Hi, folks wanted to use secure boot loader on nrf51 on the mynewt slack channel.
I thought I’d show an example about how to make this happen.
Add keys to use: diff --git a/boot/bootutil/pkg.yml b/boot/bootutil/pkg.yml index 20a7a58e..7abef9e7 100644 --- a/boot/bootutil/pkg.yml +++ b/boot/bootutil/pkg.yml @@ -31,6 +31,7 @@ pkg.deps: - kernel/os - sys/defs - sys/flash_map + - mypkgs/ecc256_key pkg.deps.BOOTUTIL_SIGN_EC256: - crypto/tinycrypt Create target: [marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt target show boot_bbc_crypto targets/boot_bbc_crypto app=@apache-mynewt-core/apps/boot bsp=@apache-mynewt-core/hw/bsp/bbc_microbit build_profile=optimized syscfg=BOOTUTIL_SIGN_EC256=1 Make sure it fits in space allocated for secure bootloader: ls -al bin/targets/boot_bbc_crypto/app/apps/boot/boot.elf.bin -rwxr-xr-x 1 marko staff 13756 Jun 20 11:01 bin/targets/boot_bbc_crypto/app/apps/boot/boot.elf.bin And the compare size against FLASH_AREA_BOOTLOADER in repos/apache-mynewt-core/hw/bsp/bbc_microbit/bsp.yml (16kB max, so looks ok). Verify image signature on every boot (as opposed to only when swapping images). First pull in change to fix this: cd repos/apache-mynewt-core git remote add marko g...@github.com:mkiiskila/incubator-mynewt-core.git git pull marko boot_check_slot0-fix Add cflag to target to do that: newt target set boot_bbc_crypto cflags=-DBOOTUTIL_VALIDATE_SLOT0 [marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt target show boot_bbc_crypto targets/boot_bbc_crypto app=@apache-mynewt-core/apps/boot bsp=@apache-mynewt-core/hw/bsp/bbc_microbit build_profile=optimized cflags=-DBOOTUTIL_VALIDATE_SLOT0 syscfg=BOOTUTIL_SIGN_EC256=1 Make sure it does not boot: newt run boot_bbc_crypto (gdb) b boot.c:54 Breakpoint 1 at 0x2d0: file repos/apache-mynewt-core/apps/boot/src/boot.c, line 54. (gdb) c Continuing. Note: automatically using hardware breakpoints for read-only addresses. Breakpoint 1, main () at repos/apache-mynewt-core/apps/boot/src/boot.c:54 54 rc = boot_go(&rsp); (gdb) n 55 assert(rc == 0); (gdb) p rc $1 = 3 Yup, does not boot. Create a target that fits: diff --git a/apps/bleprph_oic/pkg.yml b/apps/bleprph_oic/pkg.yml index 34cdd45c..c01970b4 100644 --- a/apps/bleprph_oic/pkg.yml +++ b/apps/bleprph_oic/pkg.yml @@ -30,10 +30,9 @@ pkg.deps: - net/nimble/host/services/gatt - net/nimble/host/store/ram - net/nimble/transport/ram - - sys/console/full - - sys/log/full - - sys/stats/full + - sys/console/stub + - sys/log/stub + - sys/stats/stub - mgmt/oicmgr - sys/sysinit - - sys/shell - sys/id [marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt target show bleprph_oic_bbc targets/bleprph_oic_bbc app=@apache-mynewt-core/apps/bleprph_oic bsp=@apache-mynewt-core/hw/bsp/bbc_microbit build_profile=optimized syscfg=BLE_ATT_SVR_MAX_PREP_ENTRIES=8:BLE_GATT_WRITE_MAX_ATTRS=6:BLE_HCI_EVT_HI_BUF_COUNT=4:BLE_HCI_EVT_LO_BUF_COUNT=3:BLE_LL_CONN_INIT_MAX_TX_BYTES=251:BLE_LL_MAX_PKT_SIZE=251:BLE_SM_LEGACY=0:LOG_FCB=0:LOG_LEVEL=0:LOG_NEWTMGR=0:LOG_SOFT_RESET=0:MSYS_1_BLOCK_COUNT=18:MSYS_1_BLOCK_SIZE=128:OC_LOGGING=0:OC_SEPARATE_RESPONSES=0:OC_TRANSPORT_SERIAL=0:OS_MAIN_STACK_SIZE=512 Build it: [marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt build bleprph_oic_bbc Building target targets/bleprph_oic_bbc Target successfully built: targets/bleprph_oic_bbc [marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt create-image bleprph_oic_bbc 0.0.1 repos/apache-mynewt-core/mypkgs/ecc256_key/image_sign_prime256v1.pem App image succesfully generated: /Users/marko/src/incubator-mynewt-blinky/bin/targets/bleprph_oic_bbc/app/apps/bleprph_oic/bleprph_oic.img Make sure that image signature is present: [marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ od -t x1 -j 16 -N 4 bin/targets/bleprph_oic_bbc/app/apps/bleprph_oic/bleprph_oic.img 0000020 22 00 00 00 ^ | signature present Load it: [marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt load bleprph_oic_bbc Loading app image into slot 1 Verify that bootloader passes checks: [marko@IsMyLaptop:~/src/incubator-mynewt-blinky]$ newt debug boot_bbc_crypto (gdb) b boot.c:55 Breakpoint 1 at 0x2d6: file repos/apache-mynewt-core/apps/boot/src/boot.c, line 55. (gdb) c Continuing. Note: automatically using hardware breakpoints for read-only addresses. Breakpoint 1, main () at repos/apache-mynewt-core/apps/boot/src/boot.c:55 55 assert(rc == 0); (gdb) p rc $1 = 0 -> Works
Hope this helps, M