IoT devices are getting rapid adoption in every market segment and becoming a major target for cyberattacks. A significant proportion of attacks on IoT devices happens due to a lack of software updates once commissioned in the field or updates done insecurely. Cyber attackers often target vulnerabilities in outdated software components to take control of the device. Software updates are the means of responding to ongoing threats by deploying timely fixes for newly discovered vulnerabilities.
Updating software manually is often not scalable for IoT devices in a fleet as they may require frequent updates and users lack easy physical access to devices. Over-the-Air (OTA) updates are commonly used to update IoT devices. OTA updates are done remotely by deploying updates wirelessly using cellular or internet connections. This avoids the need for physical access to the devices and updates to millions of devices in a fleet can be managed at scale centrally.
One of the major barriers for IoT devices to support secure OTA updates is the complexity of integrating the OTA applications in the IoT ecosystem. This is due to the huge spectrum of hardware platforms with different storage, update, and image authentication mechanisms. PSA Certified framework aims to make security more accessible and easier for IoT developers. PSA Certified defines 10 security goals with Secure update being one of them. PSA Firmware Update Specification that is part of PSA Certified framework helps achieve this goal.
This blog discusses how FreeRTOS devices can seamlessly enable Secure OTA updates on Cortex-M devices utilizing the PSA Firmware Update Specification. This blog introduces the PSA Firmware Update Specification followed by how the reference implementation, Trusted Firmware-M, integrates with the existing FreeRTOS OTA Agent on Cortex-M devices to perform secure OTA updates. An example implementation has been done on an Arm v8-M reference platform, MuscaB1e.
PSA Firmware Update – Standard Interface for Updates
The PSA Firmware Update specification defines a standard set of firmware update interfaces that can be used by update applications and cloud connector clients. The interfaces provide enough flexibility for an efficient implementation on hugely varied IoT SoC architectures and different trust models. The interfaces are also independent of the protocol used to communicate with the device and the medium through which updates are delivered to the device.
Below are the set of interfaces defined.
|PSA FWU API||What Does it Do|
|psa_fwu_query ()||Query image information such as state of installed, rejected and candidate images|
|psa_fwu_write ()||Write candidate image to its staging area|
|psa_fwu_install ()||Starts installation of an image|
|psa_fwu_request_reboot ()||Trigger platform reboot to apply authenticated new image|
|psa_fwu_request_rollback ()||Rollback recently applied updates|
|psa_fwu_accept ()||Indicate whether recently applied updates are working correctly.|
The update applications can invoke these interfaces to query the state of the current image, store, verify and finally install new images.
Trusted Firmware-M (TF-M), the PSA certified reference implementation for Cortex-M devices, implements these interfaces. This allows update applications to make use of these interfaces on TF-M enabled Cortex-M devices.
Trusted Firmware-M and Secure Boot
Trusted Firmware-M (TF-M) implements a Secure Processing Environment (SPE) for processors based on the Armv8-M architecture (e.g., Cortex-M55, Cortex-M33 and Cortex-M23 processors) and dual-core Cortex-M devices. Enabling faster development of PSA Certified devices, TF-M offers a reference implementation in line with PSA Certified guidelines. It is enabled on several Cortex-M platforms such as NXP LPC55S69, ST STM32L5, Infineon PSoC64, Nordic nrf5340, nrf9160 and Nuvoton M2351, M2354. FreeRTOS integration with TF-M run-time services to make Cortex-M devices secure as described here. FreeRTOS has achieved PSA Certified Level 1. This assures fundamental security principles have been built into system software which can be leveraged by OEM application developers.
An important capability provided by TF-M is secure boot. Secure boot ensures that only authorized software is running on the device. This is critical as devices are connected and software can be updated once deployed in the field. The open source community project MCUboot is used as the secure bootloader of TF-M. The bootloader authenticates run-time images by hash and digital signatures using an image key in the MCUboot image or provisioned in the SoC.
In addition to PSA Crypto, Storage and Attestation secure runtime services, TF-M has implemented PSA Firmware Update (PSA FWU) interfaces in the Secure Processing Environment as a Secure service (Figure 1). These interfaces are exposed to the Non-Secure Processing Environment (NSPE) allowing update applications to make use of the interfaces. The PSA FWU service, in turn, relies on TF-M secure boot (MCUboot) to authenticate new images and, once successfully authenticated, to deploy them as an active image.
Building on the FreeRTOS and TF-M integration done previously, the PSA FWU Secure Service has been integrated with FreeRTOS as described in the following section.
TF-M Integration with FreeRTOS OTA
FreeRTOS provides an OTA Agent library for FreeRTOS devices to receive and deploy firmware updates from AWS IoT. This makes it possible for IoT devices running FreeRTOS to apply OTA /updates. The library also defines a set OTA Platform Abstraction Layer (PAL) APIs for vendors integrating the library to implement. Every Cortex-M silicon platform need to provide an implementation of the OTA PAL APIs to enable the OTA Agent on the platform.
An implementation of the OTA PAL APIs that uses TF-M for secure firmware updates on Cortex-M devices is available. The API implementation uses PSA Functional APIs including the PSA FWU APIs discussed above and PSA cryptographic APIs.
The table below shows the PSA Functional APIs used in OTA PAL APIs.
|OTA PAL API||PSA Functional API|
The OTA PAL API implementation above that makes use of the PSA Functional APIs can be used as a generic implementation on all TF-M enabled Cortex-M platforms. This avoids the need for every Cortex-M platform to invest in developing and maintaining an implementation of the OTA PAL APIs. The secure processing environment, including secure boot provided by TF-M, ensures the OTA updates are done securely on the platform.
An example implementation of the OTA agent with TF-M OTA PAL has been built on the Arm Musca-B1e platform. The TF-M OTA PAL uses TF-M's Firmware Update service via the PSA Functional APIs. The implementation can connect to AWS IoT, receive a new firmware image, authenticate, and deploy the image. Figure 2 below shows the implementation. Find more about TF-M OTA PAL and implementation with FreeRTOS in the ota_pal_psa GitHub folder here.
Streamlining OTA updates on Cortex-M with TF-M and FreeRTOS
OTA is an essential building block to keep IoT devices secure once deployed. NIST 8259A and EN 303 645 outline cybersecurity best practices and a common baseline to raise the security bar on IoT devices. Like PSA Certified, these guidelines require devices to support the mechanism for software and firmware updates. IoT device manufacturers have found it challenging to enable OTA at scale due to the variations and complexities in the underlying hardware platform. Adopting the TF-M OTA PAL and TF-M abstracts away these complexities allowing FreeRTOS Cortex-M devices to be seamlessly and securely updated during their lifetime, leveraging the security in the silicon and system software. Visit the FreeRTOS Reference Integrations on Github and Trusted Firmware to learn more about the TF-M OTA PAL and TF-M implementation.