Secure Communication for Embedded Devices: Best Practices for Bootloader and Application
Communication between the microcontroller's (MCU's) bootloader (BL) and server (SRV) that run at some online virtual machine can be secured. There is only one secret that needs to be properly secure and that is Preshared Key on both sides. Here I'll explain how we implemented secure communication between IMBootloader and our servers. I'll start with Preshared Key . It is a key that is stored at the SRV and the BL. It is only a preshared piece of information that will make sure both BL and SRV can communicate securely with each other. The Preshared Key is the same on both sides. On the SRV side, there are many different methods to secure the key, and only the person who has access to the server can get to it. The more problematic part is BL which will arrive to users at Hardware device. This is when Preshared Key is exposed. This is where FLASH read protections get in handy. For STM32 MCUs there is LEVEL2 protection that will make sure everything that is ...