building secure boot loader for microbic

Tue, 20 Jun 2017 11:43:56 -0700 

Hi,

folks wanted to use secure boot loader on nrf51 on the mynewt slack channel.

I thought I’d show an example about how to make this happen.


Add keys to use:
diff --git a/boot/bootutil/pkg.yml b/boot/bootutil/pkg.yml
index 20a7a58e..7abef9e7 100644
--- a/boot/bootutil/pkg.yml
+++ b/boot/bootutil/pkg.yml
@@ -31,6 +31,7 @@ pkg.deps:
     - kernel/os 
     - sys/defs
     - sys/flash_map
+    - mypkgs/ecc256_key
 
 pkg.deps.BOOTUTIL_SIGN_EC256:
     - crypto/tinycrypt

Create target:
[marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt target show 
boot_bbc_crypto
targets/boot_bbc_crypto
    app=@apache-mynewt-core/apps/boot
    bsp=@apache-mynewt-core/hw/bsp/bbc_microbit
    build_profile=optimized
    syscfg=BOOTUTIL_SIGN_EC256=1

Make sure it fits in space allocated for secure bootloader:
ls -al bin/targets/boot_bbc_crypto/app/apps/boot/boot.elf.bin 
-rwxr-xr-x  1 marko  staff  13756 Jun 20 11:01 
bin/targets/boot_bbc_crypto/app/apps/boot/boot.elf.bin

And the compare size against FLASH_AREA_BOOTLOADER in
repos/apache-mynewt-core/hw/bsp/bbc_microbit/bsp.yml (16kB max, so looks ok).

Verify image signature on every boot (as opposed to only when
swapping images).
First pull in change to fix this:
cd repos/apache-mynewt-core
git remote add marko g...@github.com:mkiiskila/incubator-mynewt-core.git
git pull marko boot_check_slot0-fix

Add cflag to target to do that:
newt target set boot_bbc_crypto cflags=-DBOOTUTIL_VALIDATE_SLOT0 
[marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt target show 
boot_bbc_crypto
targets/boot_bbc_crypto
    app=@apache-mynewt-core/apps/boot
    bsp=@apache-mynewt-core/hw/bsp/bbc_microbit
    build_profile=optimized
    cflags=-DBOOTUTIL_VALIDATE_SLOT0 
    syscfg=BOOTUTIL_SIGN_EC256=1

Make sure it does not boot:
newt run boot_bbc_crypto
(gdb) b boot.c:54
Breakpoint 1 at 0x2d0: file repos/apache-mynewt-core/apps/boot/src/boot.c, line 
54.
(gdb) c
Continuing.
Note: automatically using hardware breakpoints for read-only addresses.

Breakpoint 1, main () at repos/apache-mynewt-core/apps/boot/src/boot.c:54
54          rc = boot_go(&rsp);
(gdb) n
55          assert(rc == 0);
(gdb) p rc
$1 = 3

Yup, does not boot.

Create a target that fits:
diff --git a/apps/bleprph_oic/pkg.yml b/apps/bleprph_oic/pkg.yml
index 34cdd45c..c01970b4 100644
--- a/apps/bleprph_oic/pkg.yml
+++ b/apps/bleprph_oic/pkg.yml
@@ -30,10 +30,9 @@ pkg.deps:
     - net/nimble/host/services/gatt
     - net/nimble/host/store/ram
     - net/nimble/transport/ram
-    - sys/console/full
-    - sys/log/full
-    - sys/stats/full
+    - sys/console/stub
+    - sys/log/stub
+    - sys/stats/stub
     - mgmt/oicmgr
     - sys/sysinit
-    - sys/shell
     - sys/id
[marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt target show 
bleprph_oic_bbc 
targets/bleprph_oic_bbc
    app=@apache-mynewt-core/apps/bleprph_oic
    bsp=@apache-mynewt-core/hw/bsp/bbc_microbit
    build_profile=optimized
    
syscfg=BLE_ATT_SVR_MAX_PREP_ENTRIES=8:BLE_GATT_WRITE_MAX_ATTRS=6:BLE_HCI_EVT_HI_BUF_COUNT=4:BLE_HCI_EVT_LO_BUF_COUNT=3:BLE_LL_CONN_INIT_MAX_TX_BYTES=251:BLE_LL_MAX_PKT_SIZE=251:BLE_SM_LEGACY=0:LOG_FCB=0:LOG_LEVEL=0:LOG_NEWTMGR=0:LOG_SOFT_RESET=0:MSYS_1_BLOCK_COUNT=18:MSYS_1_BLOCK_SIZE=128:OC_LOGGING=0:OC_SEPARATE_RESPONSES=0:OC_TRANSPORT_SERIAL=0:OS_MAIN_STACK_SIZE=512


Build it:
[marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt build bleprph_oic_bbc
Building target targets/bleprph_oic_bbc
Target successfully built: targets/bleprph_oic_bbc
[marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt create-image 
bleprph_oic_bbc 0.0.1 
repos/apache-mynewt-core/mypkgs/ecc256_key/image_sign_prime256v1.pem 
App image succesfully generated: 
/Users/marko/src/incubator-mynewt-blinky/bin/targets/bleprph_oic_bbc/app/apps/bleprph_oic/bleprph_oic.img

Make sure that image signature is present:
[marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ od -t x1 -j 16 -N 4 
bin/targets/bleprph_oic_bbc/app/apps/bleprph_oic/bleprph_oic.img
0000020    22  00  00  00
           ^
           |
     signature present

Load it:
[marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt load bleprph_oic_bbc     
       
Loading app image into slot 1

Verify that bootloader passes checks:
[marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt debug boot_bbc_crypto
(gdb) b boot.c:55
Breakpoint 1 at 0x2d6: file repos/apache-mynewt-core/apps/boot/src/boot.c, line 
55.
(gdb) c
Continuing.
Note: automatically using hardware breakpoints for read-only addresses.

Breakpoint 1, main () at repos/apache-mynewt-core/apps/boot/src/boot.c:55
55          assert(rc == 0);
(gdb) p rc
$1 = 0

-> Works



Hope this helps,
M

Reply via email to