Firmware Update Evaluation and Certification – TÜViT offers new evaluation service for embedded systems microchips

21.05.2021 | Essen: TÜViT’s new evaluation and certification approach offers an isolated view on the firmware update mechanism, allowing to certify its security without looking at other functionality. The result is a Trusted Product certificate, with which chip manufacturers can objectively prove that their firmware updater meets the highest security requirements.

Firmware is an essential part of today’s embedded electronics. Its authenticity and integrity is a key factor to ensure product security and safety of embedded systems, e.g. smart x-IoT products getting connected to the internet. While firmware updates are intended to improve the product’s functionality in the field, they are also the ideal mechanism for attackers to hijack a product. This was demonstrated by security researchers in 2015: they were able to remotely control steering and brakes of an SUV. Although the vehicle’s genuine firmware would not have allowed such access, the attackers could easily upload their own firmware, giving them full access to the car.

For this reason, TÜV Informationstechnik GmbH (TÜViT) has developed a new approach that makes it possible to test and evaluate the isolated firmware updater, irrespective of the actual solution-specific firmware. This is because this update mechanism, if not carefully designed and implemented, can turn into the prime attack path for any embedded product.

Existing certification schemes address the entire security of product- or industry-specific functionalities of the component or system and only add the requirement for a (secure) firmware uploader as a small part of the certification. This makes it difficult for general purpose chip manufacturers to certify their chip: During chip development and even during production, the actual use case (and the corresponding firmware) is often not fully known, but chips are stockpiled for future sales. However, the chips must at least contain a rudimentary firmware updater to allow initialization of these chips once they are sold to a customer. This firmware updater can now be tested and certified by TÜViT. 

To meet time-to-market and cost considerations, TÜViT’s new evaluation service relies on a timeboxed evaluation concept. Three different assurance levels (basic, substantial, high) reflect various attacker’s potential by different timebox lengths. In addition to several mandatory requirements, the evaluation can be enhanced by choosing optional requirements, e.g. encryption of updates or the use of post-quantum secure algorithms. Unique to TÜViT’s concept is the (optional) addition of a failure handling routine for failed updates: while for standard security hardware (e.g. a credit card chip), stalling is a viable option, embedded systems controlling safety critical functions might need to continue operation with possibly limited functionality. For example, neither an automotive ECU nor a (smart) smoke detector should stop working due to a failed update but should rather switch to some emergency functionality mode or fall back to the previously loaded firmware.

As of today, TÜViT offers testing and certification of firmware update loaders according to this new approach.


TÜV Informationstechnik focuses solely on security in information technology and, as an independent testing service provider for IT security, is an international leader. Its portfolio includes cyber security, software and hardware evaluation, IoT/Industry 4.0, data protection, ISMS, smart energy, mobile security, automotive security, eID and trust services as well as the testing and certification of data centers for physical security and high availability.

TÜV Informationstechnik, founded in 1995 and headquartered in Essen, Germany, is a member of the TÜV NORD GROUP, one of the world's largest technology service providers with over 14,000 employees and business activities in 100 countries worldwide.

Professional contact
Verena LingemannEditor

Tel.: +49 201 8999-658
Fax: +49 201 8999-888
Recommend this page: