Require authentication for firmware update

DPark.2 · ‎2020-02-25

I started a new project, and my security requirement states that user authentication is required when updating firmware.

I wonder if there's a feature for this, and if not, can the bootload side be modified to meet this requirement?

I searched and found a concept like SFU. The chip used is stm32l0x2.

Tesla DeLorean · ‎2020-02-25

Perhaps there is a requirement to only apply newer firmware, preventing the refreshing of the current firmware, or older versions, or firmware for a different variant of the same product.

Usually one would use a product unique key or identifier, and then a date or sequence number for each firmware release.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

View solution in original post

Tesla DeLorean · ‎2020-02-25

That the user has a password, or a signed key?

Perhaps discuss with the individuals who created the requirements?

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

DPark.2 · ‎2020-02-25

It's an requirement of certification, and maybe both methods don't matter, and just need to prevent the firmware from being updated unintentionally.

Thanks for ur apply!

Tesla DeLorean · ‎2020-02-25

Perhaps there is a requirement to only apply newer firmware, preventing the refreshing of the current firmware, or older versions, or firmware for a different variant of the same product.

Usually one would use a product unique key or identifier, and then a date or sequence number for each firmware release.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

DPark.2 · ‎2020-02-25

This certificate is a security certificate.

It seems to be a specification that requires a specific product to not be able to update the firmware except the manufacturer.