Securing firmware updates
Depending on the industry, only authorized firmware from the manufacturer, supplier, or enterprise should be flashed onto the device. To ensure this takes place, a robust update mechanism must be used upon download, of firmware and when applicable, for updating functions pertaining to third-party software or libraries. A cryptographic signature should be used for all firmware to allow for verification that files have not been modified or otherwise tampered with since the developer created and signed them. The signing and verification process uses public-key cryptography and it is difficult to forge a digital signature (for example, a PGP signature) without first gaining access to the private key. When using public-key cryptography, it must be stored securely and not exposed to unintended parties. In the event a private key is compromised, developers of the software must revoke the compromised key and will need to re-sign all previous firmware releases with the new...
