Method and system for securely updating firmware in a computing device
First Claim
1. A method for updating firmware in a computing device, the computing device including a host processor and a non-volatile memory, the method comprising:
- receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key;
receiving the second crypto-key from an external key source;
decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image;
storing the encrypted firmware image in the non-volatile memory of the computing device;
reading the encrypted firmware image from the non-volatile memory of the computing device;
decrypting the encrypted firmware image using the first crypto-key to produce the firmware; and
executing the firmware on the computing device;
wherein the second crypto-key is received and stored at a secure element located between the host processor and the non-volatile memory; and
wherein the secure element is configured to apply decryption to data addressed to code blocks in the non-volatile memory and to pass without decryption data addressed to data blocks in the non-volatile memory.
10 Assignments
0 Petitions
Accused Products
Abstract
Embodiments of a method are disclosed. One embodiment is a method for securely updating firmware in a computing device, in which the computing device includes a host processor and a non-volatile memory. The method involves receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key. The method also involves receiving the second crypto-key from an external key source, decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image, storing the encrypted firmware image in the non-volatile memory of the computing device, reading the encrypted firmware image from the non-volatile memory of the computing device, decrypting the encrypted firmware image using the first crypto-key, and executing the firmware on the computing device.
23 Citations
17 Claims
-
1. A method for updating firmware in a computing device, the computing device including a host processor and a non-volatile memory, the method comprising:
-
receiving a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key; receiving the second crypto-key from an external key source; decrypting the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image; storing the encrypted firmware image in the non-volatile memory of the computing device; reading the encrypted firmware image from the non-volatile memory of the computing device; decrypting the encrypted firmware image using the first crypto-key to produce the firmware; and executing the firmware on the computing device; wherein the second crypto-key is received and stored at a secure element located between the host processor and the non-volatile memory; and wherein the secure element is configured to apply decryption to data addressed to code blocks in the non-volatile memory and to pass without decryption data addressed to data blocks in the non-volatile memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computing device comprising:
-
a data interface configured to receive a double-encrypted firmware image from an external firmware source, wherein the double-encrypted firmware image is generated from firmware that is encrypted a first time using a first crypto-key and then encrypted a second time using a second crypto-key, and to receive the second crypto-key from an external key source; a host processor configured to execute program code of the firmware; a non-volatile memory configured to store an encrypted image of the firmware; and a secure element located in a data path between the host processor and the non-volatile memory and having a crypto-engine, the crypto-engine being configured to decrypt the double-encrypted firmware image using the second crypto-key to produce an encrypted firmware image and the secure element being configured to provide the encrypted firmware image to the non-volatile memory of the computing device for storage; the host processor being configured to read the encrypted firmware image from the non-volatile memory, to decrypt the encrypted firmware image using the first crypto-key to produce the firmware, and to execute program code of the firmware on the computing device; wherein the secure element is configured to apply decryption to data addressed to code blocks in the non-volatile memory and to pass without decryption data addressed to data blocks in the non-volatile memory. - View Dependent Claims (10, 11, 12)
-
-
13. A method for confirming the presence of a secure element in a computing device, the computing device including a host processor and a non-volatile memory, the method comprising:
-
receiving an encrypted random number at the secure element, wherein the random number is encrypted using a crypto-key; receiving the crypto-key from an external key source; decrypting the encrypted random number at the secure element using the crypto-key to produce a decrypted random number; storing the decrypted random number in the non-volatile memory of the computing device; reading the decrypted random number from the non-volatile memory of the computing device; comparing the decrypted random number to a stored version of the random number; and confirming the presence of the element if the decrypted random number matches the stored random number. - View Dependent Claims (14, 15, 16, 17)
-
Specification