Search

US-12625968-B2 - Microcontroller unit (MCU) secure boot

US12625968B2US 12625968 B2US12625968 B2US 12625968B2US-12625968-B2

Abstract

A method includes building a firmware image to execute on a bootloader of a system on chip (SoC), the firmware image including first encryption public and private keys, and digitally signing the firmware image with a second encryption private key. The signed firmware image is encrypted with a symmetric encryption key, which in turn is encrypted with a second encryption public key. The encrypted signed firmware image and the encrypted symmetric encryption key are sent to the SoC to cause the SoC to (1) decrypt the encrypted symmetric encryption key to produce the symmetric encryption key using a third encryption private key from a first asymmetric key pair, (2) decrypt the encrypted signed firmware image to produce the signed firmware image using the symmetric encryption key, and (3) verify a digital signature of the signed firmware image using a third encryption public key from a second asymmetric key pair.

Inventors

  • Andrei Goverdovskii
  • Nick Pelis

Assignees

  • VERKADA INC.

Dates

Publication Date
20260512
Application Date
20231120

Claims (19)

  1. 1 . An apparatus, comprising: a processor; and a memory coupled to the processor and storing instructions configured to cause the processor to: generate a firmware image including a first encryption public key and a first encryption private key; and cause transmission of (1) an encrypted signed version of the firmware image generated using a second encryption private key, and (2) an encrypted symmetric encryption key to a system on chip (SoC), to cause the SoC to (i) decrypt the encrypted symmetric encryption key to produce a symmetric encryption key, (ii) decrypt the encrypted signed version of the firmware image to produce a signed firmware image using the symmetric encryption key, and (iii) verify a digital signature of the signed firmware image using an asymmetric key pair that includes the second encryption private key, the first encryption public key included in an asymmetric key pair that includes a third encryption private key configured for use by a host portion of the SoC to encrypt a first message to a bootloader of the SoC when the bootloader is operating in an application mode.
  2. 2 . The apparatus of claim 1 , wherein the asymmetric key pair that includes the second encryption private key is unique to the SoC and not used with another SoC.
  3. 3 . The apparatus of claim 1 , wherein the memory further stores instructions configured to cause the processor to: store a second encryption public key in the memory before the processor executes the instruction to generate the firmware image, the second encryption public key being defined by a manufacturer of the SoC.
  4. 4 . The apparatus of claim 1 , wherein: the first encryption private key is included in an asymmetric key pair that includes a second encryption public key configured for use by the host portion of the SoC to decrypt a second message from the bootloader operating in the application mode.
  5. 5 . An apparatus, comprising: at least one processor of a system on chip (SoC); and a memory coupled to the at least one processor and storing instructions configured to cause the at least one processor to: receive an encrypted symmetric encryption key and an encrypted signed firmware image that includes a first encryption public key and a first encryption private key; encrypt a first message to produce a first encrypted message using a third encryption private key that is included in an asymmetric key pair that includes the first encryption public key; send the first encrypted message from a host portion of the SoC to a bootloader of the SoC; the encrypted symmetric encryption key being a symmetric encryption key encrypted with a second encryption public key; decrypt the encrypted symmetric encryption key to produce the symmetric encryption key; decrypt the encrypted signed firmware image to produce a signed firmware image using the symmetric encryption key; and verify a digital signature of the signed firmware image using an asymmetric key pair that includes a second encryption private key.
  6. 6 . The apparatus of claim 5 , wherein sending the first encrypted message from the host portion of the SoC to the bootloader of the SoC causes the bootloader to decrypt the first encrypted message to produce the first message using the first encryption public key.
  7. 7 . The apparatus of claim 5 , wherein the bootloader of the SoC is configured to operate in a stand-alone mode while the host portion of the SoC is operating, and to receive the encrypted symmetric encryption key and the encrypted signed firmware image while the host portion of the SoC is operating.
  8. 8 . The apparatus of claim 5 , wherein: the SoC includes a volatile random access memory (RAM), and the memory further stores instructions to cause the at least one processor to store the encrypted symmetric encryption key and the encrypted signed firmware image in the volatile RAM in response to the encrypted symmetric encryption key and the encrypted signed firmware image being received.
  9. 9 . The apparatus of claim 5 , wherein: the SoC includes a volatile random access memory (RAM), and the at least one processor is configured to execute code in the bootloader of the SoC and not execute code in any remaining portion of the SoC.
  10. 10 . The apparatus of claim 5 , wherein the memory is a read only memory (ROM), and the bootloader of the SoC is stored in the ROM.
  11. 11 . The apparatus of claim 5 , wherein a debug port of the SoC is locked to prevent modification of the bootloader of the SoC.
  12. 12 . A non-transitory processor-readable medium storing code representing processor-executable instructions to cause one or more processors to: receive, at a system on chip (SoC), an encrypted symmetric encryption key and an encrypted signed firmware image; decrypt the encrypted symmetric encryption key to produce a symmetric encryption key using an encryption private key that is included in a first asymmetric key pair; decrypt the encrypted signed firmware image to produce a signed firmware image using the symmetric encryption key; verify a digital signature of the signed firmware image using an encryption public key that is included in a second asymmetric key pair different from the first asymmetric key pair; execute, after verifying the signed firmware image, a firmware image; and execute an application including receiving a first encrypted message at a bootloader of the SoC and from a host portion of the SoC and sending a second encrypted message from the bootloader to the host portion of the SoC.
  13. 13 . The non-transitory processor-readable medium of claim 12 , wherein executing the application occurs after verifying the signed firmware image.
  14. 14 . The non-transitory processor-readable medium of claim 12 , wherein the encryption public key is a first encryption public key and the encryption private key is a first encryption private key, the instructions further comprising code to cause the one or more processors to: decrypt the first encrypted message using a second encryption public key to form a first message; and encrypt a second message using a second encryption private key to form the second encrypted message.
  15. 15 . The non-transitory processor-readable medium of claim 12 , wherein the encryption public key is a first encryption public key, the encryption private key is a first encryption private key, and the first encrypted message is encrypted by the host portion of the SoC using a second encryption private key, the instructions further comprising code to cause the one or more processors to: decrypt the first encrypted message using a second encryption public key to form a first message; encrypt a second message using a third encryption private key to form the second encrypted message; and the host portion of the SoC to decrypt the second encrypted message using a third encryption public key.
  16. 16 . The non-transitory processor-readable medium of claim 12 , wherein the bootloader of the SoC is configured to operate in a stand-alone mode while the host portion of the SoC is operating, and to receive the encrypted symmetric encryption key and the encrypted signed firmware image while the host portion of the SoC is operating.
  17. 17 . The non-transitory processor-readable medium of claim 12 , wherein the encrypted symmetric encryption key and the encrypted signed firmware image are received from the host portion of the SoC after the bootloader of the SoC has been activated by the host portion of the SoC.
  18. 18 . The non-transitory processor-readable medium of claim 12 , wherein the SoC includes a volatile random access memory (RAM), the instructions further comprising code to cause the one or more processors to: store the encrypted symmetric encryption key and the encrypted signed firmware image in the volatile RAM in response to the encrypted symmetric encryption key and the encrypted signed firmware image being received at the bootloader of the SoC.
  19. 19 . The non-transitory processor-readable medium of claim 12 , wherein at least one of: the bootloader of the SoC is stored in a read only memory (ROM), or a debug port of the SoC is locked to prevent modification of the bootloader.

