Secure STM32 Bootloader
Planned: robust in-application firmware update with integrity checks
Status
Planned
Entry
Controlled, on next reset
Integrity
End-of-flash CRC
Safety
Boot-loop prevention
01Overview
A planned bootloader that makes STM32 firmware updates safe and recoverable. The design centers on validating image integrity before handing control to the application and on never bricking the device, even if an update is interrupted or corrupted.
02Problem Statement
Field firmware updates are risky: a partial flash, a corrupted image, or a bad build can leave a device unbootable. A bootloader's job is to make updates safe and recoverable.
03Architecture
An in-application command interface requests an update and arms a controlled bootloader entry that takes effect on the next reset, with the intent persisted in backup registers so it survives the reset.
On boot, the loader performs an end-of-flash CRC validation to detect corrupted images and refuses to jump to a bad application, with boot-loop prevention so repeated failures don't trap the device in a reset cycle.
04Technical Challenges
Surviving the reset boundary
Update intent must persist across a reset. Backup registers are the mechanism for carrying that state from the application into the bootloader after reset.
Never bricking the device
End-of-flash CRC validation plus corrupted-image detection and boot-loop prevention together ensure a bad image is caught and the device stays recoverable rather than stuck.
05Implementation Details
Planned capabilities
In-application command interface; controlled bootloader entry on next reset; backup-register persistence of update intent; end-of-flash CRC validation; corrupted-image detection; and boot-loop prevention.
06Key Engineering Decisions
Integrity before execution
Validating the image with a CRC before jumping to it is the central safety guarantee: execution only happens once the image is proven intact.
07Future Improvements
- Implement and bring up the loader on STM32 hardware.
- Add a dual-bank / fallback image strategy for atomic updates.
- Layer signature verification on top of CRC for authenticity.
08Media & Documentation
Visual documentation for this project. Placeholders below are reserved for assets being produced during development.
Open to opportunities
Seeking Fall 2026 embedded / firmware / hardware co-op.
If you're hiring for embedded, firmware, or hardware roles, I'd be glad to talk through my projects and how I work. The fastest way to reach me is email.
