Putting the Firm into Firmware: GlobalPlatform Aims to Secure the Edge

By Cynthia S. Artin November 28, 2017

One of the most difficult challenges companies deploying scaled up IoT solutions today is managing for tomorrow. Given that standards in the world of connected things are still up in the air, and given the "gold rush" effect of hundreds of companies now producing sensors, actuators, gateways, clouds, applications and full business solutions, the potential for fragmentation is tempering investment and slowing down decisions inside of large enterprises to move forward.

The fear? Obsolescence, not always planned, but often an "unintended consequence" should an IoT start up go south, or when new, better software appears.

The natural nature of the IoT is dispersed and decentralized, and with the millions, billions and now trillions of endpoints being predicted to go live between now and 2025, it's no wonder decision makers are stopping to think about what managing the edge (and all other elements) will really require, including the security of systems which are now in the "wild, wild west" according to some.

Today, GlobalPlatform, a non-profit organization which describes itself as "the standard for secure digital services and devices," published the "Open Firmware Loader for Tamper Resistant Elements" otherwise knowns as OFL.

This free and open specification standardizes how secure element (SE) firmware – combining the secure operating system (OS), applications and data – can be remotely loaded and managed onto a SE such as SIM, embedded SE or eUICC / eSIM, or integrated SE even after a device has been issued.

Managing the lifecycle of any hardware/software technology service is hard. What GlobalPlatform seems to be doing is reducing the risk of a device's shelf life, offering software that supports "in-field OS and firmware provisioning, device refurbishment, backup / restoration of the SE and the secure transfer of a customer profile to a new device."

Security by design in mind, the the OFL scheme, when adopted by handset manufacturers, service providers and firmware implementers "can build a new privacy-by-design ecosystem where services can be securely deployed and updated on connected devices," according to the news release.

“The growth of embedded SEs is driving the development of new solutions as, previously, there has not been a standardized way to load the OS to an eUICC after the smartphone has been produced,” says Gil Bernabeu, Technical Director of GlobalPlatform. “With the OFL protocol, the selection of an OS can be delayed until the device reaches its destination. So, if a smartphone is manufactured in one country, for example in China, a country-specific OS can be loaded to the eSIM or integrated SE once it reaches France, or the U.S. What’s great is that this also brings greater flexibility further down the line. Smartphones, connected cars or any other device with an embedded or integrated SE often have more than one owner during their lifecycle. OFL ensures a new OS can replace an existing one and, importantly, a personalized OS and its services can be securely transferred to a new device.”

The OFL protocol enables the industry to:

  • Distribute generic and blank (no firmware/operating system) embedded hardware featuring a standardized loading mechanism. This enables firmware from various developers to be loaded, with policy enforcement, after the issuance of the device.
  • Solve the logistical challenge of distributing devices to fragmented markets with low volume.
  • Distribute new firmware once the device has been issued to address additional use cases.
  • Mitigate the challenges of loading firmware containing diversified data into embedded hardware during manufacturing.
  • Use a standardized loader, shared between multiple silicon makers, allowing firmware implementers to produce loadable OSs.
  • Ensure perfect forward secrecy and confidentiality between firmware makers easing compliancy with the latest data regulations (GDPR).

“This is an important specification for the embedded community," saod Gil Bernabeu, Technical Director, GlobalPlatform. "The Open Firmware Loader supports the innovation and sustainability of the embedded SE ecosystem by opening up new use cases while supporting strong security and privacy by design model. Device manufacturers can now get their equipment to their destination before loading operating systems. IoT devices can be effectively refurbished. Data and applications can be remotely loaded and in a standardized way.”

GlobalPlatform's industry association brings together 100 member companies. Members share a common goal to develop GlobalPlatform’s specifications, which are today highly regarded as the international standard for enabling digital services and devices to be trusted and securely managed throughout their lifecycle.

Market sectors adopting GlobalPlatform technology include automotive, healthcare, government and enterprise ID, payments, premium content, smart cities, smart home, telecoms, transportation, and utilities.

Edited by Ken Briodagh

Contributing Writer

Related Articles

Real World Use Cases for Intelligent Edge Infrastructure

By: Ken Briodagh    4/26/2022

The Intelligent Edge is being integrated into nearly every industry and now that aging infrastructure is being updated all over the world, Intelligent…

Read More

Are Energy and Utility Companies in Position to Generate New Revenues through 5G Services with Existing Physical Infrastructure?

By: Matthew Vulpis    4/11/2022

The recent, rapid rise of digitalization has brought with it a vast number of devices and applications revolutionizing the way daily processes get don…

Read More

Telco Global Alliance Introduced at Mobile World Congress: Linux Foundation Unveils CAMARA

By: Juhi Fadia    2/28/2022

In a surprise move that had everyone buzzing at Mobile World Congress in Barcelona today, the Linux Foundation, in collaboration with the GSMA, introd…

Read More

Supermicro Delivers Intelligent Edge

By: Maurice Nagle    2/17/2022

Supermicro announced the SuperEdge server, developed for environments demanding high-density compute and I/O in a small form factor. Optimized for Edg…

Read More

Industrial IoT Evolution at the Edge Picks Up the Pace with IOTech's Edge Xpert 2.1 Supporting EdgeXFoundry

By: Special Guest    2/3/2022

With the transformative influence of IoT innovation over various industries, there have been a plethora of new solutions pioneered that have evolved h…

Read More