HOMEABOUTSKILLSRESUMEPORTFOLIOCONTACT
portfolio/STM32 Custom Bootloader

STM32 Custom Bootloader

Secure, multi-stage bootloader implementation for STM32 microcontrollers with encryption and delta patching.

CCMakembedTLSJANPATCH

Contents

  1. Demo Videos
  2. Overview
  3. Key Features
  4. Technical Specifications
  5. System Architecture
  6. Memory Layout
  7. Image Header Structure
  8. Security Features
  9. Technologies Used
  10. Challenges & Solutions
📁View Repository

Demo Videos

Regular boot process
1/4

Overview

A comprehensive, multi-stage secure bootloader system for STM32F4 microcontrollers designed for mission-critical applications requiring reliable and secure firmware updates. This bootloader provides advanced functionality including firmware encryption, incremental updates via delta patching, and failsafe recovery mechanisms.

The system implements a robust four-stage bootloader architecture:

  • Boot (16KB): Primary bootloader that validates and hands off to Loader
  • Loader (48KB): Interactive menu-based bootloader for normal boot or update selection
  • Updater (64KB): Handles firmware updates via XMODEM with encryption and delta patching
  • Application (384KB): Main application firmware

Updates can be delivered as full firmware images or as delta patches to minimize bandwidth usage and update time, reducing transmission size for minor updates.

Project Goal: Security features include firmware encryption (AES-128-GCM) and authentication via mbedTLS. The bootloader implements a secure boot chain that verifies each stage of the boot process using component-specific magic numbers, CRC32 checksums, and version checks, ensuring that only authenticated firmware can execute on the device.

Key Features

  • Four-stage bootloader architecture - structured validation chains
  • Full firmware image updates - with encryption
  • Delta patching - for bandwidth-efficient updates
  • Secure boot process - with multi-level validation
  • Version compatibility verification - prevents downgrade attacks
  • Interactive menu - for update control
  • Error detection and handling - during update process

Technical Specifications

Hardware Platform

  • STM32F4 microcontroller
  • UART communication interface

Security Features

  • AES-128 GCM encryption
  • GMAC authenticated
  • CRC32 integrity verification
  • Magic number validation

Update Features

  • XMODEM-CRC protocol
  • JANPATCH delta patching
  • Version compatibility checks

Development Stack

  • CMake build system
  • ARM GCC compiler
  • STM32 HAL library
  • Python scripts for encryption and patching

System Architecture

Bootloader Flow

The bootloader consists of four components with a secure chain of trust and multiple paths for normal operation and updates:

Update Process

The update process involves multiple security steps:

Memory Layout

The bootloader uses a carefully desided memory layout for its components:

ComponentAddress RangeSizeDescription
Boot0x08000000 - 0x08003FFF16KBPrimary bootloader
Loader0x08004000 - 0x0800FFFF48KBMenu-based bootloader
Updater0x08010000 - 0x0801FFFF64KBUpdate manager
Application0x08020000 - 0x0807FFFF384KBMain application
Backup0x08080000 - 0x080BFFFF256KBBackup region for updates
Patch0x080C0000 - 0x080FFFFF256KBTemporary storage for patches

Image Header Structure

Each firmware component includes a 512-byte header with the following structure:

C
typedef struct __attribute__((packed)) {
    uint32_t image_magic;
    uint16_t image_hdr_version;
    uint8_t  image_type;
    uint8_t  is_patch;
    uint8_t  version_major;
    uint8_t  version_minor;
    uint8_t  version_patch;
    uint8_t  _padding;
    uint32_t vector_addr;
    uint32_t crc;
    uint32_t data_size;
    uint8_t  reserved[0x1E0];
} ImageHeader_t;

Each bootloader component is identified by a unique magic number:

  • Loader: 0xDEADC0DE
  • Updater: 0xFEEDFACE
  • Application: 0xC0FFEE00

Security Features

Encryption

  • AES-128 GCM GMAC algorithm for encryption and authenticity
  • Implemented using mbedTLS cryptography library
  • Both full firmware images and patches are protected with encryption and authentication tags

Firmware Validation

  • Component-specific magic numbers for image type verification
  • CRC32 checksums to ensure firmware integrity
  • Version number validation to prevent downgrade attacks
  • Image type verification to prevent cross-component attacks

Secure Boot Chain

  • Boot validates Loader (or Updater as fallback)
  • Loader validates Application (or enters update mode)
  • Updater validates all firmware images before flashing

Challenges & Solutions

  • Implementing a secure update chain that prevents unauthorized firmware execution
  • Creating an efficient delta patching system for resource-constrained devices
  • Designing failsafe mechanisms to recover from interrupted updates
  • Coordinating multiple bootloader stages with proper handoffs
  • Implementing proper image validation at each stage
Back to Portfolio View Source Code