SEGGER announces emBoot-Secure for secure, CRA-compliant firmware updates

The product is based on an asymmetric cryptography security architecture that ensures data authenticity and integrity. The private signing key remains stored on a dedicated signature server located at a secure location of choice, while devices to be updated contain the corresponding public key to verify the signature. Firmware updates are prepared as compact, protected packages that are digitally signed, encrypted, and compressed before being delivered to a target system.

“The ability to carry out updates securely is no longer optional for products with embedded systems but, luckily, it has never been easier,” says Rolf Segger, Founder of SEGGER. ”SEGGER provides a complete package containing all of the tools required to be safe, secure, and compliant right away. Security should never be seen as a do-it-yourself project. It has always been risky to gamble with product security, in terms of both expense and reputation. With the new CRA regulations, there is now also significant legal risk. SEGGER has decades of experience with this technology, and it has been using this solution to securely update its own J-Links and Flashers for years. Don’t take chances with security!”

emBoot-Secure code is optimized to be small, portable, and fast, keeping boot time to a minimum. Update delivery is handled by customer application software and can use any supported means of data transportation, including Ethernet, Wi-Fi, USB, SD card, CAN, Bluetooth, LoRa, or Zigbee. On restarting after an update, the emBoot-Secure bootloader verifies the update and installs it only if all integrity and authenticity checks succeed.

emBoot-Secure integrates smoothly into existing development and production workflows and is suitable for a wide range of applications, from connected devices to industrial systems operating in closed or restricted networks.

For more information, visit the emBoot-Secure page.