Hi Recently more and more companies want to add security (authentication and/o r encryption) to their devices firmware install/update process. Typically t his is done by storing a secret encryption key in bootloader or elsewhere i n internal MCU flash. This should work if bootloader is installed in secure facility by trusted people. But then manufacturing is outsourced/offshored and then what? I do not want to send my precious key to China. So, I wonde r whether it is possible to design an algorithm or process for secure firmw are installation and updates while initial firmware is installed by a facto ry in China. Typically my devices have JTAG, some other port (UART, etc) an d often wireless (WiFi or Bluetooth). Note: moving all newly manufactured d evices to a secure location and reflashing via JTAG would be too expensive. This problem seem to be very common now, there must be some common solutio ns, are there? If pure software solution is not possible, are there some ha rdware assisted solutions? I guess if a chip would include a hardcoded inac cessible private key and assymetric decryption module, this would solve thi s problem, would it? Are there such chips?
Thank you