Welcome to the Crypto-Bootloader training series. In part 1, we'll discuss firmware updates in network connected MCUs. As you may know, in-field firmware updates are becoming an increasingly popular feature, supported on products that are deployed to the field. However, this feature is also very commonly exploited by attackers, and if vulnerable, can compromise the security of the system. In this series of sessions, we will talk about the various security concerns of the in-field firmware updates process, and about a custom bootloader, or BSL solution, referred to as the crypto-bootloader, for increasing the security of the in-field firmware updates in ultra-low power MSP microcontrollers. 

In-field firmware updates have many advantages, including the ability to fix firmware bugs in a product that has already been released, the ability to add new features and functionalities to products that are already deployed in the field, the ability to enable or disable product features or functionality in the field without having to update the complete firmware. A typical field firmware update process involves the following steps. Before deploying to the field, product manufacturer first loads firmware image onto the device, and then deploys the product to the field. 

Once the product is deployed in the field, any updates to the firmware will make use of the field firmware updates process, wherein the product manufacturer creates a new firmware image in a trusted environment. The new firmware image is then sent to the product in field, possibly over an untrusted communication channel. And finally, the new firmware image is loaded onto the device in field in an untrusted environment. 

This slide shows an example representation of the new firmware image flow in network connected systems. New firmware image is transferred from the product manufacturer to the end nodes with MCUs over the network-- in this case, WAN and LAN networks. It is important to point out, as part of the network security, the LAN and WAN interfaces incorporate necessary security measures that are dictated by the interface protocols used in the network connectivity, applying security measures to in-field firmware update processes at an application level as an additional layer of security to the one provided by the network. In other words, the new firmware image that needs to be transferred from the product manufacturer to the MCUs use and end nodes over the network are secured at an application level, even before the data enters the network and the application level security is enabled. 

Application level security offers many advantages. One, the security of firmware image in the network is not dependent on the security of the network alone. Two, it supports security of the firmware image at the LAN gateway controller when switching between LAN and WAN network security protocols. Three, it offers an increased level of security at the various nodes in the network. For example, if an attacker has access to the end node, then this application level security ensures that the firmware image information is not readily accessible until the MCU application layer retrieves it. In order to ensure security beyond this point, appropriate measures within the MCU should be considered to handle the desired level of security based on the types of concern.