Resource constrained embedded devices are often expected to be deployed and stay active in the field for prolonged amounts of time (sometimes decades (!)). With the advent of IoT devices that operate unattended with network (Internet) connectivity, possibly via IoT gateways, the necessity of software updates mechanisms to these kind of devices is evident. More powerful IoT devices cabable of running general purpose operating systems (such as embedded flavors of Linux) may leverage software update mechanisms designed for desktop or mobile devices. The focus of this talk, however, is small microcontroller class devices which run simple Real-Time Operating Systems (RTOSs) or no operating systems at all. These kind of devices often support a mechanism called In-Application Programming (IAP), which allows the software on the device itself to reprogram (erase/write) its internal flash memory or EEPROM. By utilizing a lightweight trust anchor, such as TrustZone-M, featured in the next generation of ARM-based MCUs with the ARMv8-M architecture it is possible provide a secure firmware update mechanism that can ensure the integrity of both the update image and the boot sequence of such a device in a provable manner.

Thomas Nyman:

Thomas Nyman received his MSc degree in Computer Science from the University of Helsinki and is continuing his research as a Doctoral Candidate at Aalto University supervised by Prof. Asokan. He also works as an Advanced Technologies Researcher at Trustonic Finland. His current work focuses on security fundaments on resource constrained IoT devices incorporating lightweight trust anchors.



  • No labels