Firmware updates protected by secure signature
The nRF5 SDK v12.0 from Nordic, allows firmware updates over-the-air to be accompanied by a secure signature that ensures the update comes from a verified and trusted source. In addition, the SDK now supports the Arduino development kit used with the Nordic nRF52832 SoC-based Arduino Primo base board.
This features a CMSIS configuration Wizard that allows graphical configuration in Keil, offers Bluetooth low energy Continuous Glucose Meter (CGM) profile support, and provides optimized Floating Point Unit execution.
The nRF5 SDK v12.0 supports secure and signed over-the-air device firmware updates (OTA-DFU) to strengthen application updates from potentially damaging malicious device upgrade attacks by using secure signatures to authenticate that only updates coming from a verified and trusted source can be made on a given device.
“Security is of paramount importance amongst companies involved in the IoT and you need to know that something as important and fundamental as a firmware upgrade in a product is what it says it is and comes from a trusted source,” comments John Leonard, Product Marketing Manager at Nordic Semiconductor.
“For the majority of manufacturers software development is a complex, multi-team, deadlined task whose challenges unfortunately open the door to bugs being present in shipped products in the field. At the same time manufacturers also want to be able to introduce thenewest and most improved product features that have their products performing at their best to maintain customer engagement.
“This means the ability to perform software and firmware updates is an absolute necessity, and the easiest and safest way to do this in Bluetooth low energy products is via secure, signed OTA-DFU updates which is what our latest nRF5 SDK v12.0 is all about.
“In operation, a classic public/private key security structure is employed whereby public keys are distributed and private keys remain solely with the sending party, thus ensuring one-to-one security. Using ciphers to create keys in the Nordic nRF5 SDK v12.0 can be done in various ways and Leonard says the company invested great effort in allowing developers flexibility to create ciphers in whichever way they prefer. This includes Nordic-authored examples using, for example, ECDH using the P256 curve to establish secure connections in Bluetooth low energy. (Nordic has also reserved two dedicated 16-bit UUIDs with the Bluetooth SIG for use with signed and unsigned firmware.)
Nordic also supports secure DFU application development with a suite of cross-platform PC tools and additionally mobile tools for Android and iOS. Furthermore, if a secure OTA-DFU is interrupted, a ‘ resume-from-failure’ feature is said to allow updates to resume from the last know good point and complete instead of re-starting the entire upgrade process from scratch.
Additional features of the Nordic nRF5 SDK v12.0 include support for Arduino development kits used with the Nordic nRF52832 System-on-Chip (SoC)-based Arduino Primo base board that bring the full range of Nordic nRF5 SDK modules, features, and application examples to the Arduino platform; a CMSIS configuration Wizard that allows graphical configuration in Keil for clearer representation of project modules and settings, simplifying development; Bluetooth low energy Continuous Glucose Meter (CGM) profile support; and optimized Floating Point Unit (FPU) execution leveraging the FPU instruction set capabilities of the ARM Cortex M4F employed in Nordic’ s latest SoC, the nRF52832. This latter feature is said to have the potential to save considerable processing time and software complexity when dealing with the floating point numbers increasingly necessary and common to many modern product and application software algorithms.