P R O D U C T
CodeMeter µEmbedded
Microcontrollers are used in more and more critical applications like pump controls, servo inverters, sensors with field bus
connections, and smart meters. This makes protecting their firmware – during production and in all later updates – an essential
factor for the safety of users and the commercial success of the businesses involved. Several security rules need to be followed:
Code integrity: Controllers must
only load firmware from a trusted
source, with a reliable guarantee
that it has not been tampered with.
Secrecy: Firmware must not
be readable on their way into
the controller to prevent reverse
engineering and copying.
Authorization: Code can only
be loaded and decrypted in the
authorized and licensed controller.
Licensing: Features can
activated with secure licenses.
be
Based on the popular CodeMeter solution for
desktop and embedded systems, CodeMeter
µEmbedded was developed specifically with
the needs of microcontroller-operated systems
in mind: code integrity, license controls,
protection against reverse engineering,
and copy protection. Everything with a tiny
footprint of approximately 60KB.
CodeMeter μEmbedded protects the
controller’s firmware against tampering,
reverse engineering, and illicit copying
during transmission and update processes.
It also empowers OEMs (whose software is
running on the controller) to add or authorize
additional features in their software or
hardware in later license updates, putting
even more capabilities at the disposal of the
end user without having to change the device
in question.
The XMC4500 controllers are initially
programmed by the OEM in a secure
environment, where the secure Boot Strap
Loader (BSL) is added and an individual
license file is created, bound to the chip ID,
and loaded onto the microcontroller. The BSL
includes the ExEngine, CmActLicense, and
CodeMeter µEmbedded, all of which work
together to decrypt the firmware when it is
needed. Once completed, the BSL and license
can only be modified by the OEMs themselves,
since the copy protections of the XMC prevent
any changes to the loader in the field.
The OEM develops the firmware in Infineon
DAVETM or a similar environment and can
then execute the encryption capabilities of
ExProtector via a visual DAVE plug-in. This
creates an encrypted version of the firmware
that can be loaded onto the controller or
sent as a secure update file even via