I am working with a board which ready to be sold. I received a task: Can a layer of security be created to prevent everyone else, except us from downloading firmware to our MCU on this board. My initial exploration led me to consider the implementation of Secure Boot as a potential solution. Secure Boot would effectively disallow the reading or downloading of firmware by leveraging a customized bootloader. However, it became apparent that this approach has a potential vulnerability. Even with Secure Boot in place, an individual could potentially reinstall a new bootloader and subsequently download their own firmware onto our board. This raised concerns about the possibility of unauthorized use of our hardware for unintended purposes.
Consequently, I am actively seeking a comprehensive solution that not only prevents unauthorized firmware downloads but also safeguards against the installation of alternative bootloaders. The overarching goal is to ensure the exclusivity of our hardware for its intended purpose. I am keen to explore any viable options or strategies that may address these security challenges. Is it possible?
Yes, this is possible as you suggest. Select your MCU wisely.
Practically every current MCU can be protected against read-out. But for many MCU families you cannot stop someone with direct access to the hardware to replace the firmware with whatever she wants after a full erasure.
In these cases you can put some secrets into your firmware that locks unauthorized devices out of your services. An alternative firmware will not know this secret.
Some MCU families have an additional protection against a complete erasure without provision by the running firmware: