Code integrity of software update

by masa256k1 in September 30th, 2021

The system software shall support updates of the system software and the application-specific software from remote servers. Updates shall be validated by the system software or the Root of Trust (RoT) to check the integrity and authenticity prior to execution and, optionally, installation.

UNiD supports software updates from authorized remote servers. It receives updated software signed by ES256k (ECDSA on the secp256k1 curve) from the remote server, validates the integrity and authenticity by signature verification in the hardware secure zone, and subsequently updates firmware based on the swapping method.

In the signature verification process, the public key is extracted by resolving the remote server's DID contained in the message. Considering the lifecycle of the remote server's public key, this public key is not stored on the device side. The DID is checked against the endpoints registered on the device to prevent unauthorized remote servers from updating the software.

We also need to consider that the update mechanism shall prevent unauthorized rollback of system software and application software. However, since this mechanism is constrained by hardware memory management methods and other factors, it is debatable to what extent it should be provided as a general-purpose SDK.

UNiD Edge SDK repo is available on our GitHub. Please come and visit if you want a deep dive into it.

Your cart