TPS257xx-Q1 devices support secure firmware updates over USB using the previously-described USB endpoint method. The secure firmware update makes sure that only the binary image signed with the correct set of keys can be used to reprogram the EEPROM device. The GUI and firmware use the SHA-256 algorithm to hash and sign the binary image with RSA-PSS generated keys. A set of private and public key pairs can be generated using RSA-PSS for end-customer (OEM) development and production purposes.

During end-product production, initial programming of the EEPROM must be performed using I2C with the Full Flash binary image built with the desired set of keys. Field updates can then be done using the TPS257XX-Q1-GUI tool over a USB connection to the primary charging port with the USB EP binary image that was built with the same set of keys. The customer-specific private keys must be kept secure and need to be loaded at the time of USB field update to reprogram the device; otherwise, the secure firmware update process does not complete.