TUF-Luck: A Secure 3D Printing Bootloader

• Mariel Diaz, Electrical Engineering, Rowan University

• Nektarios Tsoutsos, Electrical and Computer Engineering, University of Delaware

Dr. Nektarios Tsoutsos

Department of Electrical and Computer Engineering

University of Delaware

TUF-Luck: A Secure 3D Printing Bootloader

The rapid development of Internet of Things (IoT) technologies has exposed vulnerabilities on many edge devices. Even 3D printers aren’t safe from cyber attacks, hackers can implement malicious firmware updates that can lead to failed prints, broken hardware, or serve as entry points for broader attacks. Most 3D printers, like the Creality V4.2.7 Motherboard (STM32), lack security to verify firmware authenticity before installation which leaves users vulnerable. To solve this, we used The Update Framework (TUF), a software security update system that uses cryptographic signatures and trusted metadata. However, TUF implementations aren’t directly compatible with microcontrollers like the STM32, which runs in embedded C. To bridge this gap, we isolated the verification logic from the Rust-TUF implementation and transpiled it into C, making it compatible with the STM32 3D printer board. We integrated this into a secure bootloader that performs two key checks before accepting an update: it verifies the signature using the Ed25519 algorithm and compares it to the firmware SHA-256 hash to the trusted value in the signed metadata, which will run if both match. To test this, we generated valid TUF metadata and signed firmware using a Rust-based signing tool to test our system to see if it correctly rejects tampered updates and accepts only trustworthy cryptography. Our project shows that it’s not only possible but practical to bring modern security to 3D printers. By leveraging TUF, lightweight cryptography, and embedded C, we built a firmware verification system that blocks malicious updates at the source.