WolfBoot secure boot and remote updates (Daniele Lacamera)[FOSDEM 2020]

Firmware upgrades pose a challenge in the age of IoT. Security and reliability are 2 things that need to be carefully considered when implementing remote upgrade.

[Lacamera] works for WolfSSL. He’s presenting WolfBoot, a secure bootloader for embedded systems. It makes heavy use of the core product of WolfSSL, their cryptographic library for IoT systems. It is available under GPLv2 with an option to buy a proprietary license.

Security in IoT has been problematic. The security of the least secure component determines the security of a system. Shipping a secure system means being able to fix known vulnerabilities and reducing the attach surface. A precondition for this is that vulnerabilities can be fixes after the device is deployed into the field. This comes with the trade-off that you increase the attack surface of the device.

To improve the security of IoT systems the IETF started a working group which is working on an architecture for the secure upgrade of IoT systems called SUIT. The components it describe are a minimalist bootloader combined with an application that takes on the responsibility of handling the firmware transfer. This removes the need to maintain 2 network stacks. Firmware should be signed using a public-private key algorithm. The application should evaluate and install the image. Lastly the system needs a fall-back mechanism in case the upgrade fails.

WolfBoot provides this. It is designed for 32-bit microcontrollers. Update is secured using DSA/ECDSA. Integrity check with SHA2-256/SHA3. It is powerfail safe. It has a small footprint and it is safe (i.e. it doesn’t do dynamic allocation).

The implementation uses 4 partitions, with an active and a standby partition + bootloader + swap. Currently they support Cortex-M and RISCV32 processors. Support for ARMv8 64-bit is coming soon. There are a lot of targets supported. According to [Lacamera] adding support for a new target only involves modifying 6 functions and should not be hard.

Some companies provide upgrade-as-a-service. This is not the model for WolfBoot, you own the keys. Part of the project are a set of Python tools to generate and handle the keys. To limit the attack surface the firmware upgrade mechanism only allows version upgrades, to prevent downgrade attacks.

Often the flash is not big enough to have 2 copies of the application. WolfBoot bootloader supports external memory and execute from RAM. The bootloader can also self-update in place. A recent feature that was added is support for STM32F7 bank switching.

WolfCrypt supports Crypto hardware acceleration if the platform provides it and TPM support is provided through WolfTPM, which alleviates the need for WolfCrypt in the bootloader, reducing the binary size.

A secure system with WolfBoot would be flashed through JTAG in the factory, after which the JTAG would be disabled and all other firmware upgrades would be handled through WolfBoot. This way the system becomes self-sufficient.