Arduino releases secure MCUboot-based bootloader


Arduino has released a new MCUBoot-based bootloader to increase the feature set and firmware security of Arduino products, with the first release targeting the Arduino Pro family’s STM32H7-based Arduino Portenta and Nicla Vision boards.

The release focuses on boards based on the Arduino Mbed OS, but MCUboot is OS independent and should also work with Zephyr, Nuttx and Apache mynewt. The company also made sure the transition was easy and reused the existing OTA firmware upgrade process in place on the Arduino boards.

Highlights of the Arduino MCUboot:

  • Signed and Encrypted Updates – MCUboot supports on-the-fly image encryption/decryption when upgrading. It will also check if the computed signature matches the one embedded in the image before starting a sketch.
  • Confirm or Cancel Updates – After an update, the new Sketch may update flash content at runtime to mark itself as OK. If everything works as expected, the change will be permanent, but if the sketch fails to confirm that it worked correctly, MCUboot will swap back and attempt to start the old sketch.
  • Sketch bootstrap – If no valid image is found in the primary slot, MCUboot will search for a valid image in the secondary slot and, if found, load it into the primary slot.
  • Reset Recovery – If a reset occurs in the middle of a swap operation, both images may be discontinued in flash. MCUboot recovers from this condition by using the image trailers to determine how the image parts are distributed in flash and restarting the swap.
  • Backward compatibility with default Arduino bootloader – If signing and encryption keys are not stored in flash with MCUboot, sketch signature verification is skipped and any valid sketch can be booted.
QSPI internal flash for Arduino MCUboot
Firmware partition in Portenta H7 boards

Arduino details the firmware update mechanism in the blog post announcing the new bootloader. Basically there are two slots with SLOT 0 representing the part of flash containing the current app image, and SLOT 1 representing the part of flash containing the updated app image. There is also an additional “SCRATCH” flash area needed to support MCUboot Swap Scraping Algorithm. On Portenta H7 cards, the SLOT 0 partition is in internal flash memory, while the SLOT 1 (update.bin) and SCRATCH (scratch.bin) partitions/files are in QSPI flash memory.

You will find the code and more details on Githubincluding step-by-step instructions (update sketch, encryption key generation, firmware signature, etc.) to switch to the Arduino MCUboot bootloader for owners of the Portenta H7, Portenta H7 Lite, Portenta H7 Lite Connected or Nicla Vision.

Support CNX software! Make a donation through PayPal or cryptocurrencies, become a patron on Patreon, or buy exam samples


Comments are closed.