Security for microcontrollers with IP protection and licensing

All products are designed to beat the competition. The effort that went into their development should pay off for as long as possible. This article explains how to shield microcontrollers with a level of protection on a par with larger  systems – without having to dive into the depths of cryptography.

By Marco Blume, Wibu-Systems              Download PDF version of this article

Microcontrollers are all around us: Digital watches at our wrists, smartphones in our pockets, tablets on our desks. Light switches in our smart homes. In the cars in our garage. Not to mention the clever little coffee maker on the countertop. Wherever we turn, we see devices that have long left the era of “on and off” switches behind. This has added so much comfort to our lives. Nowadays, watches can read emails, and air conditioning knows when we are in the room. Satnav systems knows where traffic is heaviest. Our smartphones know where we are heading, because our calendar is synced across all of our devices.

That is one side of the coin: The brave new comfortable world. There is another side we need to remember: the challenge of protecting our data, shielding our networks from attack, and not falling prey to software or hardware pirates. Just like a new home owner would never move in without locks installed on doors and windows, the design of intelligent devices also needs protection from the very start. But the entire package needs to fit – the most modern lock will not keep criminals out if the door itself is a thin sheet of plywood. This example should remind developers that they need to see security holistically in the design process to end up with a completely integrated solution against as many attacks as possible.

The level of protection depends on the quality of the measures taken and later compliance. This is where many developers enter unfamiliar terrain. Most are specialists in their areas and not experts for cryptography or secure software design. Users would ideally not be reminded of any security matters at all, and security must not hike up the costs.

The predictions for IoT applications are mind-bending: The IoT is expected to contribute around $15 trillion to global GDP in the next 20 years (source: General Electric), with 28.1 billion units installed by 2020 (source: IDC). These are not only impressive figures; they are also a wake-up call for the security issues created by the IoT revolution. Wibu-Systems has teamed up with Infineon to develop CodeMeter μEmbedded, an efficient firmware protection for systems using the XMC4000 microcontroller family, especially in the Industrial IoT. This article presents the integration on an XMC microcontroller as an example that can be adapted to nearly any other microcontroller platform. The functional principle stays the same.

The IoT comes in many shapes and sizes: Industrie 4.0 or smart homes and smart cars. What they all need is uncompromising security. Typical use cases include the authentication and licensing of components, monitoring and protection of system integrity, protection of data and communication channels, and the safety of upgrades and updates. This needs integrated solutions based on secure hardware to protect our infrastructure and its many components against attacks, fraud, and manipulation. Since all embedded systems used in the IoT are built around microcontrollers, this is the first line of defense.

Figure 1. The components involved at the developer and in the XMC controller


The challenge for secure microcontrollers lies in making the chosen solution simple to integrate and usable even under tough industrial conditions. Wibu-Systems has developed CodeMeter μEmbedded based on its CodeMeter technology. The solution focuses on secure firmware updates and feature upgrades. Code integrity, license monitoring, protection against reverse engineering, and copy protection are key.

Safety (for the user) is not an issue – the laws in this area are legion. Security (for the device) is, however, not guaranteed by similar legislation or universally accepted regulations. The CodeMeter µEmbedded use cases cover the most common security aspects. 1. Integrity protection: The microcontroller must only work with firmware from a defined source that must not be changed without proper authority. 2. IP protection: Users in the field need to be able to load the firmware, so it needs to be protected against reverse engineering. 3. Licensing: There should be an option to activate additional features via licenses upgrade without replacing the firmware in the field. In their mission to give developers an easy-to-use solution, Wibu-Systems and Infineon have pooled their resources in one package: Version 4 of Infineon’s DAVE development tool is available as a free download. The Eclipse-based platform makes software development easy with a vast periphery and application-oriented code repository. The developer can use commercial third party tools to translate the C source code for ARM and load it into the microcontroller. This covers the entire development cycle from first evaluation to the final product, while giving the developer maximum autonomy for fast and efficient platform-driven software and product development.

Figure 2. Firmware is encrypted by the SBSL and remains in the XMC controller.


CodeMeter µEmbedded was developed specifically for microcontrollers and Field Programmable Gate Arrays (FPGAs). Larger systems like PLCs or PCs can use two other, fully compatible flavors of the technology: CodeMeter Embedded and CodeMeter Runtime. CodeMeter µEmbedded comes with a minimal footprint of less than 80 kByte, which was achieved by slimming the solution down to the minimum features for its intended use cases. The licenses are bound to the unique ID of the microcontroller and entitled during production. With the right license file, additional features can be activated in the field.

Figure 3. The developer creates a license and upgrades features without changing the firmware.


