Skip to main content
  • 产品
  • Evaluate our Software
  • 下载
  • Free Utilities
  • 购买
  • 支持
  • 关于我们
  • Search
    • Contact Us
    • Forum
    • Knowledge Base
    • Newsletter
    • RSS
  •   工作机会
  •   视频
  •   永续性
  • emSecure
  • Security Consideration
  • Technology
  • Editions
  • Tools

Security consideration

Contact us
Downloads
Documentation
SEGGER emSecure
  1. 1.Security Consideration
  2. 2.Anti-Hacking — Authentication of Firmware
    1. 2.1.Firmware Signing in Production
    2. 2.2.Anti-Hacking Bootloader Verification
  3. 3.Anti-Cloning — Authentication of Hardware
    1. 3.1.Hardware Signing in Production
    2. 3.2.Anti-Cloning Firmware Verification

Security Consideration

If you want to check the integrity of your data, for instance the firmware running on your product, you would normally include a checksum or hash value into it, generated by a CRC or SHA function. Hashes are excellent at ensuring a critical data transmission, such as a firmware download, has worked flawlessly and to verify that an image, stored in memory, has not changed. However they do not add much security, as an attacker can easily compute the hash value of modified data or images. Digital signatures can do more. In addition to the integrity check, which is provided by hash functions, a digital signature assures the authenticity of the provider of the signed data, as only he can create a valid signature. emSecure comes in different versions with different digital signature algorithms to fit any requirements of size or speed.

emSecure can be used for two security approaches:

1. Anti-hacking: Prevent tampering or exchange of data, for example the firmware running on a product, with non-authorized data.
2. Anti-cloning: Prevent a firmware to be run on a cloned hardware device.

Anti-Hacking — Authentication of Firmware

Firmware Signing in Production

To make sure only authorized firmware images are run on a product the firmware image will be signed with emSecure. To do this an emSecure key pair is generated one time. The private key will be included in the production process of the firmware. Once a firmware is created and ready to be shipped or included into a product it will be signed with this private key. The signature will be transferred and stored in the product alongside the firmware.

emSecure_Firmware_Sign

Anti-Hacking Bootloader Verification

The public key will be included in the bootloader of the product, which manages firmware updates and starts the firmware.

On a firmware update and when starting the product, the bootloader will verify the firmware by its signature. If they match, the firmware is started, otherwise the application will stay in the bootloader or even erase the firmware.

Anti-Cloning — Authentication of Hardware

Hardware Signing in Production

To make sure a product cannot be re-produced by non-authorized manufacturers, by simply copying the hardware, emSecure will be used to sign each genuine product unit. First an emSecure key pair is generated one time. This is likely done at the production site.

emSecure Device Sign

Anti-Cloning Firmware Verification

The private key will be included in the production process of the product. At the end of the production process, after the unit is assembled and tested, some hardware-specific, fixed, and unique data, like the unique id of the microcontroller is read from the unit. This data is signed by emSecure with the private key and the signature is written back to the unit into an OTP area or a specified location on memory. The public key will be included in the firmware which will run on the product. When the firmware is running it will read the unique data from the unit and verify it with the signature. When the signature does not match, for example, when it was simply copied to a counterfeit unit with other unique data, the firmware will refuse to run.

emSecure_Device_Verification

全球总部

德国: SEGGER Microcontroller GmbH

地址: Ecolab-Allee 5
40789 Monheim am Rhein, Germany
电邮: info@segger.com
电话: +49-2173-99312-0
传真: +49-2173-99312-28

网点分布

中国:哲戈微系统科技(上海)有限公司

地址: 中国上海市闵行区秀涟路133号
大虹桥国际A 栋218室
邮编201199
电邮: china@segger.com
电话: +86-133-619-907-60

通过ISO 9001认证

ISO 9001

30多年的嵌入式行业经验

First-class embedded software tools since 1992
  • 版本说明
  • 免责声明
  • 隐私策略
  • 沪ICP备2022005181号
  • 沪公网安备 31011202014525号
© 2025 SEGGER - 版权所有.

您即将离开 segger.cn 而访问境外网站,是否继续?