CycloneBOOT is a secure bootloader targeting 32-bit microcontrollers. It is designed to provide a reliable and secure method for booting your device. It is tailored to work with a variety of ARM Cortex-M based microcontrollers, ensuring a seamless boot process every time.
CycloneBOOT is available either as open source (GPLv2 license) or under a royalty-free commercial license (non-GPL license). We also propose an evaluation license (90-day license in source form) with technical support for an easier onboarding and effective evaluation of our software.
CycloneBOOT is equipped with several security features to protect against external threats and unauthorized access. It includes a secure boot process that verifies the authenticity of the firmware image before processing it, ability to work with encrypted firmware update images, as well as support for digital signatures to verify the identity of the image.
In addition to security, CycloneBOOT is designed for ease of use. It is protocol agnostic, meaning that a firmware update can be performed using various physical media (Ethernet LAN, Wi-Fi, Cellular Modem, USB, UART, SD card...). CycloneBOOT features a simple and intuitive interface, allowing you to easily integrate CycloneBOOT alongside your existing firmware. It also includes support for multiple boot configurations — Single Bank with a static bootloader, Dual Bank with “In-Application Programming” where no bootloader is required to update the firmware — allowing you to customize the boot process for different scenarios.
CycloneBOOT is designed with reliability in mind. It includes fallback and anti-rollback support to ensure that your device is always able to boot, even in the event of a failure. The fallback feature allows user to revert to a previous firmware image if the latest firmware image contains bugs or serious issues. The anti-rollback feature prevents unauthorized downgrades of the main firmware image, ensuring that only authorized and secure versions of the firmware are used. This helps to protect against potential vulnerabilities that may exist in older firmware versions.
Detailed Feature List
Secure bootloader for 32-bit microcontroller
Can be integrated in client or server operation
Support for In-Application Programming (IAP)
Support for MCU with Dual-Bank or Single-Bank Flash
Support for external Flash (on request)
Can run alongside a RTOS or in Bare Metal
Integrity verification of the firmware image using CRC32, MD5, SHA-1, SHA-256 or SHA-512
Authentication of the firmware image using HMAC
Signature of the firmware image using RSA or ECDSA
Support for encrypted firmware image using AES-CBC
Fallback support (Backup current firmware and restore it if required)
Anti-rollback support (Prevent rolling-back to a known faulty firmware version)
PC utility running on Windows or Linux to build the firmware image (can encrypt the firmware and compute an integrity tag, an authentication tag or a signature)
More to come!
Supported Compilers / Toolchains
GNU GCC / Makefile
IAR Embedded Workbench
SEGGER Embedded Studio
AC6 System Workbench for STM32 (SW4STM32)
Easy to use with TCP/IP Protocols
With our experience on TCP/IP protocols we can provide you with a ready-to-use Ethernet Bootloader by bundling CycloneBOOT with CycloneTCP (TCP/IP stack), CycloneSSL (TLS library) and CycloneSSH (SSH library). You could for example fetch the new firmware image over Internet (LAN, Wi-Fi, Cellular Modem) using protocols like:
TFTP / FTP / FTPS
HTTP / HTTPS
MQTT / MQTTS
SFTP / SCP ...
Both Open Source and Evaluation packages of CycloneBOOT can be obtained from this page.
Note: These packages also include CycloneTCP (TCP/IP stack), CycloneSSL (TLS library) and various third-party software (BSP drivers, HAL layers, RTOS, etc.) for demonstration purpose.
Introduction of new error codes for specific firmware update related error scenarios. The list of error codes will be expanded gradually in upcoming releases.
AppImageBuilder CLI utility has been completely overhauled. The source code for the utility is also now available. Multiplatform support (Windows/Linux) alongside POSIX compatible CLI parameters/flags have been added. CMake based toolchain is now used to build the project and to facilitate compilation on a number of different OS’s.
CycloneCRYPTO library has been updated to version 2.2.0
Reorganization of security related (authentication, signature, and integrity verification) modules into a separate package to better code reuse
All HTTP server demo projects will now display a message in the HTML UI, if an error occurs during firmware update process
Added new demonstration projects for Nucleo-H743ZI2 (HTTP Server Dual Bank Demo, HTTPS Client Dual Bank Demo)
Reworked ECDSA verification process
Correct some edge-cases related to Single Bank update image processing (with the static bootloader)