What is anti-rollback protection and why is it important?

Anti-rollback protection prevents an attacker (or a faulty update mechanism) from installing an older, previously valid firmware version that contains known security vulnerabilities. Without anti-rollback, an attacker who gains physical or remote access to the update mechanism can downgrade the firmware to version 1.0 — which was legitimately signed by the manufacturer — and exploit a vulnerability that was patched in version 2.0. The old firmware passes signature verification because it was signed with the correct key, so secure boot alone does not prevent this attack. Anti-rollback adds a version monotonicity check: the bootloader refuses to boot any firmware with a version number lower than the minimum acceptable version.

The implementation uses a monotonic counter stored in tamper-resistant, non-volatile storage — typically OTP (One-Time Programmable) fuses or a protected flash region. Each firmware image includes a version number in its signed header. When the bootloader verifies a new firmware image, it compares the image's version against the counter stored in OTP. If the image version is lower than the counter, the bootloader rejects it regardless of the signature. When a firmware update is successfully confirmed (post-self-test), the bootloader increments the OTP counter to match the new version, permanently preventing rollback to any earlier version. OTP fuses are ideal because they can only be written once per bit — setting a fuse is irreversible, providing hardware-guaranteed monotonicity.

The tradeoff is that OTP fuses are a limited resource — a typical MCU might have 32-128 fuse bits available for version counting, supporting that many version increments over the product lifetime. Strategies to conserve fuses include: using epoch-based versioning where the fuse counter represents a "security epoch" that only increments when a critical security fix is deployed (not for every feature release), or using thermometer coding where each fuse bit represents one increment (32 fuses = 32 increments). Some platforms (e.g., TrustZone-M with secure storage, or a secure element) provide a larger monotonic counter in protected flash instead of fuses. An important nuance: anti-rollback must be applied carefully during development and manufacturing — if you increment the counter prematurely during factory testing, you might lock out legitimate firmware versions. Production provisioning workflows must account for this by setting the counter only at the final firmware programming stage.