Skip to content
All projects
FirmwarePlannedPlanned

Secure STM32 Bootloader

Planned: robust in-application firmware update with integrity checks

Status

Planned

Entry

Controlled, on next reset

Integrity

End-of-flash CRC

Safety

Boot-loop prevention

01Overview

A planned bootloader that makes STM32 firmware updates safe and recoverable. The design centers on validating image integrity before handing control to the application and on never bricking the device, even if an update is interrupted or corrupted.

02Problem Statement

Field firmware updates are risky: a partial flash, a corrupted image, or a bad build can leave a device unbootable. A bootloader's job is to make updates safe and recoverable.

03Architecture

An in-application command interface requests an update and arms a controlled bootloader entry that takes effect on the next reset, with the intent persisted in backup registers so it survives the reset.

On boot, the loader performs an end-of-flash CRC validation to detect corrupted images and refuses to jump to a bad application, with boot-loop prevention so repeated failures don't trap the device in a reset cycle.

04Technical Challenges

Surviving the reset boundary

Update intent must persist across a reset. Backup registers are the mechanism for carrying that state from the application into the bootloader after reset.

Never bricking the device

End-of-flash CRC validation plus corrupted-image detection and boot-loop prevention together ensure a bad image is caught and the device stays recoverable rather than stuck.

05Implementation Details

Planned capabilities

In-application command interface; controlled bootloader entry on next reset; backup-register persistence of update intent; end-of-flash CRC validation; corrupted-image detection; and boot-loop prevention.

06Key Engineering Decisions

Integrity before execution

Validating the image with a CRC before jumping to it is the central safety guarantee: execution only happens once the image is proven intact.

07Future Improvements

  • Implement and bring up the loader on STM32 hardware.
  • Add a dual-bank / fallback image strategy for atomic updates.
  • Layer signature verification on top of CRC for authenticity.

08Media & Documentation

Visual documentation for this project. Placeholders below are reserved for assets being produced during development.

State diagramApp → reset → bootloader → validate → jump
Asset pending
Flow diagramCRC validation and fallback path
Asset pending

Open to opportunities

Seeking Fall 2026 embedded / firmware / hardware co-op.

If you're hiring for embedded, firmware, or hardware roles, I'd be glad to talk through my projects and how I work. The fastest way to reach me is email.