State Verified Answer
Replies 4 replies
Subscribers 73 subscribers
Views 1665 views
Users 0 members are here

Attachments (0)

Nordic Case Info

Case ID: 118704

Options

This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Unsecure bootloader

Jordan Archer over 8 years ago

Is there an unsecure version of the bootloader? I'm looking for something that will take anything as an upgrade.

I figure if I'm stuck in the bootloader anything is better than nothing.

Top Replies

bjorn-spockeli over 8 years ago in reply to bjorn-spockeli +1 verified

I agree that the device should "never" end up in bootloader mode, but if you do then I argue it's better to have a bootloader that only accepts firmware images issued from a trusted source, than a bootloader…

Parents

0 bjorn-spockeli over 8 years ago

Hi Jordan,

we have two different bootloader architectures; the Legacy bootloader (SDK v11.0.0 and older), and the Secure bootloader (SDK v12.x.0). The Legacy bootloader will accept any firmware image, while the the secure bootloader uses a private-public key pair to sign and verify that the firmware image is from a trusted source. The private key is used to sign the firmware image and the public key is stored in the bootloader and used to verify that the firmware image was signed by the corresponding private key.

Both bootloaders uses dual bank updates, i.e. the old application is not erased until the new application firmware image has been received and its integrity checked. However, if for some reason you end up in bootloader mode without a valid application, then you have to perform another DFU. At this point the only difference between the Legacy and the Secure bootloader is that the Secure bootloader requires a signed image and the legacy does not.

From a security perspective I would say that anything is not better than nothing, since anyone, e.g. an attacker may upload malicious firmware to your device.

Note: No further development will be done on the Legacy bootloader.

Best regards

Bjørn
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 bjorn-spockeli over 8 years ago

Hi Jordan,

we have two different bootloader architectures; the Legacy bootloader (SDK v11.0.0 and older), and the Secure bootloader (SDK v12.x.0). The Legacy bootloader will accept any firmware image, while the the secure bootloader uses a private-public key pair to sign and verify that the firmware image is from a trusted source. The private key is used to sign the firmware image and the public key is stored in the bootloader and used to verify that the firmware image was signed by the corresponding private key.

Both bootloaders uses dual bank updates, i.e. the old application is not erased until the new application firmware image has been received and its integrity checked. However, if for some reason you end up in bootloader mode without a valid application, then you have to perform another DFU. At this point the only difference between the Legacy and the Secure bootloader is that the Secure bootloader requires a signed image and the legacy does not.

From a security perspective I would say that anything is not better than nothing, since anyone, e.g. an attacker may upload malicious firmware to your device.

Note: No further development will be done on the Legacy bootloader.

Best regards

Bjørn
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Jordan Archer over 8 years ago in reply to bjorn-spockeli

I would disagree. If you're in the bootloader, you've probably already failed. Especially during development.

But, I appreciate the answer. It was helpful.

Jordan
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
+1 bjorn-spockeli over 8 years ago in reply to bjorn-spockeli

I agree that the device should "never" end up in bootloader mode, but if you do then I argue it's better to have a bootloader that only accepts firmware images issued from a trusted source, than a bootloader that will accept any image.
Cancel
Vote Up +1 Vote Down

Sign in to reply

Reject Answer

Cancel

Related