CycloneBOOT
Secure Bootloader for ARM Cortex-M MCU

CycloneBOOT is a secure firmware update solution targeting 32-bit microcontrollers. It provides a reliable and secure method for booting and updating the firmware of your device. Tailored to work with a variety of ARM Cortex-M based microcontrollers, CycloneBOOT ensures a seamless boot process every time.

CycloneBOOT is available either as open source (GPLv2 license) or under a royalty-free commercial license (non-GPL license). We also propose an evaluation license (90-day license in source form) with technical support for an easier onboarding and effective evaluation of our software.

CycloneBOOT Secure TCP/IP Bootloader for Microcontroller (MCU)

Main Features

CycloneBOOT includes several security measures to protect against external threats and unauthorized access. It features a secure boot process that verifies the integrity of the firmware update before processing it. It is also capable of working with encrypted firmware and supports authentication or digital signature to verify the incoming firmware updates.

CycloneBOOT is protocol agnostic, allowing firmware updates to be performed using various communication channels such as Ethernet, USB, UART, Wi-Fi, Cellular Modem, etc. It features a simple and intuitive interface, making it easy to integrate alongside your existing firmware and your favorite protocol.

CycloneBOOT offers versatile support for various memory partitioning configurations. Featuring In-Application Programming (IAP), it accommodates Single Bank MCUs used with or without external flash, as well as Dual Bank MCUs. This flexibility enables to tailor the boot process to suit different scenarios.

CycloneBOOT includes fallback and anti-rollback support to ensure that your device is always able to boot, even in the event of a failure. The fallback feature allows user to revert to a previous firmware if the latest firmware contains bugs or serious issues. The anti-rollback feature prevents unauthorized downgrades of the current firmware, ensuring that only latest versions of the firmware are used. This helps to protect against potential vulnerabilities that may exist in older firmware versions.

Detailed Feature List

  • Secure firmware update solution for 32-bit MCUs (ARM Cortex-M)
  • Include an Update Library and a static Bootloader
  • Can be integrated in client or server operation
  • Support for In-Application Programming (IAP)
  • Support for MCU with Dual Bank or Single Bank Flash
  • Support for external Flash (on request)
  • Can run alongside a RTOS or in Bare Metal
  • Support for encrypted firmware image using AES-CBC
  • Integrity verification of firmware (CRC32, MD5, SHA-1, SHA-224, SHA-256, SHA-384 or SHA-512)
  • Authentication of firmware using HMAC
  • Signature of firmware using RSA or ECDSA
  • Fallback support (restore previous firmware version if needed)
  • Anti-rollback support (prevent installing a previous firmware version)
  • CLI tool running on Windows or Linux to build a secure firmware image (can encrypt the firmware and compute an integrity tag, an authentication tag or a signature)
Secure Firmware Update
Secure Firmware Update

Easy to use with TCP/IP Protocols

With our experience on TCP/IP protocols we can provide you with a ready-to-use Ethernet Bootloader by bundling CycloneBOOT with CycloneTCP (TCP/IP stack), CycloneSSL (TLS library) and CycloneSSH (SSH library). You could for example fetch the new firmware image over Internet (LAN, Wi-Fi, Cellular Modem) using protocols like:

  • TFTP / FTP / FTPS
  • HTTP / HTTPS
  • MQTT / MQTTS
  • SFTP / SCP ...

Supported Microcontrollers

  • STM32L4
  • STM32F4
  • STM32F7
  • STM32H7
  • STM32U5

Supported Toolchains / Compilers

Toolchain / IDECompiler
MakefileGCC
IAR Embedded WorkbenchEWARM
Keil MDK-ARMARM Compiler v5, ARM Compiler v6 (CLANG)
Segger Embedded StudioGCC
ST STM32CubeIDEGCC

Download CycloneBOOT

Both Open Source and Evaluation packages of CycloneBOOT can be obtained from this page.

Note: These packages also include CycloneTCP (TCP/IP stack) and various third-party software (BSP drivers, HAL layers, RTOS, etc.) for demonstration purpose.

CycloneBOOT Release History

This section provides version history and main changes.

VersionDateLinksChanges
3.0.2Feb. 5, 2024Open | Eval
New
  • Added support for In-Application Programming (IAP) using Single Bank MCU without necessitating an external memory (demo project available for STM32F769I-EVAL evaluation board)
  • New evaluation boards supported (Nucleo-L496ZG, Nucleo-F429ZI, Nucleo-F767ZI, Nucleo-H7A3ZI-Q, STM32F769I-DISCOVERY)
Improvements
  • Clearly distinguished IAP Single Bank demos: those requiring external flash (iap-single-bank-ext-mem/) and those using only MCU internal flash (iap-single-bank/)
3.0.0Dec. 18, 2023Open | Eval
New
  • Various demonstration projects for Nucleo-U575ZI-Q, Nucleo-H743ZI2, STM32429I-EVAL, STM32F769I-EVAL and STM32H753I-EVAL2 evaluation boards
  • Revamped READMEs for our demonstration projects, making them much more user-friendly and easy to understand
Improvements
  • Internal re-structuring of modules for better code reuse
  • Reorganization of memory related functions for more flexibility and portability across different use cases
  • Improvements to ImageBuilder PC utility (formerly AppImageBuilder) to better manage boot offset required by different MCU families
  • CycloneCRYPTO library has been updated to version 2.3.4
2.1.0Dec. 23, 2022Open | Eval
New
  • Introduction of new error codes for specific firmware update related error scenarios. The list of error codes will be expanded gradually in upcoming releases.
  • AppImageBuilder CLI utility has been completely overhauled. The source code for the utility is also now available. Multiplatform support (Windows/Linux) alongside POSIX compatible CLI parameters/flags have been added. CMake based toolchain is now used to build the project and to facilitate compilation on a number of different OS’s.
Improvements
  • CycloneCRYPTO library has been updated to version 2.2.0
  • Reorganization of security related (authentication, signature, and integrity verification) modules into a separate package to better code reuse
  • All HTTP server demo projects will now display a message in the HTML UI, if an error occurs during firmware update process
  • Added new demonstration projects for Nucleo-H743ZI2 (HTTP Server Dual Bank Demo, HTTPS Client Dual Bank Demo)
Bugfixes
  • Reworked ECDSA verification process
  • Correct some edge-cases related to Single Bank update image processing (with the static bootloader)
2.0.2Jul. 29, 2022Open | Eval
New
  • Added new demo boards (Nucleo-STM32H7A3-ZIQ, Nucleo-STM32L496-ZG, SAME54-Xplained-Pro)
  • Added new demo projects on STM32 evaluation boards (IAP Demo through USB/RNDIS with HTTP Server protocol, IAP Demo through UART with Y-Modem protocol)
Improvements
  • Improved parsing process for the image update
2.0.0Mar. 25, 2022Open | Eval
New
  • Added support for Single Bank MCUs
  • Added support for external flash memory devices through an abstraction layer
  • Included a static bootloader to perform advanced firmware update scenarios
  • Added support for Fallback & Anti-rollback features during firmware update
  • Added demo projects for STM32 targets (Nucleo-F429ZI, Nucleo-F767ZI, STM32F769I-DISCO evaluation boards)
Improvements
  • CycloneBOOT architecture has been revamped to incorporate Single Bank MCU support (with external memory)
  • Expanded Cryptographic algorithms support for firmware security
  • Added a Linux binary of ApplicationImageBuilder utility, used to create firmware update images
1.0.1Apr. 09, 2021Open
  • Legacy CycloneBOOT demonstration package (IAP library) for STM32F4 and STM32F7 MCUs with Dual Bank internal MCU Flash