How can I implement a bootloader capable of accepting AES-encrypted firmware updates?
New firmware updates are always at the risk of being tampered with or copied. Some applications have sensitive information has to be embedded in the firmware update itself, which creates the need for the firmware to be distributed in an encrypted form. To aid with this, a bootloader for the EFM32 can be implemented so that it receives encrypted application upgrades. This bootloader relies on private key cryptography wherein the key is stored in the bootloader and is known only in the development environment and the MCU. The aim is to keep the encryption key secret from all third parties to protect the firmware.
The bootloader attempts to either boot the application in flash or waits for a new firmware update, contingent upon the state of a preconfigured pin when coming out of RESET, as demonstrated in this figure:
Fig: Bootloader state machine
It decrypts, verifies, and stores the new application in flash when uploading new firmware. There is also an option to configure it to use a temporary storage area so as to ensure the MCU always contains a valid program, even in the case of a critical failure during update.
Fig: Using temporary storage
Read the complete application note here for more details and to learn how to encrypt firmware for use with the AES bootloader.