Secure BLE DFU: Signed Firmware Updates Over-the-Air

Secure BLE DFU: Signed Firmware Updates Over-the-Air

Over-the-Air (OTA) firmware updates are a mandatory capability for any production BLE product. Without OTA updates, deployed devices cannot receive security patches or feature improvements. Without cryptographic signing, OTA updates become an attack vector — an adversary can push malicious firmware to any device within BLE range.

Threat Model

Signature Schemes

Ed25519 is the recommended choice for embedded targets: faster verification than ECDSA P-256, smaller key/signature sizes, and immune to side-channel attacks from non-constant-time implementations. Nordic's nRF Secure Bootloader and MCUboot both support Ed25519 natively.

Secure Bootloader Architecture

Boot sequence:
  1. CPU reset vector → Secure Bootloader (in protected flash region)
  2. Bootloader verifies Application image:
     a. Read image header (magic, version, size, hash algorithm)
     b. Compute SHA-256 of image body
     c. Verify Ed25519 signature over SHA-256 hash
        using hardcoded public key in bootloader
  3. If valid AND version >= anti-rollback minimum:
     → Jump to application reset vector
  4. If invalid OR version < minimum:
     → Enter recovery mode (advertise DFU service)
     → Accept new firmware via BLE [GATT](/glossary/gatt/) DFU service
     → Verify new image before overwriting

The public key is burned into the bootloader at compile time — never stored in writable flash. Key rotation requires a new bootloader image, itself signed by the previous key (chain of trust).

Anti-Rollback Counter

Anti-rollback prevents an attacker from downgrading firmware to a vulnerable version:

// MCUboot security counter
// In image header:
//   BOOT_IMAGE_HEADER_FLAGS_SEC_CNT — indicates counter present
//   IMAGE_TLV_SEC_CNT — security counter value

// Bootloader logic (MCUboot):
uint32_t min_version = flash_read_security_counter(); // From TrustZone / OTP
if (image_security_counter < min_version) {
    /* Reject — downgrade attempt */
    boot_go_bad();
}
// On successful boot with new counter:
flash_update_security_counter(image_security_counter);
// Counter only ever increments — OTP fuses or eFuse ideal

Nordic's NSIB (Network Secure Immutable Bootloader) uses OTP (one-time programmable) registers to store the minimum counter, making rollback physically impossible after the register is written.

Key Management

Production line setup:
  1. HSM generates Ed25519 keypair
  2. Public key embedded in bootloader binary (hex file)
  3. Bootloader flashed to device (signed itself by HSM root key)
  4. Private key remains in HSM — NEVER on developer workstations

Firmware signing CI/CD:
  1. Build firmware → binary image
  2. CI sends image to signing service (HSM API)
  3. Signing service returns image + signature
  4. DFU package = image + signature + metadata
  5. Package uploaded to CDN / mobile app bundle

Using nRF SDK's imgtool (part of MCUboot): imgtool sign --key ed25519.pem --version 1.2.0 --security-counter 5 app.bin app_signed.bin

BLE DFU Service

The Nordic DFU ATT">gatt-service/" class="glossary-term-link" data-term="GATT service" data-definition="Collection of related BLE characteristics." data-category="GATT & ATT">GATT service (UUID FE59) is the de facto standard, also used by MCUboot with the SMP protocol over BLE. The SMP (Simple Management Protocol) GATT service (UUID 8D53DC1D-1DB7-4CD3-868B-8A527460AA84) provides image upload, hash verification, and reset commands.

OTA sessions must use an encrypted connection — reject DFU requests on unencrypted links. See BLE Vulnerabilities for known DFU attack vectors.