Affordable Access

Toward a generic and secure bootloader for IoT device firmware OTA update

  • El Jaouhari, Saad
  • Bouvet, Eric
Publication Date
Jan 12, 2022
External links


The Internet of Things (IoT) devices market has shown strong growth in recent years. Time to market has become essential to be competitive, the faster a competitor develops and integrates his/her product, the more likely he/she is to dominate the market. This competition leads to critical software problems in the systems due to lack of testing or short development times. Lots present some vulnerabilities that can be exploited by attacks via botnets or malwares. Moreover, they are subject to huge number of 0-days that need quick intervention to maintain the security of the environment in which the IoT device is deployed in. For this purpose, the quick update of the firmware of these devices via patches is the most effective solution to counter these attacks. In this process, to operate embedded systems' setup , control and supervision, an important component called the bootloader have to be implemented. This piece of code can manage and execute boot sequence and launch the firmware. However, without any recommendations or references, currently, there is no generic bootloader for all the IoT device, but there are several bootloaders specific for a particular or a group of hardware or kernel. This paper aims to analyze some of these bootloaders and develop a minimal generic bootloader implementing a firmware Over-The-Air update for constrained IoT devices. After analyzing several bootloaders and the OTA update process, a PoC of a bootloaders based on FreeRTOS, has been designed and implemented, and which allows to perform firmware verifications and OTA updates.

Report this publication


Seen <100 times