A firmware upgrade solution based on hardware unique ID and SM4 cryptographic algorithm

This article presents and implements a firmware upgrade solution for embedded systems, which aims to address the vulnerability of using the same file that can be easily copied or stolen. When upgrading firmware, a txt file is sent by the upper-level software, which is encrypted using the SM4 algorithm. This encryption is based on a hardware-unique ID and a pre-stored upper-level software-unique ID, which act as encryption keys. During the upgrade, a secure downloader utilizes its hardware-unique ID and a pre-stored upper-level software-unique ID as decryption keys to decrypt the file. If the decryption key does not match the encryption key, the decrypted txt file will not be readable. Once decrypted, the firmware is downloaded to the target device using BSL (Bootstrap Loader) technology. Practical tests have shown that this method can achieve "one file, one key," effectively preventing unauthorized use of the upgraded firmware.