Overview
We present a novel framework (S-RFUP) that integrates industry standard protocols (PLDM, MCTP) with a hardware root of trust (HRoT) to ensure interoperable and secure remote firmware update (RFU) across multiple device platforms.
Research Objectives
- Design an end-to-end Secure Remote Firmware Update Protocol (S-RFUP).
- Leverage Project Cerberus Hardware Root of Trust (HRoT) for secure attestation.
- Integrate PLDM and MCTP standards for interoperability and scalability.
- Provide formal security analysis and real-world validation of S-RFUP.
Methods
S-RFUP addresses major OTA firmware update security gaps by combining trusted hardware-based attestation with industry standard protocols. We build on HRoT functionality from Project Cerberus to perform cryptographic validation of firmware during update cycles. To ensure broad platform support, we integrate Platform Level Data Model (PLDM) and Management Component Transport Protocol (MCTP) for uniform management of firmware updates.
The S-RFUP architecture enforces:
- Stateful secure firmware update flow (lock/unlock/attestation/verification).
- Secure key management across update processes.
- Rollback prevention and version integrity.
- Vendor-independent extensibility via standardized interfaces.
Visualizations
Impact
S-RFUP provides an interoperable, scalable, and hardware-trusted mechanism for securing remote firmware updates in heterogeneous platforms. Its modular design allows integration in critical systems (server BIOS/BMC, IoT, automotive ECUs, network equipment) with minimal vendor lock-in.
Real-world validation of S-RFUP on trusted microcontroller platforms shows strong resistance to common OTA attacks such as unauthorized updates, rollback attacks, and firmware tampering. This work represents a significant step forward in standardizing secure OTA firmware update practices in modern platforms.