSM device driver for the Bootloader Software to access the HSM module of the microcontroller. HSM also works with the AES algorithm in order to implement secure Bootloader.
We have the expertise to develop the device driver for the HSM module for different MCU families like NXP, Atmel, Infineon, Texas Instrument, Renesas, Cypress, ST Micro, Fujitsu, Microchip, Silabs and more.
Value-Adds of our Secure Bootloader Solution:
- No loss of data during ECU Flashing
- Completely secure bootloader that cannot be hacked
- 100% Image Validation is achieved
- Secure Bootloader designed for ISO 26262 compliant applications
- Readily available components with project-specific configuration and device driver development
Tools and Technologies:
- Microcontroller– Infineon, NXP, Atmel, Microchip, Texas Instrument and more
- Tasking Compiler: Used for code compilation and debugging
- VFlash: Tool for ECU reprogramming