Flasher Secure
The flash programmer for authenticated off-site production
Flasher Secure is the programming device of the SEGGER Secure programming ecosystem. Through its management server, it provides full control and security over the programming process, making it the ideal solution for protecting a vendor’s intellectual property (IP) at any production site.
Overview
The Flasher Secure is designed to protect intellectual property to the last inch in the production process. Whether the programming system is used on-premise or at an external manufacturing company, the goal is to protect the intellectual property against unauthorized copying. Owners enjoy full control over the programming process — even when they outsource production to CMs.
The Flasher Secure is fast, robust, reliable, and engineered to handle almost all of the flash programming requirements in the industry.
Key features
- Authenticated production with full visibility
- Production volume control
- Central configuration, administration, and setup of off-site ultra-fast programming
- End-to-end security via Target Encrypted Link Package (TELP)
- Reliability
- Supports MCUs with unique IDs
- Prevents production of counterfeit units
- Secures production at contract manufacturers
SEGGER secure programming ecosystem
“Intellectual property” (IP) is a common feature of modern products, often residing in the firmware. It requires protection. When a contract manufacturer (CM) has access to a customer's IP, risks arise for the owner, such as unauthorized cloning of the manufactured goods or unintented leakage of the software/algorithms embedded in the target images. Due to these potential risks, it is essential for customers to maintain control over their IP volume to prevent theft and secure revenue.
Since production needs to meet various process and product requirements, various solutions for secure programming are essential. That’s why SEGGER offers a comprehensive ecosystem covering several security levels up to end-to-end security.
For more detailed information, please contact us.
Proven, reliable programming
SEGGER's secure programming solution — fully trusted and established in the field — ensures programming success while also keeping communication overhead low. The Flasher Secure device, when used as a stand-alone tool, helps to transfer software for embedded systems safely, reliably and quickly to flash memory in production. Like all other Flasher products, the Flasher Secure's reliable target interfaces ensures universal target support with maximum reliability.
Volume control via authorized programming
To set up a complete infrastructure meeting the needs of secure programming with the Flasher Secure, the Flasher Secure Server (FSS) is essential. As a key component in secure production processes, the FSS enables owners of intellectual property (IP) to manage complex production processes at the contract manufacturer (CM). Based on SEGGER’s web server emWeb, the FSS ensures centralized and flexible production management, including the possibility of restricting the volume and monitoring yield. Located in a trusted environment, the FSS serves as database and controlling entity between IP owner and CM during production processes. It authorizes every programming attempt and updates all operational data (e.g. numbers of devices, serial numbers). It also provides an interface for Flasher Secure clients and a web interface for administration in order to keep track of projects and to support intervention in the case of an unusual event.
Device authentication for protection against cloning
Preventing counterfeiting by enhancing the device’s intrinsic security is another crucial step in securing programming processes. Utilizing digital signatures allows for the identification of genuine hardware and firmware to maintain product integrity and confidentiality. Using algorithms from SEGGER’s digital signature suite emSecure, SEGGER’s Hardware Authentication Package (formerly: RSA Verification Package) enables unique IDs to be read from the system being programmed at the contract manufacturer’s facility. The firmware is inseparably connected to the unique ID of the target device, making it impossible to run on any device other than the intended one. This means that the hardware can be authenticated against the stored signature using the unique identifier to prevent the firmware from running or booting if the authentication fails. This mechanism helps developers to create secure products and protect their IP against theft.
Protected communication right up to the target device (TELP)
The final step in securing programming includes protected communication between any programmer and the target memory, aiming to prevent eavesdropping even with direct access to the production environment. The highest level of security in production processes is achieved when all connections to the production tools are secured by TLS (Transport Layer Security) as is the case with SEGGER’s Secure Sockets Layer emSSL. Using SEGGER’s Target Encrypted Link Package (TELP) adds another layer of protection, ensuring end-to-end security by adding encryption on the target side as well. While TELP is an optional add-on package, it should be considered essential in cases where the hardware itself cannot provide IP protection. In this case, TELP installs a bootloader to handle security. Before encrypted transmission even starts, the device is checked to ensure that the target CPU is genuine.
Detailed information on the Target Encrypted Link Package (TELP)...
Supported devices
The Flasher Secure as a member of the SEGGER Flasher family supports a wide range of CPU cores and an even wider range of different devices in host-based mode. The list of supported manufacturers, families, and devices and SoCs includes support for tens of thousands of devices in hundreds of device families with billions of devices programmed.
