Encrypted USB Bootloader For AVRs

It probably doesn’t matter much for the hacker who sleeps with a bag of various microcontroller flash programmers under the pillow, but for an end-user to apply a firmware upgrade, convenience is king. These days that means using USB, and there are a few good AVR USB bootloaders out there.

But [Dmitry Grinberg] wanted more: the ability to encrypt the ROM images and verify that they haven’t been tampered with or otherwise messed up in transit. Combined with the USB requirement, that meant writing his own bootloader and PC-side tools. His bootloader will take unencrypted uploads if it doesn’t have a password, but if it’s compiled with a key, it will only accept (correctly) encrypted hex files.

Since the bootloader, including the USB firmware, is on the hefty side at 3.3 kB, [Dmitry] included hooks to re-use the bootloader’s USB code from within the target application. So if you were going to use V-USB in your program anyway, it doesn’t actually take up that much extra space. It’s a cute trick, but it ties the bootloader and user program together in a way that gives us the willies, without specifically knowing why. Perhaps we can debate this in the comments.

If you need an AVR USB bootloader, but you don’t need the encryption, we like Micronucleus. But if you need to deliver updates to users without them being able to modify (or screw up) the code in the middle, give [Dmitry]’s setup a try.

13 thoughts on “Encrypted USB Bootloader For AVRs

  1. Actually, replace VUSB with something that talks to a RF module of some sort, and you’ve got a very good way of safely doing device firmware updates, especially if the device is to be used “in the field” where there is a risk of someone tampering with the device over the RF link and where firmware updates may be needed.

    We’ve been burned at work by lighting control devices (AVR-based) that had severe firmware bugs and couldn’t be flashed “over the air”.

  2. Speck is an add-rotate-xor (ARX) cipher, a lightweight block cipher publicly released by the National Security Agency (NSA) in June 2013.

    Well at least they used CBC mode so a block of identical values doesn’t just give away the key. But even with brute force it won’t take too long to decode the file.

    The actual decipher routine is tiny, so the bulk of that 3.3kB is likely V-USB.

  3. The benefitofs having the loader provide a clear API and dynamically load the user app are many. One is licensing. This means any app loaded is NOT a derived work of vusb and need not be gpl-ed. Another is that a version of this bootloader communicating over another medium can be substituted anytime and the app will not care. I have a version of this using UART and another for BTLE. Same exact app binary works.

  4. The benefitofs having the loader provide a clear API and dynamically load the user app are many. One is licensing. This means any app loaded is NOT a derived work of vusb and need not be gpl-ed. Another is that a version of this bootloader communicating over another medium can be substituted anytime and the app will not care. I have a version of this using UART and another for BTLE. Same exact app binary works.

  5. I ran into the issue of securing my firmware when implementing “field updates” as well. This was mid-2011. The unit uses a ATmega32U4 device and had the factory DFU bootloader installed but no means of encryption. I found Dean Camera’s LUFA, which is open source. After researching for an encryption algorithm for the PC (running Linux), I added the decryption algorithm to LUFA, which was only a few lines of code turning out to still compile under 4KB of code. It uses 128-bit keys and works like a charm.

    I think I sent the mods to Dean but I they never made it into the source tree.

    As far as I know, the OP is correct in there are currently no “secure” bootloaders available for the AVR.

    Nice work!

    Peace and blessings,
    Johnny Quest (and Bandit)

Leave a Reply to An LMR RefugeeCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.