Licensing on Microcontrollers with Just a Few Kilobytes of Memory: Here‘s How!
More and more manufacturers from the industrial sector are asking us how they can use Wibu-Systems’ license management solutions to protect the firmware or functionalities of small microcontrollers in the field. In this context, licensing is the primary focus. The key requirement for the licensing solution is minimal memory consumption – just a few kilobytes. To discuss this topic, the KEYnote editorial team spoke with Wibu-Systems’ Embedded Product Manager (PM) and the microcontroller specialist from our Professional Services team (PS).
Editorial Team: Today, we‘re discussing how to bring the CodeMeter licensing solution to devices with such limited resources that even CodeMeter µEmbedded is too large. My question to the Embedded Product Manager: Where is such a solution needed, and who is using it?
PM: Our industrial customers manufacture sensors and actuators in large quantities, such as frequency converters for motors, sensors for mechanical engineering, or valve controls in hydraulics. These devices require only minimal computing power but often contain high-value control algorithms or complex measurement functions. This software represents valuable intellectual property (IP) that needs protection. However, on these platforms, even the 64 KB of CodeMeter µEmbedded and the required RAM are too large to be implemented.
Editorial Team: Aren‘t microcontrollers becoming more powerful? Many can now render web interfaces or communicate with the cloud.
PM: That‘s correct. For more powerful systems, CodeMeter Embedded is a great choice. However, let‘s take the example of a frequency converter used to control the speed of a servo motor. Here, the focus is on load monitoring, acceleration and braking ramps, and motor characteristics. Such devices operate with only a few kilobytes of RAM. The manufacturer, however, wants to license individual functions and control the number of devices produced at the contract manufacturer. These devices are produced in high volumes, and cost-sensitive component selection is crucial. A multifunctional security solution like CodeMeter simply doesn‘t fit within the limited memory available.
Editorial Team: How can a manufacturer still use the CodeMeter licensing concept?
PM: With a specially adapted solution that optimally utilizes the available resources while ensuring a secure binding of the license to the hardware. At the same time, compatibility with CodeMeter License Central and remote updates must be maintained. CodeMeter is highly flexible, allowing the necessary solution to be built from existing functions.
Editorial Team: The question goes to the developer: How does this work? A CodeMeter licensing solution without CodeMeter Embedded?
PS: We have developed a compact library for microcontrollers, reduced to the essential functions for license and signature verification, ensuring a minimal footprint. Additionally, we use an optimized license format specifically designed for resource-constrained microcontrollers. The license file is generated on a programming system using a host tool, derived from a regular CodeMeter license. This allows the entire CodeMeter ecosystem to remain fully functional while ensuring that the final license is securely bound to the target system. The host tool can be flexibly integrated into the production process, making licensing seamless and efficient.
Editorial Team: What functions does the library offer on microcontrollers?
PS: The license content can be individually customized. Typically, a license contains only a few attributes: a device ID, Firm Code, Product Code, validity period, feature map, and the number of license units. Adjustments to specific customer requirements are possible. The library verifies the validity of the license and provides access to its content.
Editorial Team: How large is such a license?
PS: A typical license requires approximately 150 bytes in the parameter storage of the microcontroller. This includes the essential attributes and a cryptographic signature.
Editorial Team: And what about the library? What resources are required for it?
PS: The microcontroller only requires ECDSA signature verification and SHA hash calculation. Depending on the platform, existing hardware can be utilized, or already available cryptographic libraries can be integrated. This ensures flexibility in implementation, and as a result, the required memory size varies.
Editorial Team: How does the licensing process work in practice?
PS: To bind a license to the device, a unique device ID is required, which can either be read from the microcontroller or obtained from an external source. During production, a host tool generates a signed license for the microcontroller using a CmDongle or via CmCloud. A counter in the CodeMeter license container is decremented, ensuring that each license is used only once. The license transfer depends on the application scenario – either automatically on the production line or later by a technician in the field. Future updates are also possible via the host tool.
Editorial Team: And how is the license verified on the device?
PS: At startup or during operation, the license container is read. The signature is verified against a key hidden in the firmware. After verification, the firmware receives the license information – either as a simple Yes/No decision or with additional attributes that control the software functionality.
Editorial Team: How can a customer obtain this solution?
PM: Through our Sales and Professional Services teams. First, we clarify the protection requirements and use case with the customer. Upon request, Professional Services then provides a customized code example for the microcontroller and delivers a secured library for the host tool.
Editorial Team: How secure is the solution against unauthorized license creation by third parties?
PS: A critical aspect is the protection of the host tool, which generates the microcontroller licenses. For this, we use CodeMeter AxProtector. Up to this point, the CodeMeter Remote Update process is fully secured. The host tool then creates a licensed file for the specific target device, ensuring that the entire chain remains protected.
Editorial Team: What about software protection?
PM: Many modern microcontrollers offer integrated security solutions that allow firmware to be signed and encrypted. For example, NXP refers to this as Secure Provisioning. Even the new RP2350 from Raspberry Pi supports Encrypted Boot using an asymmetric cryptographic method.
Editorial Team: Can this also be protected with CodeMeter functions?
PS: This needs to be evaluated on a case-by-case basis and implemented specifically to the microcontroller. A smart combination of the microcontroller’s built-in security features and CodeMeter functions for license handling and storage can significantly enhance the level of protection.
Editorial Team: And now, please summarize the entire topic in a single sentence.
PM: Wibu-Systems enables licensing on resource-constrained microcontrollers by combining CodeMeter’s license management functions with the built-in security features of modern microcontrollers, ensuring efficient and flexible implementation.
Secure License Management for Small Devices – A Smarter Approach
Traditional license management tools often fall short on small devices due to limited resources. With the Custom Licensing Adapter, CmDongles, and CodeMoving, machine builders and manufacturers can enable secure, centralized licensing via CodeMeter License Central. Watch the webinar replay!
KEYnote 49 – Edition Spring/Summer 2025