CodeMeter µEmbedded can also be used to store symmetric and asymmetric keys in protected memory. These keys can then only be used on devices with the right ID e.g. to check device licenses, track production volumes, or load encrypted application code onto the devices. The users benefit from the ability to use familiar tools like DAVE and CodeMeter Protection Suite, which handle all cryptographic operations. A new plug-in for DAVE gives the developers a neat interface to configure their XMC4000 microcontrollers and create encrypted firmware updates or license files.

The XMC4000 family of microcontrollers for industrial applications was made with digital power converters, electrical drives, and sensor devices in mind. All XMC4000 microcontrollers work at temperatures up to +125° C. They use ARM Cortex M4 processors with built-in DSP capabilities, Floating Point Unit, Direct Memory Access (DMA), and a Memory Protection Unit (MPU). The extensive periphery includes analog / mixed-signal converters, high-resolution timers / PWM channels, and interfaces for all common industrial communication standards. The XMC4800 series comes with on-chip EtherCAT (Ethernet for Control Automation Technology) for simple and cost-efficient real-time Ethernet communication.

The solution is built on a Secure Bootstrap Loader (SBSL) injected into the XMC controller during production. It accesses a CmActLicense bound to each controller that contains the keys to decrypt the firmware. After the SBSL and license are loaded, the controller switches into read-protected mode. Communication with the firmware only goes via the SBSL launched on start-up. The protection effort begins during the initial development at the OEM. The developers can use their accustomed tools and methods and create a firmware v1.0 in DAVE, which comes with a dedicated plug-in for ExProtector by Wibu-Systems. DAVE also creates a project for the SBSL. The developer only needs to reserve memory on the dongle for the required keys, and the SBSL can be loaded directly into the XMC controller. This is the only time that the firmware developers have to concern themselves with the security solution. Even secure key storage is made easy: the keys are stored right on the dongle.


Ultra-Low Voltage 8Mb Serial NOR Flash Memory

Winbond’s ultra-low voltage serial NOR Flash memory can work between 1.14V to 1.60V, which covers most of the single AA battery operation voltage range.  The lower Vcc can reduce the power ...


Taking SiC Mainstream: The Story of Littelfuse Power Semiconductors

Since 1964, Littelfuse has brought its legacy of stability and reliability in circuit protection to the power semiconductor space. Now, the company is pioneering a series of in-house technology breakt...

Intel and Wind River Lead Technology Innovation Delivering Resilient and Secure Functional Safety Solutions

Together, industry leaders Wind River and Intel are delivering innovative Industrial IEC 61508 functional safety certification solutions that reduce project risk. A holistic approach is used to combin...

Wind River Titanium Control Advances Industrial IoT

Gareth Noyes, Chief Strategy Officer at Wind River introduces Wind River Titanium Control, a software platform that enables critical infrastructure companies to cost-effectively evolve aging legacy co...

WSI's OLED Professional innovations create more value for You.

WSI are the PMOLED manufacturer and our factory located in Chun-Nan in Taiwan. Our products are the market leader and pioneer in PMOLED module, including the monochrome, area colors and full color one...

SKIPPER UBT21 - a Bluetooth 4.0 USB serial adapter for industrial and medical use

SKIPPER UBT21 is a Bluetooth 4.0 USB serial adapter for industrial and medical use. It incorporates a Bluetooth Dual-Mode Stack, supports ranges of up to 300 meters and transferrates of 720 kbit/s (ne...

Three of a kind - Versatility based on Low Power ARM Cortex-A15

At this year's Embedded World, MEN has presented three low power, ARM Cortex-A15-based solutions on different form factors: a VMEbus SBC, an industrial box PC and a COM Express Mini module. All so...

Enabling Embedded IoT

Eurotech, a long-time leading provider of embedded systems and a global leader in IoT enablement, showed its new modules and Multi-service IoT Gateways at Embedded World 2017. The newly introduced Eu...

PLS’ UDE and new UAD2next allow more powerful trace analysis of embedded multicore systems

The new Universal Debug Engine 4.8 from PLS Development Tools offers a bunch of new and improved features for trace analysis of embedded multicore systems. With the new access device UAD2next PLS cont...

Disruptive technologies

Rahman Jamal, Global Technology & Marketing Director, National Instruments, talks about disruptive technologies in the consumer world, but also in measurement, automation, and the embedded industr...

AdaCore Announces Availability of QGen Debugger at Embedded World 2017

Jose Ruiz, technical lead at AdaCore for the company's QGen automatic code generator toolset for model-based development, discusses that product and explains what differentiates it from other prod...

SECO IoT roadmap: from the proof of concept to the market

During Embedded World 2017 Gianluca Venere, SECO Director of Global Sales, leads us to discover the company's Industrial IoT roadmap showcased at SECO's main booth, along with the latest UDOO ...

Internet of Chocolate

HCC show off an embedded chocolate vending machine using MQTT to connect to a broker in the cloud. There is an important message behind this cool demo – security and reliability of embedded soft...