Secure updates for FPGA-based systems
Ted Marena, Microsemi
EDN (December 11, 2015)
“Do not turn off power while system is updating.” We’ve all seen this warning before. It typically occurs when one of our electronic devices is updating its flash memory to install a code update. If this update is interrupted the flash memory will not be updated correctly. The code will be corrupted and the device inoperable, or ‘bricked’. The underlying reason for the familiar warning notice is that the vast majority of semiconductor devices that use flash memory require power to be applied at all times during programming or erase operations. Clearly it’s important to avoid creating a ‘bricked’ device. But what if it’s not sufficient to just issue a warning? Some embedded devices don’t even have a user display, so a warning can’t be generated. What can you do in your designs to create a reliable, safe and secure remote system update?
The Importance of Remote Updates in Embedded Systems
Remote updates are an increasingly important feature for connected embedded systems. Being able to fix bugs or add features remotely, over the internet, saves the significant expense of a service call and when thousands of embedded systems are deployed service calls become problematic. The increasing frequency of security breaches that target embedded systems also highlights the need for remote security oriented code updates to fix potential security exploits. Clearly the updates need to be secure or attack algorithms can use an insecure security update as an easy method of compromising the system. Let’s look at a typical system to better understand the requirements for a safe, secure and reliable remote update facility.
E-mail This Article | Printer-Friendly Page |
|