Arduino releases secure bootloader based on MCUboot

Arduino has released a new bootloader based on MCUBoot to increase the range of features and firmware safety of Arduino products, with the first release targetting STM32H7 based Arduino Portenta and Nicla Vision boards from the Arduino Pro family.

The release focuses on Arduino Mbed OS-based boards, but MCUboot is OS agnostic, and should also work with Zephyr, Nuttx, and Apache mynewt. The company has also made sure that the transition is easy and reused the existing OTA firmware upgrade process in place on Arduino boards.

Arduino MCUboot

MCUboot Arduino highlights:

  • Signed and encrypted updates – MCUboot has support for encrypting/decrypting images on-the-fly while upgrading. It will also check if the computed signature is matching the one embedded in the image before booting a sketch.
  • Confirm or revert updates – After an update, the new Sketch can update the content of the flash at runtime to mark itself as OK. If everything works as expected, the change will be permanent, but if the sketch fails to confirm it worked properly, MCUboot will perform a revert swap and attempt to boot the old sketch.
  • Sketch bootstrap – If no valid image is found in the primary slot MCUboot will search for a valid image in the secondary slot and if any it will load it inside the primary slot.
  • Reset recovery – If a reset occurs in the middle of a swap operation, the two images may be discontiguous in flash. MCUboot recovers from this condition by using the image trailers to determine how the image parts are distributed in flash and restarting the swap.
  • Backward compatibility with the default Arduino bootloader – If signing and encryption keys are not stored in flash alongside MCUboot, the sketch signature verification is skipped and any valid sketch can be booted.
Arduino MCUboot internal flash QSPI flash
Firmware partition in Portenta H7 boards

Arduino goes into detail about the firmware update mechanism in the blog post announcing the new bootloader. Basically, there are two slots with SLOT 0 representing the portion of flash containing the current application image, and SLOT 1 representing the portion of flash containing the updated application image. There’s also an additional flash area “SCRATCH” needed to support MCUboot swap scratch algorithm. On Portenta H7 boards, the SLOT 0 partition is in the internal flash, while the SLOT 1 (update.bin) and SCRATCH (scratch.bin) partitions/files will be found in the QSPI flash.

You’ll find the code and more details on Github, notably step-by-step instructions (update sketch, encryption key generation, firmware signing, etc..) to switch to the Arduino MCUboot bootloader for owners of the Portenta H7, Portenta H7 Lite, Portenta H7 Lite Connected, or Nicla Vision boards.

Share this:

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

ROCK 5 ITX Rockchip RK3588 mini-ITX motherboard
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
1 Comment
oldest
newest
ALEKSANDER
ALEKSANDER
2 years ago

Piękny prezent na święta.

Boardcon Rockchip RK3588S SBC with 8K, WiFI 6, 4G LTE, NVME SSD, HDMI 2.1...