Target Encrypted Link Package (TELP)
Protecting intellectual property with secure programming

As an option to SEGGER's secure programming solution – the combination of Flasher Secure and Flasher Secure Server – SEGGER's Target Encrypted Link Package (TELP) enables the programming of any microcontroller using encrypted end-to-end communication.

Downloads

Documentation

Overview

Developed by SEGGER and used by numerous well-known customers, TELP is SEGGER's secure programming package for the encrypted transfer of firmware to a microcontroller. Using the Target Encrypted Link Package in addition to SEGGER's secure programming solution consisting of Flasher Secure and Flasher Secure Server, and optionally emSecure, SEGGER's anti-cloning software, enables highly secure programming.

Key features

SEGGER's Target Encrypted Link Package (TELP) delivers cutting-edge security for firmware programming, ensuring the safe transfer of intellectual property to microcontrollers. Designed to meet diverse needs, TELP provides robust protection against eavesdropping, supports microcontrollers with minimal hardware requirements, and functions seamlessly even on devices without built-in security features. These key capabilities make TELP a trusted solution for secure production environments.

Protection of intellectual property against eavesdropping

TELP ensures that intellectual property remains secure during firmware programming by encrypting communication and blocking unauthorized access. This protection prevents eavesdropping, firmware leaks, and hardware cloning.

Support for any microcontroller with minimal memory configuration

TELP works with microcontrollers that have basic Flash read protection and minimal memory requirements, needing only 8 KB of flash and RAM memory to implement its security features.

Compatibility with microcontrollers lacking security engines

TELP is versatile and functions with microcontrollers even if they lack a dedicated security engine, enabling encrypted programming and secure communication regardless of hardware constraints.

Use cases

When it comes to manufacturing, the protection of intellectual property (IP) is of paramount concern for both IP owners and contract manufacturers. Using SEGGER's Target Encrypted Link Package (TELP), both parties can find peace of mind, knowing that intellectual property remains secure during production processes. Using TELP ensures that only IP owners have full access to their IP.

Contract manufacturers

As a contract manufacturer, your customers' trust is critical. They need to know that their firmware is in safe hands. This means no firmware leaks, no cloned hardware devices, no eavesdropping. To provide a highly secure production environment, TELP is the right choice. Combined with the Flasher Secure, it ensures that your customers' intellectual property is secure at every stage of production.

IP owners

As an intellectual property owner, protecting your innovations and ideas from unauthorized access and replication by third parties is critical. Addressing these concerns becomes even more complex when manufacturing processes take place at a third-party location, where maintaining the security of sensitive data during production is a top priority. TELP addresses these vulnerabilities while giving you full control over the programming process.

How TELP works

Using SEGGER's Flasher Secure Server when programming microcontrollers already reduces the risk of counterfeiting due to a data leak or IP loss and unauthorized production. SEGGER's TELP adds protection to the last few inches of communication, safeguarding the customer's target firmware against sniffing or dumping.

Even if all communication between the IP owner and the production device already is encrypted, there still is one last weak spot – the link between the programmer and the target memory (ISP). TELP ensures that even the last few inches of cable are protected from sniffing by encrypting the communication.

Diagram illustrating communication between an open programming interface and a Flasher device, with a focus on UID (Unique Identifier) exchange for target device identification. The open programming interface is represented on the left, while the Flasher device is shown on the right.

Identify target device

To initiate TELP, the Flasher Secure first needs to identify the target device. If the device's chip meets the specified requirements, it sends a Unique ID (UID) back to the Flasher Secure.

A "Flasher" device shows a secure connection process where a unique ID (UID) is exchanged alongside a signature. The image emphasizes obtaining a signature for the unique ID, linking it to an authorization process within a database labeled as FSS.

Authorize programming process and create device signature

The Flasher Secure now transmits the UID to the Flasher Secure Server, which authorizes the programming process, generates the signature, and sends it back to the Flasher Secure.

The firmware is transferred during this step only if required.

The image illustrates a process involving an open programming interface and a secure bootloader installation. It shows a microchip labeled "UID" on the left, transitioning to a secure bootloader on the right, with a software file indicated in the center, suggesting data transfer.

Install secure bootloader

The Flasher Secure now installs a secure bootloader onto the microcontroller, equipping it with additional functions it previously lacked. This includes encrypted communication and a proprietary method of communication that enables TELP to switch off the debug interface.

Diagram illustrating a secured connection between a proprietary interface and a device labeled "Flasher." Key elements include "Target verification and process monitoring" on the left, and "Establish secure connection" on the right, with security icons indicating secure communication.

Establish secure connection

Once the Flasher Secure has established a secure connection with the MCU, a proprietary interface is opened between the Flasher Secure and the microcontroller. After installing the secure bootloader, communication with the processor can only occur through the interface established by the firmware between the Flasher Secure and the target device.

The image illustrates a secured process for transferring encrypted firmware. It depicts a microcontroller (MCU) with a bootloader and unique ID (UID), showing the storage of the MCU signature and firmware image. A device labeled "Flasher" is also featured, indicating the secure transfer.

Store signature

The Flasher Secure then transfers the encrypted firmware image to the microcontroller, which stores both the MCU signature and the firmware. Since the firmware is encrypted, the MCU must unpack and decrypt it using a designated test protocol.

The image illustrates a secured proprietary interface involving a microchip with a bootloader, UID, and firmware signatures. It shows a connection to a Flasher device for programming, featuring a lock symbol, emphasizing secure interactions and the instruction to "Remove connection."

Remove connection

After all required components are stored on the MCU, the programming link is disconnected, and the system is reset.

Diagram illustrating the process of decrypting and installing firmware while removing a secure bootloader. Key components include a microcontroller with a bootloader, firmware data, a unique identifier (UID), and a device labeled "Flasher" used for programming.

Decrypt and install firmware and remove secure bootloader

In the final step, the microcontroller itself decrypts and installs the firmware onto the microcontroller, subsequently removing the secure bootloader. Once this process is completed, the firmware becomes ready-to-run and it blocks unwanted access from external sources.

Requirements

Using SEGGER's Target Encrypted Link Package for secure programming requires:

Flasher Secure Server (FSS)
Flash programmer Flasher Secure
Authentication via emSecure
8 KB of flash and RAM memory
Flash read protection capability on the MCU

Get in touch with us

Have questions or need assistance? Our Embedded Experts are here to help!

Reach out to us for:

Licensing quotes
Technical inquiries
Project support