Portable ANSI C secure boot loader, image installer and key management.
Embedded products including boot loader, firmware and programmable logic are vulnerable to product integrity compromise including reverse engineering, unauthorized use, and remote access and communications risks. The uLoad secure boot loader and file integrity SDK raises the bar by combining authentication features with advanced keying and encryption in a unified product integrity architecture
uLoad starts by authenticating the firmware image during installation using the image security header. Multiple firmware images can be present on-chip or on-board. Once the image is authenticated, key information is extracted to decrypt and activate the firmware image. During boot load, image integrity is checked against the install signature to verify the image has not been tampered with. uLoad also provides multiple version upgrade and rollback for firmware field upgrades and product support, using a management registry with primary, backup and power-fail recovery features.
The uFile security processing utility works in tandem with uLoad, providing off-line firmware and FPGA bit stream file processing. Its multi-layer key system scrambles the firmware decryption key with a master key so the decrypt key is securely embedded in the firmware image header and can only be activated with the operator pass-phrase.
Keys can be safely distributed inside the field upgrade image. Protected by a strong pass-phrase, key sets can be safely stored at-rest or emailed independently of firmware images. The master key associated with the firmware image is used to activate the decryption key in the manufacturing line or in the field to install and activate the image.
This architecture can be used to manage optional product features using feature unlock key sets. Images and keys can be targeted to specific markets, regions, or customer accounts. These innovative solutions offer improved product integrity, reliability, and product lifecycle return-on-investment
• MCU and FPGA image file hash signing and authentication
• Secure pass-phrase protected distribution of embedded product keyset.
• Image installation and rollback
• Flexible, easy to use and extensible design can be integrated with product startup and initializations
• Small RAM and ROM footprint operates on low-power 8, 16, and 32 bit, microcontrollers
• Optional support for trust chip DS28E01 hardware based challenge-response authentication for PCB board level verification
• Enhanced product integrity
• Protection against product tampering, reverse engineering and unauthorized use.
• Unlock optional user features using managed key file