RSS Feed

Embedded Systems Blog

First Secure CANcrypt CAN FD Bootloader available

July 19th, 2017 No comments

Today, the Embedded Systems Academy announces the availability of its secure CANcrypt CAN FD bootloader for the NXP LPC54618 microcontroller. The binary version is available as free download and may be used without limitations. For programming, the FlashMagic software (www.flashmagictool.com) and a PEAK PCAN-USB FD interface (www.peak-system.com) is required.

The security system is based on two symmetric keys, separating the code protection (happening at the manufacturer) from the download process done by a system integrator or service technician. The code file is AES-GCM (128-bit key) protected, offering both encryption and authentication. The local CAN FD connection (between service host and bootloader) is CANcrypt protected (128-bit key, authentication and partial encryption).

On the host side, the update process is fully integrated into the existing FlashMagic software that handles Flash programming for all NXP LPC microcontroller families.

Secure Bootloader Components

The figure illustrates the components of the system. The bootloader and the initial two keys (code protection, connection) are programmed into the LPC54618 device in a trustworthy manufacturer environment.

For a code update, the manufacturer creates a secure update file based on the first, code protection key. The file is encrypted and can be passed to the service technician through an unsecured channel such as email or web download. FlashMagic includes a minimal CANcrypt configurator, allowing the technician to initiate the code update using the second, CANcrypt connection key.

The secure bootloader does not by default disable the on-chip bootloaders and debug access by SWD to ensure that the default implementation can not accidentally lock a device. However, if all of these recovery methods are disabled, either during production or through a programmed application, then the secure bootloader remains the only method for code updates. In this configuration, once the CANcrypt connection key is lost, no further updates will ever be possible.

In addition to this free binary loader, ESAcademy offers a commercial version including all sources. This version offers more configuration options, such as customizing the CAN-FD bit rates (default is 500kbps/2000kbps) and security methods.

The security experts at MathEmbedded are in the process of reviewing the project. Once completed, we will publish the results here.

Download link: LPC54618_secure_CANFD_bootloader_V100.zip

MD5: 28a896e17a9a57b938337095fbd35372
SHA256: eb6d22e9390e0d1a79f04a81f926bcd98d496dd65f03535298e1ebf050e4729c

.NET Support for Flash Magic

May 12th, 2010 No comments

We have released a new product called “Flash Magic Production System NET” which contains support for writing Flash Magic based applications in .NET languages.

Included are .NET assemblies for each of the driver DLLs used by Flash Magic. The API has been designed to take advantage of .NET features such as exceptions while maintaining familiarity for those already working with the existing C-based API.

The users of these new .NET assemblies allow developers to quick start working with Flash Magic technologies using the .NET language of their choice.

View a comparison table (scroll down) showing the differences between the new product and the existing Flash Magic Production System.

Categories: Flash Magic Tags:

Flash Magic 5.60 Released

January 28th, 2010 No comments

The Production System version can now be installed by an Administrator User and then used by a Limited User, ideal for production line use. The Limited User can access all the functionality of the application (with the exception of Ethernet bootloader support) and they cannot uninstall it.

This release also contains some minor improvements for the P89(L)V51Rx2 and LPC1751 devices. Get it now from http://www.flashmagictool.com.

Categories: Flash Magic Tags: