Flasher Secure
The flash programmer for authenticated off-site production

Flasher Secure is the programming device of the SEGGER Secure programming ecosystem. Through its management server, it provides full control and security over the programming process, making it the ideal solution for protecting a vendor’s intellectual property (IP) at any production site.

Compare Flasher models

Documentation

Overview

The Flasher Secure is designed to protect intellectual property to the last inch in the production process. Whether the programming system is used on-premise or at an external manufacturing company, the goal is to protect the intellectual property against unauthorized copying. Owners enjoy full control over the programming process — even when they outsource production to CMs.

The Flasher Secure is fast, robust, reliable, and engineered to handle almost all of the flash programming requirements in the industry.

Secure Programming workflow with SEGGER's Flasher Secure and emSecure — Secure Programming workflow using SEGGER's Flasher Secure and emSecure

Key features

Authenticated production with full visibility
Production volume control
Central configuration, administration, and setup of off-site ultra-fast programming
End-to-end security via Target Encrypted Link Package (TELP)
Reliability
Supports MCUs with unique IDs
Prevents production of counterfeit units
Secures production at contract manufacturers

SEGGER secure programming ecosystem

“Intellectual property” (IP) is a common feature of modern products, often residing in the firmware. It requires protection. When a contract manufacturer (CM) has access to a customer's IP, risks arise for the owner, such as unauthorized cloning of the manufactured goods or unintented leakage of the software/algorithms embedded in the target images. Due to these potential risks, it is essential for customers to maintain control over their IP volume to prevent theft and secure revenue.

Since production needs to meet various process and product requirements, various solutions for secure programming are essential. That’s why SEGGER offers a comprehensive ecosystem covering several security levels up to end-to-end security.

For more detailed information, please contact us.

Proven, reliable programming

SEGGER's secure programming solution — fully trusted and established in the field — ensures programming success while also keeping communication overhead low. The Flasher Secure device, when used as a stand-alone tool, helps to transfer software for embedded systems safely, reliably and quickly to flash memory in production. Like all other Flasher products, the Flasher Secure's reliable target interfaces ensures universal target support with maximum reliability.

Volume control via authorized programming

To set up a complete infrastructure meeting the needs of secure programming with the Flasher Secure, the Flasher Secure Server (FSS) is essential. As a key component in secure production processes, the FSS enables owners of intellectual property (IP) to manage complex production processes at the contract manufacturer (CM). Based on SEGGER’s web server emWeb, the FSS ensures centralized and flexible production management, including the possibility of restricting the volume and monitoring yield. Located in a trusted environment, the FSS serves as database and controlling entity between IP owner and CM during production processes. It authorizes every programming attempt and updates all operational data (e.g. numbers of devices, serial numbers). It also provides an interface for Flasher Secure clients and a web interface for administration in order to keep track of projects and to support intervention in the case of an unusual event.

Device authentication for protection against cloning

Preventing counterfeiting by enhancing the device’s intrinsic security is another crucial step in securing programming processes. Utilizing digital signatures allows for the identification of genuine hardware and firmware to maintain product integrity and confidentiality. Using algorithms from SEGGER’s digital signature suite emSecure, SEGGER’s Anti-Cloning Package (formerly: Hardware Authentication Package) enables unique IDs to be read from the system being programmed at the contract manufacturer’s facility. The firmware is inseparably connected to the unique ID of the target device, making it impossible to run on any device other than the intended one. This means that the hardware can be authenticated against the stored signature using the unique identifier to prevent the firmware from running or booting if the authentication fails. This mechanism helps developers to create secure products and protect their IP against theft.

Protected communication right up to the target device (TELP)

The final step in securing programming includes protected communication between any programmer and the target memory, aiming to prevent eavesdropping even with direct access to the production environment. The highest level of security in production processes is achieved when all connections to the production tools are secured by TLS (Transport Layer Security) as is the case with SEGGER’s Secure Sockets Layer emSSL. Using SEGGER’s Target Encrypted Link Package (TELP) adds another layer of protection, ensuring end-to-end security by adding encryption on the target side as well. While TELP is an optional add-on package, it should be considered essential in cases where the hardware itself cannot provide IP protection. In this case, TELP installs a bootloader to handle security. Before encrypted transmission even starts, the device is checked to ensure that the target CPU is genuine.

Detailed information on the Target Encrypted Link Package (TELP)...

Supported devices

The Flasher Secure as a member of the SEGGER Flasher family supports a wide range of CPU cores and an even wider range of different devices in host-based mode. The list of supported manufacturers, families, and devices and SoCs includes support for tens of thousands of devices in hundreds of device families with billions of devices programmed.

Device not listed? Please don’t hesitate to contact us.

Universal target support

The Flasher Secure features a highly flexible target and programming interface. This makes it possible to adapt to almost any system for ISP programming purposes. Dedicated flash loaders, which can be easily downloaded to the programmer, facilitate the programming of almost any device. This flexibility enables the use of the debug or dedicated programming interfaces of microcontrollers for the programming of on-chip memories as well as the programming of the off-chip parallel or (Q)SPI flashes. (Q)SPI can also be programmed directly.

Software

The Flasher Secure is a multi-platform solution. Its Flasher Software and Documentation Package includes the setup and control software for Linux, macOS and Windows. This is used to configure projects to be uploaded to the Flasher Secure Server (FSS) and, from there, distributed to the single Flasher devices.

Please note:
To set up the complete infrastructure and use the Flasher Secure as intended, it is essential to set up and run the Flasher Secure Server (FSS). It comes with the Flasher Secure Server Software Package that contains the installation data for the FSS.

Please don't hesitate to contact us for more information.

Updates

Future software and firmware updates as well as any new flash loaders for target devices that will be added, are free of charge. This also includes any updates for the configuration tools (e.g. for new devices, changed flash algorithms, etc.).

No licensing costs, even for newly supported devices.
No hidden costs.
No future costs.

Please note:
Not included are any updates for the Flasher Secure Server (FSS), Anti-Cloning Package or Target Encrypted Link Package (TELP).

Use case

IP protection for secure device management at contract manufacturers

When production volume reaches a certain threshold, companies have the opportunity to benefit from using a contract manufacturer (CM). Most companies, however, are reluctant to take this next step for fear of losing control over their IP, given that a CM will be trusted to store the components of production. Thanks to authentication algorithms, the Flasher Secure ensures that only authorized bootloaders and firmware are used in the system. If one component is not genuine, the device stops working, making it impossible to .copy firmware and/or bootloaders from one device to another.

As an IP owner, you have full end-to-end control over your production chain. To secure your IP and production run, Flasher Secure uses:

Mutual authentication
Authorization
Confidentiality

As an essential step in SEGGER's Secure Product Lifecycle Management (SPLM), the Flasher Secure, in combination with emSecure, authenticates hardware in production.

Learn more...

PLM Production 01 — Secure authenticated production

Media gallery

Product photos

SEGGER Flasher Secure: Host connector (product photo) — Flasher Secure host connector

SEGGER Flasher Secure: Target connector (product photo) — Flasher Secure target connector

Videos

SEGGER Webinar: How to Protect Your IP by Securing Your Production at Contract Manufacturers

May 2021 | 46:37 min
emSecure & Flasher Secure — Webinar

Technical specifications

Specifications
Power supply	USB powered, 500 mA if target is powered by Flasher Secure
USB host interface	USB2.0 (Full Speed)
RS232 host interface	RS232 9-pin
Target interface	Male 20-pin IDC keyed box header with 0.1" pitch (2.54mm), optional adapters available
Max. target cable length	Recommended (delivered): 20 cm (8") Max. 2 m (6.5") allowed but might reduce max. target interface speed.
Serial transfer rate between Flasher Secure and target	Max. target interface (JTAG, ...) speed: 15 MHz
Supported target voltage	1.2 - 5 V
Current drawn from target voltage sense pin (VT_Ref)	< 25 µA
Target supply voltage	5 V
Target supply current	Max. 400 mA
Operating temperature	+ 5 °C ... + 60 °C
Storage temperature	- 20 °C ... + 65 °C
Relative humidity (non-condensing)	< 90 % rH
Size (without cables)	121 mm x 66 mm x 30 mm
Weight (without cables)	119 g
Supported OS	Microsoft Windows (x86/x64), Linux (x86/x64/Arm)

Package content

SEGGER Flasher PRO - Gray Cable Ribbon 20 pin shadow — 20-pin, 0.1" target ribbon cable

Cable RS232 — RS232 cable 1:1 female / male

Four separate clamp blocks on the left, two mounting clips mounted to a Flasher on the right

Mounting brackets

SEGGER's mounting brackets provide a reliable solution for securely fastening Flasher in-circuit programmers during use. Designed for stability and ease of use, these brackets ensure a tidy and professional setup.

The mounting brackets are available directly from the SEGGER shop.

Alternatively, we offer the option to 3D print the mounting brackets yourself. A downloadable ZIP file is provided, containing a STEP file for modifications, an STL file ready for 3D printing, and a PDF with detailed dimensions.

FAQ

Q: What is the difference between Flasher Secure Control Server and Flasher Secure Server?

A: There is none. The Flasher Secure Control Server has been renamed to Flasher Secure Server (FSS) that now provides more service options and new available add-ons.

Q: Can I use the Flasher Secure alone?

A: To set up a complete infrastructure supporting secured communication via an encrypted and authenticated connection to prevent unauthorized access, you also need at least the Flasher Secure Server (FSS). To use the full range of security features, the Anti-Cloning Package is recommended. If the microcontroller does not provide any security features, but the firmware needs to be transferred via the manufacturer's interface, the Target Encrypted Link Package (TELP) is needed for full security.