Arduino Launches MCUboot-Based Secure Boot, Offers Sketch Authentication, Update Rollback, and More
Based on the open source MCUboot project, the new Arduino bootloader offers a range of security and resilience features.
The Arduino Team has brought a new feature to the Arduino Pro family: Arduino Secure Boot, an MCUboot-based secure bootloader designed to support everything from firmware authentication to update rollbacks to the company's Portenta family.
"MCUboot is a secure bootloader solution offering fail-safe firmware authentication and secure firmware update mechanism, plus many other functionalities such as update encryption, update rollback, and application bootstrap," the Arduino team explains.
"MCUboot does not depend on any specific hardware and operating system; as of writing, the following RTOS [Real Time Operating Systems] are supported: zephyr, nuttx, mynewt, and mbed. Our efforts have been focused on keeping things simple and reusing the existing OTA design in place on Arduino boards."
MCUboot isn't an Arduino creation: The project was launched independently as an effort to bring secure boot functionality to 32-bit microcontrollers. Arduino's contribution: A formal port to the Portenta H7 family of boards, plus the recently-launched Nicla Vision.
The official Arduino variant includes support for signed and encrypted updates, the ability to issue authenticated firmware updates over the air (OTA), the ability to revert an update prior to making it permanent, automatic recovery from a corrupted flash resulting from a reset during updating, and full backwards-compatibility with the stock Arduino bootloader — meaning that if signing and encryption keys aren't added, the firmware will load any valid sketch regardless of authentication status.
"Once the keys are loaded MCUboot will always verify the image signature and boot only valid sketches," the Arduino team explains of this latter feature. "If an encrypted update is detected by reading the TLVs [Tag Lengths and Values], MCUboot will unwrap the encryption key and decrypt the image on-the-fly while moving it into the internal flash."
A fuller description of the new bootloader is available on the Arduino blog, while the source code is available on the Arduino GitHub repository; no license is specified, but the underlying MCUboot project is licensed under the permissive Apache 2.0. At the time of writing, the Arduino bootloader supported the Portenta H7, H7 Lite, H7 Lite Connected, and Nicla Vision boards.
