A fully integrated reference design for secure over-the-air (OTA) firmware updating of IoT devices is secured from the cloud to the device’s code storage memory.
By providing a proven way to implement secure firmware updates on a secure and certified hardware and software, the 
Winbond/Nuvoton/Qinglianyun solution reduces the time it takes to develop new IoT devices and helps OEMs get to market faster with products for smart city, smart home, metering, industrial control, and other security-conscious applications.
The reference design is based on the Nuvoton M2351SF IoT Security MCU, a multi-chip module consisting of the M2351 IoT Security microcontroller and Winbond’s W77Q TrustME secure Flash memory IC. The M2351 microcontroller is based on the Arm Cortex-M23 secure processor core with TrustZone technology. The module’s W77Q secure Flash device is connected to the M2351 via an encrypted serial peripheral interface which resists sniffer attacks on data transferred between the two chips.
To provide a trusted execution environment (TEE) for secure OTA firmware updating operations and communications with the cloud, the M2351 runs Qinglianyun’s TinyTEE secure software stack in TrustZone-protected hardware. Using the 32 Mbit secure storage provided by the W77Q, the reference design provides for storage of secure and non-secure firmware and data, authenticated access control to ensure the integrity of firmware and data, and rollback protection.
The TinyTEE software on the M2351 connects to Qinglianyun’s secure cloud service, which provides a full suite of IoT device management capabilities, such as device authentication, secure storage, encryption engine, and true random number generator, comply with Global Platform TEE standard interface.
This system thus provides a secure chain of trust for the provision of OTA firmware updates from the cloud all the way to the W77Q Secure Flash memory, with no vulnerability to remote attack or exposure of private data. The solution provides a comprehensive set of security essentials. The W77Q helps ensure robust, end-to-end security in IoT devices by enabling:
Secure storage
Secure boot and root-of-trust
Authenticated and encrypted data transfer between the Flash device and the host
Secure Execute-in-Place (XiP) of boot and application code
System resilience, supporting the key security functions of protection, detection and recovery
The M2351 microcontroller also offers multiple security capabilities including a secure bootloader, hardware cryptographic accelerators, execute-only memory, and tamper-detection pins.
For more information about the Winbond/Nuvoton/Qinglianyun solution for secure OTA firmware updating, contact your local Winbond sales office or authorized distributor.