Description

CROSS-REFERENCE TO RELATED TO APPLICATIONS This application is a Continuation of U.S. patent application Ser. No. 18/191,748, filed Mar. 28, 2023, now U.S. Pat. No. 11,836,255, and titled “Microcontroller Unit (MCU) Secure Boot,” the entire content of which is hereby incorporated by reference herein in its entirety. FIELD The present disclosure generally relates to bootloader technologies for compute devices, and more specifically, to secure methods for deployment of firmware to surveillance cameras and other devices. BACKGROUND A bootloader is a software application stored in memory of a compute device that loads an operating system and/or other computer programs into the memory upon startup of the compute device. The operating system and/or other computer programs can be part of a firmware image of the compute device. SUMMARY In some embodiments, an apparatus includes a processor and a memory storing instructions to cause the processor to execute a method. The method includes building a firmware image to execute on a bootloader of a system on chip (SoC), the firmware image including first encryption public and private keys, and digitally signing the firmware image with a second encryption private key. The method also includes encrypting the signed firmware image with a symmetric encryption key and encrypting the symmetric encryption key with a second encryption public key. The method also includes sending the encrypted signed firmware image and the encrypted symmetric encryption key to the SoC to cause the SoC to (1) decrypt the encrypted symmetric encryption key to produce the symmetric encryption key using a third encryption private key that is included in an asymmetric key pair that includes the second encryption public key, (2) decrypt the encrypted signed firmware image to produce the signed firmware image using the symmetric encryption key, and (3) verify a digital signature of the signed firmware image using a third encryption public key that is included in an asymmetric key pair that includes the second encryption private key. In some embodiments, an apparatus includes at least one processor of a system on chip (SoC) that includes a host portion and a bootloader, and a memory. The memory is coupled to the at least one processor and stores instructions configured to cause the at least one processor to receive an encrypted symmetric encryption key and an encrypted signed firmware image that includes a first encryption public key and a first encryption private key. The encrypted symmetric encryption key is a symmetric encryption key encrypted with a second encryption public key. The encrypted signed firmware image is a signed firmware image encrypted with the symmetric encryption key. The signed firmware image is a firmware image digitally signed with a second encryption private key. The memory also stores instructions configured to cause the at least one processor to decrypt the encrypted symmetric encryption key to produce the symmetric encryption key using a third encryption private key that is included in an asymmetric key pair that includes the second encryption public key. The memory also stores instructions configured to cause the at least one processor to decrypt the encrypted signed firmware image to produce the signed firmware image using the symmetric encryption key, and to verify a digital signature of the signed firmware image using a third encryption public key that is included in an asymmetric key pair that includes the second encryption private key. In some embodiments, a non-transitory processor-readable medium stores code representing processor-executable instructions to cause the one or more processors to receive, at a bootloader of a system on chip (SoC), an encrypted symmetric encryption key and an encrypted signed firmware image. The encrypted symmetric encryption key is a symmetric encryption key. The encrypted signed firmware image is a signed firmware image encrypted with the symmetric encryption key. The signed firmware image is a firmware image digitally signed with a second encryption private key. The non-transitory processor-readable medium also stores code representing processor-executable instructions to cause the one or more processors to decrypt the encrypted symmetric encryption key to produce the symmetric encryption key using a third encryption private key that is included in an asymmetric key pair that includes the second encryption public key. The non-transitory processor-readable medium also stores code representing processor-executable instructions to cause the one or more processors to decrypt the encrypted signed firmware image to produce the signed firmware image using the symmetric encryption key. The non-transitory processor-readable medium also stores code representing processor-executable instructions to cause the one or more processors to verify a digital signature of the signed firmware image using a third encryption public key that is included in an a