Is a CRC check on the decrypted firmware sufficient for validating its integrity?

Hey guys @Middleware & OS I’m developing firmware for an embedded system with a bootloader that updates the firmware. The firmware is encrypted and decrypted by the bootloader before being programmed into flash memory. To prevent manipulation, is a CRC check on the decrypted firmware sufficient for validating its integrity, or should I implement additional security measures?

ZacckOsiemoAPP•6/18/24, 5:54 PM

What kind of additional measures?

Daniel kaluAPP•6/18/24, 5:55 PM

I was thinking of adding digital signatures (like ECDSA) to ensure authenticity and integrity. This way, the bootloader can verify the firmware's origin and check for any tampering. Would this be a good approach, or are there other measures I should consider?

ZacckOsiemoAPP•6/18/24, 5:56 PM

Well that can work, its almost up to what your implementation needs.

Is a CRC check on the decrypted firmware sufficient for validating its integrity?

Similar Threads

Similar Threads

Similar Threads