![\"\"](\"https:\/\/clients.triloogia.ee\/proekspert\/wp-new\/wp-content\/uploads\/2024\/03\/sfu-1.jpg\")
<\/figure>\n\n\n\nKey features<\/h2>\n\n\n\n\n- Secure and tamper-proof FW update process<\/strong> \u2013 Through security features like Secure Boot, data encryption and TrustZone\u00ae, our solution ensures that the whole FW update process is safe and cannot be modified or tampered with by external unauthorized parties. <\/li>\n\n\n\n
- Authentic FW verification<\/strong> \u2013 Integrity and authenticity of the FW is checked after reading the initial package, plus the signature is matched utilizing our secure element chip, making sure only authentic FW gets updated in the process. <\/li>\n\n\n\n
- USB \/ offline FW updating<\/strong> \u2013 An offline, on-site update process is used to ensure security right at the target device level and make FW updates possible in places without online connections. <\/li>\n<\/ul>\n\n\n\n
How does our Secure Firmware Updater work? <\/h2>\n\n\n\n
One of the key security features, TrustZone\u00ae, is used to separate sensitive cryptography-related operations into an isolated secure world. This adds an extra layer of security, since outside communication with the secure element takes place only through strictly defined interfaces, meant to minimize attack possibilities toward any sensitive data.<\/p>\n\n\n\n![\"\"](\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\")
<\/figure>\n\n\n\n<\/div>\n\n\n\nEnhanced security using Secure Boot <\/h2>\n\n\n\n
We use the Secure Boot process during the application startup phase to ensure that only trusted software components are loaded during the boot process. The process uses a root of trust, a trusted bootloader, and a series of verification steps to ensure only an authentic version of our application is allowed to run. The Secure Boot process, illustrated in the drawing below, can be customized or improved according to the client system\u2019s cybersecurity requirements.<\/p>\n\n\n\n<\/figure>\n\n\n\n<\/div>\n\n\n\nSecurity features in our products <\/h2>\n\n\n\n
Our Secure Firmware Updater ensures safe FW updates by supporting major security features. <\/p>\n\n\n\n
Secure Boot<\/strong> \u2013 An extra layer of security which only allows the FW updater application to run when its integrity is verified against a trusted signature. <\/p>\n\n\n\nSecure Element<\/strong> \u2013 a.k.a. the Trusted Platform Module (TPM) or crypto chip. A Secure Element provides a secure storage- and generation environment for encryption, decryption, and verification keys. <\/p>\n\n\n\nData signing and encryption<\/strong> \u2013 A firmware update package is encrypted and signed by the device manufacturer, ensuring that only trusted update packages are processed. <\/p>\n\n\n\nTrustZone\u00ae<\/strong> – Technology which helps us separate the device into the \u201ctrusted secure world\u201d and \u201cnormal world,\u201d so sensitive and critical operations such as data signature checks and decrypting the firmware can be handled securely and separately from regular operations. <\/p>\n\n\n\nProekspert\u2019s supported MCUs and TPMs <\/h2>\n\n\n\n
In our Secure Firmware Updater, we currently use and support a variety of families of microcontrollers and secure elements by STMicroelectronics and Infineon. <\/p>\n\n\n\n
MCU families supported: <\/p>\n\n\n\n
\n- STM32F4 <\/li>\n\n\n\n
- STM32U5 <\/li>\n\n\n\n
- STM32L5 <\/li>\n<\/ul>\n\n\n\n
Secure Elements supported: <\/p>\n\n\n\n
\n- STSAFEA110 <\/li>\n\n\n\n
- Infineon OPTIGA Trust M <\/li>\n<\/ul>\n\n\n\n
\n\n\n<\/figure>\n<\/div>\n\n\n\n\nGet the solution brief<\/h2>\n\n\n\n
Discover how Shield-loT enables organizations to monitor and secure any loT device, application and network<\/p>\n\n\n\n
