Trusted products and services for embedded security. Join-us on Linkedin


Secure Firmware Update Over-the-Air

Firmware update is a must, but needs also to be secured

In the context of Internet of Things (IoT) and Cyber Physical Systems (CPS), Firmware Over-The-Air (FOTA) management system are widely used to update products firmware in the field in order to :

  • Improve the value of existing devices by enhancing their functionality and performance
  • Eliminate costly recalls/local maintenance or physical replacements because of functional or security bugs.
  • Reduce testing and support costs by keeping all devices at the same version, so there is no need to support older versions of the software.

Firmware updates are indeed an essential security mechanism, with both a curative use to update the firmware when vulnerabilities have been identified, and a preventive use to block unauthorized firmware updates by attackers.

A firmware update is however a highly sensitive operation, carrying a massive security risk, as an attacker can misuse it to break or disable the device, unlock restricted features, or load a modified version of the firmware with disabled security and/or safety features. It is therefore essential to provide maximum care that the FOTA system be sufficiently hardened in order to be resilient against hackers. 

Why ProvenFOTA

Many firmware update solutions are insecure because they rely on agents running in the same address space as the underlying Rich OS (Android, Linux, etc).  They are therefore vulnerable to the large numbers of local and remote attacks that affect Rich OSs, which makes it impossible to trust the authenticity and confidentiality of the firmware update package.

ProvenFOTA is secure software application that benefit from ProvenRun’s years of expertise in developing security applications for embedded systems. Its architecture relies on the use of a secure OS, to provide a secure execution environment that is protected from attacks that can be perform from the Rich OS, to make sure that the firmware of the device stays authentic and cannot be downgraded.


  • Secure boot
  • Secure OS protection
  • Cryptographic operations
  • Secure key and certificate management
  • Extensive security validation


ProvenFOTA Solution:

  • No OS modifications
  • Fit the requirements and architectures of most deployments
  • Leverages on Hardware Root of Trust
  • High security assurance level

Supported hardware

ProvenFOTA is available on selected ARM Cortex-A microprocessor leveraging on the TrustZone hardware isolation. The board should be equipped with enough RAM to store one copy of the update firmware image along with the Rich OS.

Please contact us for more details.

Challenge coverage



Security needs to be integrated at the design stage (security-by-design) and embedded in the most effective way wherever it is required in the technical infrastructure. There are many ways to embed security in systems and devices and the selected solution will be the result of a trade-off between cost, security level and performance.

More info
Trusted Computing Base

Trusted Computing Base

Security engineers define the Trusted Computing Base (TCB) as the set of hardware, firmware and software components that are critical to the security of a system. In order to limit the risk of vulnerabilities, the TCB need to be well identified, as small as possible and made-up of components that can be really trusted.

More info

Other Secure Applications