German software company Segger has developed a tool to ensure only authentic, manufacturer-approved firmware can be installed on embedded devices.

Called EmBoot-Secure, the Cyber Resilience Act (CRA)-minded software provides for secure and verifiable firmware updates on embedded devices. It uses modern cryptographic mechanisms and a controlled update workflow.

The product is based on an asymmetric cryptography security architecture that ensures data authenticity and integrity. The private signing key remains stored on a dedicated signature server at a secure location of choice, while devices to be updated contain the corresponding public key to verify the signature. Firmware updates are prepared as compact, protected packages that are digitally signed, encrypted and compressed before being delivered to a target system.

“The ability to carry out updates securely is no longer optional for products with embedded systems but, luckily, it has never been easier,” said Rolf Segger, founder of Segger. “Segger provides a complete package containing all of the tools required to be safe, secure and compliant right away. Security should never be seen as a do-it-yourself project. It has always been risky to gamble with product security, in terms of both expense and reputation. With the new CRA regulations, there is now also significant legal risk. Segger has decades of experience with this technology, and it has been using this to securely update its own J-Links and Flashers for years. Don’t take chances with security.”

EmBoot-Secure code is optimised to be small, portable and fast, keeping boot time low. Update delivery is handled by user application software and can use any supported means of data transportation, including Ethernet, wifi, USB, SD card, Can, Bluetooth, LoRa or Zigbee. On restarting after an update, the EmBoot-Secure bootloader verifies the update and installs it only if all integrity and authenticity checks succeed.

The tool integrates smoothly into existing development and production workflows and is suitable for a wide range of applications, from connected devices to industrial systems operating in closed or restricted networks.

For more information, visit www.segger.com/products/security-iot/emboot-secure/.

Founded in 1992, Segger Microcontroller (www.segger.com) has its headquarters in Monheim am Rhein, Germany, and an office in Boston, Massachusetts. Branch operations are in California, Shanghai and the UK. With distributors on most continents, its full product range is available worldwide.