With the growing number of deployed IoT devices, the importance of secure firmware updating is significantly increased. Gartner, Inc. forecasts that 6.4 billion connected things will be in use worldwide in 2016, up 30 percent from 2015, and will reach 20.8 billion by 2020. In 2016, 5.5 million new things will get connected every day.
All these devices need a reliable firmware update system. The functions of many IoT devices, expected to be operational typically at all times, requires a minimal downtime for service tasks, including firmware update. A typical IoT device is also expected to be operational for a long time and may warrant or require many updates over its life. A consumer of an IoT solution needs to be able to receive and have firmware updates implemented for IoT devices to fix security vulnerabilities and firmware errors or add new features. Another important factor is time, especially in case of firmware update error or failure for any reason. The ability to apply a security patch to a large number of devices as fast as possible is critical to prevent and/or reduce damage from error or breach, especially from zero day attacks unlikely to be thwarted by existing security.
The firmware update method and process should be simple and should provide an easy way to roll back to the previous version if for any reason the update is ineffective.
The present invention provides a solution using a reliable firmware update method and system where all updates are controlled from the TEE and applied to the clone of the current execution environment with the extensive tests at the end. As soon as the SEE is ready and validated, it starts operating normally with continuous monitoring. The MEE becomes backup execution environment (BEE), remains unchanged and can be restored very quickly if any problems with the firmware update are discovered.
Thus embodiments of the present invention address these requirements, including allowing return to the previous version of the firmware at any time. Furthermore, to increase the overall security level of a device, a minimal allowed firmware version may be set by the security policy, delivered either by a management system or firmware update package preventing the system from rollback to a firmware with known vulnerabilities.
In November 2015, ARM announced launch of the ARMv8-M architecture with ARM TrustZone technology. It provides developers with a reasonably fast and efficient way of protecting embedded software running on Internet of Things (IoT) devices. The present invention fully utilizes capabilities of the SoC Security Extensions in an innovative way to implement a reliable and secure firmware update for Internet of Things (IoT) devices.
Limitations of the traditional firmware update approaches, compared to the present invention, will become apparent to one having ordinary skill in the art through comparison of such approaches with the present invention.