New Technical Guide: Secure update of embedded systems
We are pleased to share the publication of a new technical guide (STIG) dedicated to secure firmware updates for microcontroller-based equipment.
This guide focuses on a dual-bank update strategy, where a new firmware image is written to an inactive bank, then verified before activation. The approach relies on signed and authenticated update artifacts to ensure integrity, authenticity, and safe rollback in case of failure.
It is intended for embedded cybersecurity and platform teams who need a practical and auditable method to deploy updates securely on constrained systems.
Guide Objectives
The guide aims to:
- formalize security objectives for secure update workflows on critical embedded systems
- define a robust dual-bank process for update staging, boot selection, validation, and rollback
- connect realistic attack scenarios (tampered image, replay, interrupted update) to concrete controls
- provide verification criteria to demonstrate integrity, authenticity, and operational resilience
It also discusses implementation constraints specific to microcontrollers (limited memory, bootloader trust boundaries, and fault handling) so the method can be integrated into a broader secure system architecture.
Download the Guide
English version: Download Technical Guide (PDF)
French version: Télécharger le guide technique (PDF)
The document is published under a Free License.