Making Your Embedded Design Future-Proof Using a Bootloader on a Microcontroller

Overview of a Bootloader

The bootloader may often be overlooked during the initial stages of product development since it’s not the primary end product. However, it allows a company to launch their product with software that only fulfills a portion of their final feature set, then add features to their product or address bugs once it has been launched into the market.

Purpose of a Bootloader

As embedded designs evolve in both capability and connectivity, so does the need to enable remote application updates. Not limited to a single communications protocol, embedded connectivity takes many forms and is essential in growing markets including automotive, industrial, consumer, medical and Internet of Things (IoT).

A bootloader is a program that allows you to load application firmware via many convenient interfaces like UART, CAN/CAN FD, LIN, I²C and others. When you power up or reset your microcontroller (MCU), the bootloader is the first program to run that checks to see if there is an upload request. If there is, it will upload the new firmware and program it into Flash memory. It’s a complex and time-consuming process, but don’t worry, we simplify adding Bootloader to your design by offering Bootloader library in MPLAB^® Code Configurator (MCC), a free graphical code generation tool to assist application development using PIC24 microcontrollers (MCUs) and dsPIC33 Digital Signal Controllers (DSCs).

The main requirements for the generated bootloader code are:

• Determine if a valid end-application is loaded
• Communicate/execute supported commands
• Verify authenticity and integrity of the latest firmware received
• Erase/rewrite end-application memory space
• Transfer control to end application

A few additional features will be required for robustness:

• Ensure erase/write address are outside bootloader program memory range
• Allow the host to read the program memory
• Detect corrupted end-application code and recover gracefully

These are some of the complexities you may encounter if you were to develop a bootloader all by yourself. However, MCC Bootloader Library abstracts these complexities and simplifies adding bootloader to just a couple of clicks in MCC. Our MCC bootloader is rigorously tested and includes checks and balances to build resiliency and robustness into your designs to avoid unintentional corruption.

Secure Firmware Upgrades

Security is a critical challenge for developers performing firmware updates and the last thing we want is to get hacked. Developers who are performing firmware updates should authenticate and optionally even encrypt their application image to prevent anyone from gaining insight into proprietary firmware or reverse engineering and hacking the system. Our high-performance dsPIC33C DSCs and low power PIC24F MCUs, combined with our ATECC608 CryptoAuthentication™ and TrustAnchor100 (TA100) CryptoAutomotive™ security ICs or dsPIC33C MPT Secure DSCs, provide a particularly interesting set of security features that enable implementing immutable secure boot and secure firmware upgrade capabilities.

Secure boot ensures that only authorized firmware is executed on the device; however, a hacker may try to exploit old firmware and try to undo any firmware updates. For example, a hacker could try to reflash a device with an older image which can result in serious security implications. Anti-roll back prevents these attacks by making sure older versions of the firmware cannot be loaded by these hackers. Roll back, however, is possible for recovery purposes, but only if it has been authorized. 

How else can we make these bootloaders robust? Besides holding off software execution after a power event, robust bootloader entry methods are important for safeguarding an application. Overly simple methods of entry, such as detection of only a single UART byte, are not recommended. A 32-bit or longer detection sequence, containing a mix of “1” and “0” bits, is much less likely to accidentally decode from random communication noise. It is also recommended to implement a Flash memory unlock command in the bootloading protocol instead of hard coding in application software. The host application should be responsible for sending not only the command to enter Bootloader mode, but also a separate command to unlock erase/write operations before being allowed to send additional commands that modify the Flash memory contents.

Trust cannot rely only on the device but also on the manufacturing process. Exploiting weaknesses in manufacturing lines is one of the top targets for hackers. Isolating keys and secrets from manufacturing is equally vital. Customers can leave this burden to Microchip's secure factories and leverage our trusted provisioning service.

Solution from Microchip/Introduction to MCC Melody

Developing custom bootloader code can be a complex and time-consuming process. With all these critical challenges, how does Microchip’s solutions solve them?

MCC Bootloader for dsPIC33 DSCs and PIC24 MCUs allows customers to configure and use the bootloader and the application associated with the bootloader. Integration of bootloader in a design consists of three parts:

1. Host Application
2. Device Bootloader
3. Device End Application

The host application is responsible for loading the new hex file and sending it to the bootloader through supported command syntax. The device end application is required to be aware of the bootloader and must understand how to return control to the bootloader upon request or configured events. The device bootloader by default is generated to run upon start-up and confirms if a valid application is loaded. If a valid application is present, control is relinquished; otherwise, the operation will remain within the bootloader.

The host application used to manage the bootloader process can be Microchip’s Unified Bootloader Application, which can be a stand-alone application, or a separate external microcontroller device. Either way, the end purpose remains the same: updating the end application firmware version through use of the Bootloader and supported commands.

MCC Melody along with the Bootloader library should provide all the support you need to speed up the development time of your design/end application. The upgraded and flexible architecture offered by MCC Melody, which was developed from MCC Classic, makes it simple to configure devices, peripherals, libraries and code. It clearly visualizes components’ dependencies to simplify development and offers easy maintenance by enabling content versioning at driver level. You can easily migrate across microcontrollers with MCC Melody to keep up with your application needs.

MCC Melody provides libraries, drivers, Peripheral Libraries (PLIBs) and Hardware Initializers (HWI) for the development of embedded software for Microchip PIC^® and AVR^® microcontrollers and dsPIC^® DSCs. These components are customized via a graphical configuration tool, which generates highly efficient C code.

The low-level PLIBs, which are simple, function to initialize and control peripherals and basic device features. The System Drivers enable configuration of general functionality, often used by other peripherals, such as pins, interrupts and the system clock. Drivers depend on PLIBs and abstract the hardware details away from libraries and applications. Libraries use drivers and system services for device independence and provide support for networking, USB, cryptography and other capabilities often required by today’s embedded applications. You can install MCC Melody from within MPLAB X IDE/MPLAB Xpress or download and install it as a plugin.

Key Takeaways

So, what makes a bootloader a good bootloader? Ease of use is one of the principal requirements, which we provide with our MCC bootloader using PIC24 microcontrollers and dsPIC33 DSCs. The simple GUI interface enables you to create bootloader firmware designed to suit your application needs. We also provide application firmware configuration that enables you to easily customize the bootloader with your application.

Learning Opportunities

• To see a live demo of implementing a bootloader, secure boot and secure firmware upgrade, access our on-demand Microchip University class: "Bootloader for the dsPIC33/PIC24 Devices Using MPLAB X IDE and the MPLAB Code Configurator (MCC)"
• Watch our "MCC Bootloader for dsPIC33 DSCs and PIC24 MCUs" video to learn how MCC enables you to add a bootloader to your PIC24 MCU or dsPIC33 DSC based application while reducing your design time, futureproofing your products and reducing your design risk.
• Watch "SHIELDS UP! Webinar #26: Simplifying Secure Application Designs with dsPIC33/PIC24 and ATECC608 Device" to learn how using dsPIC33 DSCs and PIC24 MCUs with an ATECC608 secure element and MCC simplifies implementing secure boot and secure firmware upgrades in your designs.
• Be sure to check out our application note on safeguarding flash memory self-write operations.

Looking to future-proof your embedded designs? Explore cutting-edge tools and community-driven innovation at Microchip Makes.