Putting the Firm into Firmware: GlobalPlatform Aims to Secure the Edge

By Cynthia S. Artin November 28, 2017

One of the most difficult challenges companies deploying scaled up IoT solutions today is managing for tomorrow. Given that standards in the world of connected things are still up in the air, and given the "gold rush" effect of hundreds of companies now producing sensors, actuators, gateways, clouds, applications and full business solutions, the potential for fragmentation is tempering investment and slowing down decisions inside of large enterprises to move forward.

The fear? Obsolescence, not always planned, but often an "unintended consequence" should an IoT start up go south, or when new, better software appears.

The natural nature of the IoT is dispersed and decentralized, and with the millions, billions and now trillions of endpoints being predicted to go live between now and 2025, it's no wonder decision makers are stopping to think about what managing the edge (and all other elements) will really require, including the security of systems which are now in the "wild, wild west" according to some.

Today, GlobalPlatform, a non-profit organization which describes itself as "the standard for secure digital services and devices," published the "Open Firmware Loader for Tamper Resistant Elements" otherwise knowns as OFL.

This free and open specification standardizes how secure element (SE) firmware – combining the secure operating system (OS), applications and data – can be remotely loaded and managed onto a SE such as SIM, embedded SE or eUICC / eSIM, or integrated SE even after a device has been issued.

Managing the lifecycle of any hardware/software technology service is hard. What GlobalPlatform seems to be doing is reducing the risk of a device's shelf life, offering software that supports "in-field OS and firmware provisioning, device refurbishment, backup / restoration of the SE and the secure transfer of a customer profile to a new device."

Security by design in mind, the the OFL scheme, when adopted by handset manufacturers, service providers and firmware implementers "can build a new privacy-by-design ecosystem where services can be securely deployed and updated on connected devices," according to the news release.

“The growth of embedded SEs is driving the development of new solutions as, previously, there has not been a standardized way to load the OS to an eUICC after the smartphone has been produced,” says Gil Bernabeu, Technical Director of GlobalPlatform. “With the OFL protocol, the selection of an OS can be delayed until the device reaches its destination. So, if a smartphone is manufactured in one country, for example in China, a country-specific OS can be loaded to the eSIM or integrated SE once it reaches France, or the U.S. What’s great is that this also brings greater flexibility further down the line. Smartphones, connected cars or any other device with an embedded or integrated SE often have more than one owner during their lifecycle. OFL ensures a new OS can replace an existing one and, importantly, a personalized OS and its services can be securely transferred to a new device.”

The OFL protocol enables the industry to:

  • Distribute generic and blank (no firmware/operating system) embedded hardware featuring a standardized loading mechanism. This enables firmware from various developers to be loaded, with policy enforcement, after the issuance of the device.
  • Solve the logistical challenge of distributing devices to fragmented markets with low volume.
  • Distribute new firmware once the device has been issued to address additional use cases.
  • Mitigate the challenges of loading firmware containing diversified data into embedded hardware during manufacturing.
  • Use a standardized loader, shared between multiple silicon makers, allowing firmware implementers to produce loadable OSs.
  • Ensure perfect forward secrecy and confidentiality between firmware makers easing compliancy with the latest data regulations (GDPR).

“This is an important specification for the embedded community," saod Gil Bernabeu, Technical Director, GlobalPlatform. "The Open Firmware Loader supports the innovation and sustainability of the embedded SE ecosystem by opening up new use cases while supporting strong security and privacy by design model. Device manufacturers can now get their equipment to their destination before loading operating systems. IoT devices can be effectively refurbished. Data and applications can be remotely loaded and in a standardized way.”

GlobalPlatform's industry association brings together 100 member companies. Members share a common goal to develop GlobalPlatform’s specifications, which are today highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

Market sectors adopting GlobalPlatform technology include automotive, healthcare, government and enterprise ID, payments, premium content, smart cities, smart home, telecoms, transportation, and utilities.

Edited by Ken Briodagh
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

Contributing Writer

Related Articles

ZEDEDA Certified Edge Computing Associate Certification to Support Growing Uses of Edge Computing

By: Alex Passett    9/6/2023

The new ZCEA certification from ZEDEDA is available through the company's Edge Academy and provides fundamental knowledge about the many benefits of e…

Read More

T-Mobile and Google Cloud Partner to Advance 5G and Edge Compute Possibilities

By: Alex Passett    6/15/2023

T-Mobile and Google Cloud are helping customers embrace next-gen 5G use cases; applications like AR/VR experiences, for example.

Read More

Aptiv PLC Acquires Wind River Systems to Enhance Software-Defined Vehicles

By: Alex Passett    1/5/2023

Dublin-based automotive technology supplier Aptiv PLC has acquired California-based cloud software and intelligent edge company Wind River Systems.

Read More

Driver Safety and Costs Keep Decision Makers Awake

By: Greg Tavarez    12/15/2022

The two things that are top of mind for SMB fleets are driver safety and financial concerns.

Read More

Tomahawk Hosts Microsoft Azure SDK on KxM Body-Worn Edge Processor

By: Stefania Viscusi    11/10/2022

Tomahawk Robotics, a provider of common control solutions, has successfully hosted Microsoft Azure SDK on its KxM edge device.

Read More