Combined Image#
The combined image is a single image which is obtained by combining the NWP and M4 images. The process of creating the combined image involves encrypting both the NWP and M4 images, and then adding a RPS header and signature. In the case of non-secure firmware, we will not be adding the signature.
The Combined Image RPS header format will be the same as the M4 RPS header format with few reserved bytes changes.
The signature for complete combined image will be calculated and appends at the end of image.
MIC computation and signature can be used to maintain integrity and confidentiality of the combined image.
Encryption of combined image is discarded as it will add overhead for firmware to decrypt and store into flash location. The NWP and M4 images are individually encrypted.
Note: For more information on combined image generation, refer to UG574: SiWx917 SoC Manufacturing Utility User Guide.
Importance of Secure Over-the-Air Updates with Combined Images#
Over The Air (OTA) updates have become a popular way to update device firmware, ensuring that devices have the latest features and security enhancements. However, the security of OTA updates is critical, as attackers can exploit vulnerabilities in the update process to gain unauthorized access to devices and data.
To address this, combined firmware images are now used for OTA updates. These images contain multiple firmware components, simplifying the update process, and reducing the risk of errors or incompatibilities.
To ensure security, digital code signing is used to verify the authenticity of the combined image, while encryption protects the image during transmission to prevent unauthorized access and tampering.
These measures provide robust protection, ensuring that OTA updates are performed safely and securely, without compromising the confidentiality or integrity of the device.
Overall, OTA updates using combined firmware images are important for device manufacturers and end-users, enabling convenient and secure device firmware updates.