Secure Bootloader

Problem Solved

Unleash your STM32-based IoT device with a secure bootloader and FOTA update solution with delta patching capability.

Get state of the art security, application integration, build-system integration, APIs, full source code and support so you don't have to worry about how you're going to securely update your IoT device firmware in the field.

Secure Bootloader IoT Device Internal Flash Layout


  • Image authentication with ECDSA.
  • Image encryption with AES.
  • Download and install patches containing only differences with new firmware.
  • Dual image capability. 3
  • Works with IAR, Keil or Cube IDEs.
  • Includes firmware image preparation tool (requires Python).
  • Simple and easy to use firmware update APIs.
  • Full source code provided.


  • Allows your product's firmware to be safely and securely updated in the field.
  • Prevents unauthorized 3rd parties from installing malicious firmware. 2
  • Delta patches offer smaller downloads reducing time-on-air costs like network access fees and battery consumption. 1
  • Get a bootloader, security, OTA update and STM32 MCU expert to perform the integration and guide you and your staff to firmware update bliss.
  • Get a tested and working solution up and running fast.




Secure bootloader, basic updater APIs, project and application integration and testing [Required]. $10,000 CAD (~$7800 USD)
Delta Patching module [Required for delta patching capability]. $5,000 CAD (~$3800 USD)

Library to safely handle HTTP GET download through a cell modem (e.g. BG96) file system [Optional].

$2,000 CAD (~$1600 USD)




// Initialize the patching engine in preparation for update.
uint32_t SFU_APP_Init(uint32_t uFileSize);

// Supply patch data to the patching engine.
// Data can be supplied in chunks of any size to adapt to any
// OTA download method.
uint32_t SFU_APP_Data(uint8_t *pData, uint32_t uSize);

// Complete the patching operation.
uint32_t SFU_APP_Finish();

// Get the currently installed firmware version.
SE_ErrorStatus SE_APP_GetActiveFwInfo(SE_StatusTypeDef *peSE_Status, SE_APP_ActiveFwInfo *p_FwInfo);



  • Git project (re)structured appropriately.
  • SBSFU application, this is the bootloader exectable.
  • SECORE application, this the secure core and patching engine, hosted inside the bootloader but built separately.
  • TestApp application, a sample application that demonstrates bootloader functionality.
  • Your application, suitably modified as you require to work seamlessly with the bootloader and the FOTA update system.
  • Python tool to generate the secure firmware patch for distribution, and the bootloader+application combined image for manufacturing.
  • Integration of the Python tool into your build system.
  • Support for ensuring update APIs work with your OTA update strategy, or implementation of the strategy as desired.


See the bootloader in action in this demonstration.

The Fine Print

  1. Actual delta patch compression ratio depends on application program structure and number of differences between versions.
  2. Secure root of trust must be established by enabling RDP Level 2 at time of production.
  3. Device must have enough internal flash space to hold two complete copies of the application firmware (now and projected), swap sector (4K) and secure bootloader (44K typical but various on features, trace level, compiler).
  4. Integration requires access to repository in GitHub or Bitbucket or similar Git-based DVCS.
  5. A UART debug port should be available on your device to help verify and validate the bootloader operation.
  6. Organizations based in Canada are charged 5% GST.
  7. Components licensed under ST Ultimate Liberty license and Firmware Modules Binary license.  The bootloader may only be distributed on ST devices and in binary form on devices you make.
  8. You get support for the life of your product.  That's right - if there's something wrong with the bootloader or FOTA update system, keep us in the loop.



Get Your Bootloader Now