1. Technical Field
The present invention relates to an electronic device as well as to a method for software or firmware updating of an electronic device.
2. Description of the Related Art
Modern electronic devices typically comprise some hardware components, wherein at least some of the hardware components are programmable by means of software. The software or firmware for the operation of the electronic device can be updated, for example, in order to improve the operation or the security of the device. However, when the software or firmware of an electronic device is updated, it is desirable that the new software or firmware is of a more recent version than the currently stored software or firmware. The technique to avoid updating currently stored software or firmware with an older version is called anti-rollback. An anti-rollback scheme is advantageous to protect content, i.e., if a vulnerability in the software or firmware is found, such a vulnerability can be avoided by a new software or a new firmware dealing with the vulnerability. Furthermore, by means of an update of the software or firmware, the security of an electronic device can be improved. Therefore, users can be protected from malicious attacks. For example, if a firmware rollback is applied to an electronic device, user secrets like payment password, identity data, and the like, which is stored in the device, may be retrieved from the device by using a firmware previously present.
A software or firmware update can, for example, also be performed wirelessly over the air, i.e., a firmware over-the-air (FOTA) can be performed.
An anti-rollback of a firmware or software is typically achieved based on a clock and a validity period associated to each software or firmware version. The clock may be implemented as hardware or software and the software will stop the clock as soon as the validity period has expired. However, here, the validity period has to be defined or determined. On the other hand, if a problem is discovered in the firmware or software, it should be updated regardless of whether the validity period has expired or not.
Alternatively, the anti-rollback technique can be applied when an update of a software or firmware is performed. This anti-rollback technique is used to control the integrity of the software, for example, by means of internal cryptographic keys. Therefore, hardware associated thereto will perform the integrity check of the software or firmware when the device is booted. The hardware will only perform the update with the new software or firmware if the version number of the new software or firmware is higher than that of the current software. Furthermore, the hardware can use internal keys to update the integrity check value. However, it should be noted that here, the anti-rollback is tightly coupled to the hardware controlled integrity and secret cryptographic keys.
GB 2430774 B discloses a method of software updating and a corresponding processor unit. Here, an anti-rollback system is provided which is based on version numbers. Therefore, the version numbers can be stored securely. The disadvantage of such a solution is the costs required for the hardware will depend on the software numbering.
GB 2425193 A discloses an anti-rollback system based on version numbers. A one-time write memory element is provided to achieve a functionality of a bit-by-bit analysis, wherein the bit will depend on the version number of the software. In particular, one way to bind the version of the installed software to the hardware of the electronic device is to use a special numbering of the software. Accordingly, one bit per existing software version is needed.