Device not listed? Please don’t hesitate to contact us.
Universal target support
The Flasher Secure features a highly flexible target and programming interface. This makes it possible to adapt to almost any system for ISP programming purposes. Dedicated flash loaders, which can be easily downloaded to the programmer, facilitate the programming of almost any device. This flexibility enables the use of the debug or dedicated programming interfaces of microcontrollers for the programming of on-chip memories as well as the programming of the off-chip parallel or (Q)SPI flashes. (Q)SPI can also be programmed directly.
Software
The Flasher Secure is a multi-platform solution. Its Flasher Software and Documentation Package includes the setup and control software for Linux, macOS and Windows. This is used to configure projects to be uploaded to the Flasher Secure Server (FSS) and, from there, distributed to the single Flasher devices.
Please note:
To set up the complete infrastructure and use the Flasher Secure as intended, it is essential to set up and run the Flasher Secure Server (FSS). It comes with the Flasher Secure Server Software Package that contains the installation data for the FSS.
Please don't hesitate to contact us for more information.
Updates
Future software and firmware updates as well as any new flash loaders for target devices that will be added, are free of charge. This also includes any updates for the configuration tools (e.g. for new devices, changed flash algorithms, etc.).
- No licensing costs, even for newly supported devices.
- No hidden costs.
- No future costs.
Please note:
Not included are any updates for the Flasher Secure Server (FSS), Hardware Authentication Package or Target Encrypted Link Package (TELP).
Use case
IP protection for secure device management at contract manufacturers
When production volume reaches a certain threshold, companies have the opportunity to benefit from using a contract manufacturer (CM). Most companies, however, are reluctant to take this next step for fear of losing control over their IP, given that a CM will be trusted to store the components of production. Thanks to authentication algorithms, the Flasher Secure ensures that only authorized bootloaders and firmware are used in the system. If one component is not genuine, the device stops working, making it impossible to .copy firmware and/or bootloaders from one device to another.
As an IP owner, you have full end-to-end control over your production chain. To secure your IP and production run, Flasher Secure uses:
- Mutual authentication
- Authorization
- Confidentiality
As an essential step in SEGGER's Secure Product Lifecycle Management (SPLM), the Flasher Secure, in combination with emSecure, authenticates hardware in production.
Media gallery
Product photos
Videos
May 2021 | 46:37 min
emSecure & Flasher Secure — Webinar
Technical specifications
| Specifications | |||||
|---|---|---|---|---|---|
| Power supply | USB powered, 500 mA if target is powered by Flasher Secure | ||||
| USB host interface | USB2.0 (Full Speed) | ||||
| RS232 host interface | RS232 9-pin | ||||
| Target interface | JTAG 20-pin (various adapters available) | ||||
| Max. target cable length | Recommended (delivered): 20 cm (8") Max. 2 m (6.5") allowed but might reduce max. target interface speed. | ||||
| Serial transfer rate between Flasher Secure and target | Max. target interface (JTAG, ...) speed: 15 MHz | ||||
| Supported target voltage | 1.2 - 5 V | ||||
| Current drawn from target voltage sense pin (VTRef) | < 25 µA | ||||
| Target supply voltage | 5 V | ||||
| Target supply current | Max. 400 mA | ||||
| Operating temperature | + 5 °C ... + 60 °C | ||||
| Storage temperature | - 20 °C ... + 65 °C | ||||
| Relative humidity (non-condensing) | < 90 % rH | ||||
| Size (without cables) | 121 mm x 66 mm x 30 mm | ||||
| Weight (without cables) | 119 g | ||||
| Supported OS | Microsoft Windows (x86/x64), Linux (x86/x64/Arm) | ||||
Package content
FAQ
Q: What is the difference between Flasher Secure Control Server and Flasher Secure Server?
A: There is none. The Flasher Secure Control Server has been renamed to Flasher Secure Server (FSS) that now provides more service options and new available add-ons.
Q: Can I use the Flasher Secure alone?
A: To set up a complete infrastructure supporting secured communication via an encrypted and authenticated connection to prevent unauthorized access, you also need at least the Flasher Secure Server (FSS). To use the full range of security features, the Hardware Authentication Package is recommended. If the microcontroller does not provide any security features, but the firmware needs to be transferred via the manufacturer's interface, the Target Encrypted Link Package (TELP) is needed for full security.