2. Setting up the secure area using a dedicated operating system (called a Trusted Execution Environment, or TEE) and loading all relevant elements into the secure area.
3. Setting up the non-secure area and executing the process of authenticating and decrypting the operating system (e.g., Linux Kernel), followed by the same process for device applications.
Ensuring Safe and Secure Firmware and App Updates
1. A device application manages a schedule or set of events that determine that an update will be performed.
2. When prompted for an update, the device performs a reboot, with boot state variables signaling that the device will follow an update process prior to the secure boot process.
3. The read-only memory (ROM) then loads and verifies the secondary boot loader (SBL), which will load the updated software.
4. The device determines by memory, then registers and holds the boot state variable and reset status, thereby facilitating the boot process update.
5. The device locates and reads the payload in the update location.
6. The Secure Boot steps described above, where memory is partitioned and both secure and non-secure areas are set up, new software verified, de-encrypted, and loaded, are followed.
An IoT device must be maintained to remain useful. To ensure that the device is running as intended throughout its lifecycle, firmware updates, administered locally via a network or Over-the-Air (OTA), are essential. Keeping these principles in mind ensures safe and secure updates for the administrator’s fleet of devices.
Philip Attfield, 2021, Are Your Connected Device Firmware and Application Updates Secure?, June 11, 2021, <https://www.toolbox.com/it-security/iot-device-management/guest-article/are-your-connected-device-firmware-and-application-updates-secure/?mailingcontentid=191982&utm_medium=email&utm_source=toolbox&utm_campaign=toolbox-tech>