2023-02-11 09:20 AM
Based on operational requirements I narrowed down the selection to the STM32F413.
The murky part is the field firmware update (customer side) capability. Is the STM32F413 capable of encrypted, customer side, firmware updates?
I watched the Security related videos but it seems you have to have a security background to know what to do and why. I am not a hacker, I don't know the ins and outs of what is secure and to what extent.
Is there a function (or a handful of well described functions) I can use to make things secure. A function to encrypt the firmware before emailing it to the customer, a function in the bootloader to download and unpack the encrypted file and replace the firmware in the flash, Is this available for the STM32F413?
My last firmware update project was a nightmare (not with ST but TI) and I went through 3 EEs with significant firmware experience. It cost a lot of money and still couldn't get it working. Ultimately I turned to software engineers and the second engineer got it working. In the mean time TI claimed - "Oh, its easy". After all that, I am still not sure how secure that firmware update is.
I hope I am not looking into the same abyss with the STM32F413.
2023-02-11 09:51 AM
2023-02-11 11:34 AM
> I hope I am not looking into the same abyss with the STM32F413.
What gives you grounds for such hope? STM32F4 is an aged chip, no better than same age TI chips from the security POV.
Well, you now are experienced and know how to find software consultants and what to demand from them.
2023-02-11 12:23 PM
Packaging a firmware with encryption shouldn't be too hard, we generally manage that as a post link step.
The current bootloader or firmware manages the encryption and integrity of the update. User side code update app doesn't need to see the plaintext.
The F4 can limit access to flash or debugger.