S-RFUP: Secure Remote Firmware Update Protocol
We present a novel framework (S-RFUP) that integrates industry standard protocols (PLDM, MCTP) with a hardware root of trust (HRoT) to ensure interoperable and secure RFU across multiple device platforms.
Traditional over-the-air (OTA) update mechanisms lack security features. As a result, OTA firmware updates expose a device to several threats including unauthorized update, introduction of malware in the firmware code and rollback of firmware to an vulnerable older version. A handful of domain specific OTA firmware update protocols, especially in the automotive sector, have started incorporating rudimentary security features; however, these are not always enough. Moreover, a lack of standardization can lead to compatibility issues. In this work, we introduce the Secure Remote Firmware Update Protocol (S-RFUP) for platform ( We use the term ``platform'' to mean any computer or hardware device and/or associated operating system, or a virtual environment on which software can be installed and run. Source NISTIR 7698, \url{https://nvlpubs.nist.gov/nistpubs/Legacy/IR/nistir7698.pdf}) firmware updates that enhances security and operational integrity across firmware devices during the update procedure. We build upon the hardware root of trust functionality provided by the Project Cerberus to perform secure attestation. With a goal of providing uniformity across a multitude of platforms, we leverage industry standards such as Platform Level Data Model (PLDM), Management Component Transport Protocol (MCTP), and well established cryptographic algorithms. Incorporating PLDM and MCTP reduces the management complexity and ensure interoperability between different hardware and software components in platform. We provide a security analysis of the proposed S-RFUP framework and discuss its implementation, testing and validation results.