Encryption Strategy for Flashing or updating firmware on ARM Cortex M0+

Question

I want to flash a firmware update through CAN, on my ARM Cortex M0+ MCU. I'm using MKV11 microcontroller.

How can I secure the firmware, so that, even if the transfer(from PC to MCU) is sniffed, it will be secure?

Memory requirement is also a constraint for me, but right now, I am open to all suggestions.

Also, should I go for some library, or develop bare-metal code for Cryptographic Algorithms?

Answer 1

A small book could be written on the topics you touch in this question. But this site isn't intended to be a consulting service or a blog entry site, so I'll try to answer your question succinctly. Here I can't (won't) address all your nuances such as memory constraints, CAN-bus-specific stuff, securing the contents inside the MCU -- way too much to address.

For your firmware update to be secure, it must be encrypted and authenticated. Either alone won't be sufficient. Use symmetric-key cryptography to encrypt, and public-key cryptography (e.g. RSA or elliptic curve) to authenticate via digital signature.

You should use accepted cryptographic primitives (e.g. AES-256 and ECDSA) instead of rolling your own. And you shouldn't implement (code) your own crypto, use a validated library (too many to name / recommend here).