Secure License Management for XMC4500 Microcontrollers

Use case

Application context and security requirement

An increasing number of systems in the professional and consumer markets are managed by microcontrollers. These units make use of sophisticated algorithms and likely need firmware updates during their lifetime. Vendors thus face a double threat: product know-how stolen by competitors and tampering attacks during updates and upgrades of the firmware. Either of which can occur in any insecure and unpredictable environment regulated by end users.

Challenge

The firmware of today’s microcontrollers is generally loaded onto controllers as a compiled hex image using a serial connection, such JTAG or RS232, without any protection against reverse engineering or fraudulent manipulation. This leaves the file vulnerable in its transfer from the build system to the controller. The end-to-end production’s overall trustworthiness should therefore be analyzed. Even if the manufacturer trusts his own build process the microcontroller is no longer in a controlled environment after it has left the production site.

Implementation

Wibu-Systems has ported its established technology from desktop, embedded systems and Programmable Logic Controllers (PLC) to XMC4500 microcontrollers and also created CodeMeter μEmbedded. Original Equipment Manufacturers (OEM) can utilise CodeMeter’s ubiquitous reach over a diverse array of hardware platforms. Given the smaller storage capacity and reduced computational power of microcontrollers, CodeMeter’s footprint and the secure file (CmActLicense) where the software license is stored had to be shrunk down while preserving their essential functionality. This adaptation to the specific requirements of the XMC™ environment was successful; the CmActLicense was bound to the individual attributes of Infineon’s microcontroller and the Infineon DAVE™ toolchain was automated with a plugin to facilitate the creation of secure software in just a few clicks.

User benefits

• State-of-the-art security features ready for use by microcontroller developers
• Intellectual property protection for intelligent-device manufacturers
• Confidence for end users that firmware updates or upgrades are genuine and will cause no unexpected behavior of the target device

Solution

To achieve a comprehensive solution that meets the goals of know-how protection, integrity protection, and monetization by license, the firmware has been encrypted with symmetric and asymmetric (AES and ECC) algorithms, digitally signed as part of the build process in DAVE™ and uniquely bound to the microcontroller. The counterpart of the encryptor in DAVE™ is a special secure firmware loader inside the microcontroller, combined with secure binding to the specific chip. The most critical element of the mission was stripping the code of the mainstream CodeMeter down to 60 KB without compromising its essential security features. The whole set of functions resulting in CodeMeter μEmbedded was eventually packed in a new secure firmware loader.

During the third party production of a XMC4500-based device the secure firmware is loaded into the controller. When powering up for the first time the loader communicates with the production system, generates a fingerprint of the device and is injected with a license. From then on, only encrypted, licensed, and signed firmware can be loaded into the XMC™ microcontroller. If needed, the firmware can also use the license information for custom behaviors. The firmware cannot be extracted from the XMC™, and it is read-protected by internal XMC™ mechanisms.

To bolster security further, it is possibe to extend the hardware binding to an external secure element like an OPTIGA™ TPM (Trusted Platform Module) or a SLE security controller communicating via Serial Peripheral Interface (SPI) with the XMC™ controller.

Main benefits of the Infineon product

• Encrypted and signed firmware can be transferred, loaded, and operated even in insecure environments.
• The cryptographic binding of the license to the controller makes it copy-resistant.
• CodeMeter μEmbedded is easy to integrate, and license management can run on a single PC or with an Enterprise Resource Planning (ERP) system.

Partner

Partners from the Infineon Security Partner Network help you secure your devices and applications: understand which threats can undermine your business, propose solutions that will protect your business, build and implement such security solutions and, when relevant manage their operation. They have been selected by Infineon on the basis of their system security competence and ability to design and deliver strong and trustworthy security solutions. Their activities are diverse and include security consulting, security solution provision, electronic design, systems integration and trust services management. For some, offers are off-the-shelf, while for others, offers are custom-built.