\nDownload PDF<\/a><\/div>\n<\/div>\n<\/div>\n<\/div>\n\n\n\n<\/div><\/div>\n\n\n\n<\/div>\n<\/div><\/section>\n\n\n\nRead more<\/h2>\n\n\n\n\t\t\t<\/a>\n\t\t\t\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\n\t\t\t\t\n\t\t\tSecure firmware update solution | Proekspert\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\t\t\t\tProekspert develops secure firmware update solutions that ensure the device software is protected no matter how the update package…\n\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\thttps:\/\/proekspert.com\/secure-firmware-update-solution\/<\/a>\n\t\t<\/div>\n\t\t\t<\/div>\n<\/div>\n\n\n\n\t\t\t<\/a>\n\t\t\t\n\t\t\t\t\t\t<\/div>\n\t\t\t<\/div>\n\t\t\n\t\t\t\t\n\t\t\tSecure Firmware Updaters on STM32 MCUs | Proekspert\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\t\t\t\tSTM32-based Secure Firmware Updater for industrial device manufacturers…\n\t\t<\/div>\n\t\t\t\t\t\t\n\t\t\thttps:\/\/proekspert.com\/blog\/connected-products\/secure-firmware-updaters-on-stm32-mcus\/<\/a>\n\t\t<\/div>\n\t\t\t<\/div>\n<\/div>\n\n\n
How does our Secure Firmware Updater work? <\/h2>\n\n\n\n
One of the key security features, TrustZone\u00ae, is used to separate sensitive cryptography-related operations into an isolated secure world. This adds an extra layer of security, since outside communication with the secure element takes place only through strictly defined interfaces, meant to minimize attack possibilities toward any sensitive data.<\/p>\n\n\n\n We use the Secure Boot process during the application startup phase to ensure that only trusted software components are loaded during the boot process. The process uses a root of trust, a trusted bootloader, and a series of verification steps to ensure only an authentic version of our application is allowed to run. The Secure Boot process, illustrated in the drawing below, can be customized or improved according to the client system\u2019s cybersecurity requirements.<\/p>\n\n\n\n Our Secure Firmware Updater ensures safe FW updates by supporting major security features. <\/p>\n\n\n\n Secure Boot<\/strong> \u2013 An extra layer of security which only allows the FW updater application to run when its integrity is verified against a trusted signature. <\/p>\n\n\n\n Secure Element<\/strong> \u2013 a.k.a. the Trusted Platform Module (TPM) or crypto chip. A Secure Element provides a secure storage- and generation environment for encryption, decryption, and verification keys. <\/p>\n\n\n\n Data signing and encryption<\/strong> \u2013 A firmware update package is encrypted and signed by the device manufacturer, ensuring that only trusted update packages are processed. <\/p>\n\n\n\n TrustZone\u00ae<\/strong> – Technology which helps us separate the device into the \u201ctrusted secure world\u201d and \u201cnormal world,\u201d so sensitive and critical operations such as data signature checks and decrypting the firmware can be handled securely and separately from regular operations. <\/p>\n\n\n\n In our Secure Firmware Updater, we currently use and support a variety of families of microcontrollers and secure elements by STMicroelectronics and Infineon. <\/p>\n\n\n\n MCU families supported: <\/p>\n\n\n\n Secure Elements supported: <\/p>\n\n\n\n Discover how Shield-loT enables organizations to monitor and secure any loT device, application and network<\/p>\n\n\n\n![\"\"](\"https:\/\/clients.triloogia.ee\/proekspert\/wp-new\/wp-content\/uploads\/2024\/03\/sfu-scheme-1253x1024.png\")
<\/figure>\n\n\n\nEnhanced security using Secure Boot <\/h2>\n\n\n\n
![\"\"](\"https:\/\/clients.triloogia.ee\/proekspert\/wp-new\/wp-content\/uploads\/2024\/03\/sfu-scheme2.png\")
<\/figure>\n\n\n\nSecurity features in our products <\/h2>\n\n\n\n
Proekspert\u2019s supported MCUs and TPMs <\/h2>\n\n\n\n
\n
\n
![\"\"](\"https:\/\/clients.triloogia.ee\/proekspert\/wp-new\/wp-content\/uploads\/2024\/06\/sfu.png\")
<\/figure>\n<\/div>\n\n\n\nGet the solution brief<\/h2>\n\n\n\n
Read more<\/h2>\n\n\n
![](\"https:\/\/proekspert.com\/wp-content\/uploads\/2023\/02\/secure-firmware-update-solution-fb.jpg\")
<\/div>\n\t\t\t<\/div>\n\t\t![](\"https:\/\/proekspert.com\/wp-content\/uploads\/2024\/03\/BlogPicture_sfu2-1.jpg\")
<\/div>\n\t\t\t<\/div>\n\t\t
![](\"https:\/\/proekspert.com\/wp-content\/uploads\/2024\/02\/iec-62443-compliance-analysis-service-hero.jpg\")
<\/div>\n\t\t\t<\/div>\n\t\t