Is there any recommendation to implement encrypted image updates with the Kocherga bootloader?
I am contemplating a security mechanism where a unique key is generated and embedded in each device during its initial firmware flash. Subsequent firmware updates would then be encrypted with this device-specific key. During the update process, only the device holding the corresponding key would be able to decrypt and apply the update. This technique aims to safeguard the firmware content and restrict updates exclusively to the intended recipient device.
Any insights or guidance on this approach would be greatly appreciated.
Sure, this should be possible, you just have to extend kocherga properly. Avail yourself to open-source crypto libraries (i.e. BearSSL) and/or integrate with a secure element (i.e. ATECC608A). There is even an application note on implementing secure booting w/ the ATECC608A, see here.
The problem appears to be only loosely related to Kocherga. Kocherga addresses the problem of transferring the firmware image between the local MCU and a remote file server via Cyphal, plus integrity checking and certain de-bricking logic. The rest is up to the user’s code; this includes the task of image encryption.
One approach could be to introduce additional flags in the application’s signature, indicating that the firmware payload is encrypted. Alternatively, a more elegant solution might involve using a special extension for the remote_file_path. This extension would signify the encrypted nature of the payload, streamlining the process.
I plan to implement one of these proposed solutions and will report back on the outcomes.