Something simple? If this is for a commercial product, I think you would be interested in security against copying. A very simple bootloader means that with each firmware update you give out the whole application in a way that it may be easily cloned.
Encryption is one method of protecting your app. But it alone may not be enough.
I go one step further by making the 'bootloader' app include the whole OS (if you don't use an OS, replace the term with 'commonly used library functions'). This is well-tested code proven over time that is very unlikely to require modifications, and even if a bug is found after deployment, it can be worked-around in the application itself. It also allows the device to be upgradeable in a more professional way (e.g., over the Internet for network-enabled devices) that the simple bootloader with limited code resources could not provide.
This method means the application file given out is always far less than the complete code needed to run it. The bootloader is always loaded at the factory and the MCU's internal security protects it from being cloned.
Possible firmware updates are always small, encrypted, and never complete apps that someone may clone in the unlikely yet possible event encryption is broken.
I should also point out that if encyption is broken, someone could write a small app to copy your bootloader off your device, getting access to your complete app code. If you need to protect against this possibility, make sure you add some proprietary CRC checking while loading the firmware file so that 'foreign' files won't be accepted.
Message Edited by tonyp on
2008-11-15 12:22 PM