Secure Firmware Update

The system must support secure ways to handle modifications (e.g. by means of updates) to the firmware. Intentional modifications (e.g. a user installing a legitimate vendor update) must be possible, unauthorized modification must not be possible (such as an attacker trying to install a modified firmware using the official update mechanism – unofficial mechanisms are covered in Lock Logical Access ).

The sources listed below contain detailed guidance, however, the following aspects should be particularly taken into account:
  • Updates should be signed in cryptographically secure way. Guidance on that can be found in NIST SP 800-89, NIST FIPS 186-3, or NIST SP 800-131A
  • The Root of Trust for Update (RTU) should be stored in a tamper-protected way, e.g. using hardware key stores. Those key stores must be properly closed after usage.
  • The lifetime of the RTU must be adjusted to the expected lifetime of devices and update frequency, which is often much longer for embedded devices than regular IT devices.
  • Evaluate computing resources limits (such as limited storage when extracting update bundles) and environmental factors (such as limited network connectivity/connectivity with only specific protocols) to avoid update starvation or even bricking.

Nist - SP800-147 BIOS Protection Guidelines:

Some of the elements are specific for BIOS updates, but most are relevant as a general purpose guide for firmware updates:
  
1. Approved BIOS Update Mechanisms
  • 1-A All updates to the system BIOS shall use either an authenticated BIOS update mechanism as described in Section 3.1.1 or an optional secure local update mechanism compliant with the guidelines in Section 3.1.2.

2. BIOS Update Authentication
  • 2-A There shall be a Root of Trust for Update (RTU) that contains a signature verification algorithm and a key store that includes the public key needed to verify the signature on the BIOS update image.
  • 2-B The key store and the signature verification algorithm shall be stored in a protected fashion on the computer system and shall be modifiable only using an authenticated update mechanism or a secure local update mechanism as outlined in Section 3.1.2.
  • 2-C The key store in the RTU shall include the public key for verifying the signature on a BIOS update image or include the hash [FIPS 180-3] of the public key for verifying the signature on a BIOS update image that includes the public key. In the latter case, the update mechanism shall ensure that the hash of the public key provided with the BIOS update image appears in the key store before using the provided public key to verify the signature on the BIOS update image.
  • 2-D BIOS images shall be signed in conformance with NIST SP 800-89, Recommendation for Obtaining Assurances for Digital Signature Applications [SP800-89], using an approved digital signature algorithm as specified in NIST FIPS 186-3, Digital Signature Standard [FIPS186-3], that provides at least 112 bits of security strength, in accordance with NIST SP 800-131A, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths [SP800-131A].
  • 2-E The authenticated update mechanism shall ensure that the BIOS update image has been digitally signed and that the digital signature can be verified using one of the keys in the key store in the RTU before updating the BIOS.
 
3. Secure Local Update (Optional) BIOS implementations may optionally include a secure local update mechanism, where physical presence authorizes installation of BIOS update images without necessarily using the authenticate update mechanism.
  • 3-A A secure local update mechanism shall ensure the authenticity and integrity of the BIOS update image by requiring physical presence.
 
4. Integrity Protection
  • 4-A The RTU and the BIOS (excluding configuration data used by the BIOS that is stored in non­volatile memory) shall be protected from unintended or malicious modification using a mechanism that cannot be overridden outside of an authenticated BIOS update.
  • 4-B The protection mechanism shall be protected from unauthorized modification.
  • 4-C The authenticated BIOS update mechanism shall be protected from unintended or malicious modification by a mechanism that is at least as strong as that protecting the RTU and the system BIOS.
  • 4-D The protection mechanism shall protect relevant regions of the system flash memory containing the system BIOS prior to executing firmware or software that can be modified without using an authenticated update mechanism or a secure local update mechanism.
  • 4-E Protections should be enforced by hardware mechanisms that are not alterable except by an authorized mechanism.
 
5. Non-Bypassability These non-bypassability guidelines do not apply to configuration data used by the system BIOS that is stored in non-volatile memory.
  • 5-A The authenticated BIOS update mechanism shall be the exclusive mechanism for modifying the system BIOS absent physical intervention through the secure local update mechanism.
  • 5-B The design of the system and accompanying system components and firmware shall ensure that there are no mechanisms that allow the system processor or any other system component to bypass the authenticated update mechanism, except for the secure local update mechanism.
  • 5-C While system components may have read access to BIOS flash memory, they shall not be able to directly modify the system BIOS except through the authenticated update mechanism or by an authorized mechanism requiring physical intervention.
  • 5-C.i Bus mastering that bypasses the main processor (e.g., Direct Memory Access to the system flash) shall not be capable of directly modifying the firmware.

Microcontrollers on the system shall not be capable of directly modifying the firmware, unless the hardware and firmware components of the microcontroller are protected with equivalent mechanisms at the RTU.​​