rustBoot is a standalone bootloader, written entirely in Rust

Related tags

Utilities rustBoot
Overview

rustBoot

rustBoot is a standalone bootloader, written entirely in Rust, designed to run on anything from a microcontroller to a system on chip. It can be used to boot into bare-metal firmware or Linux.

rustBoot

Why build another bootloader?

Why rustBoot

So, how does rustBoot help?

rustBoot aims to offer an OS and micro-architecture agnostic (i.e. highly portable) secure bootloader which is standards-based, easy to integrate (into existing embedded software projects) and eliminates duplication of work for every project.

What is rustBoot

Goals and objectives:

A secure-bootloader is a complex project, despite its small size. The effort involved in developing/integrating one can be overwhelming. (key-management, code-safety, trust-chains, reliable back-ups etc.)

rustBoot's purpose is to help simplify the entire process. Some of its primary goals are

  • Compliance with the IETF-SUIT standard i.e.
    • one of its requirements is to not require the use of specific protocols or data link interfaces to transfer updates to a device.
    • transferring an update should be delegated to the firmware/OS to avoid size or computational limitations (along with a drastic reduction in attack surface).
  • Reliable updates:
    • rustBoot will perform swap operations via the A/B or multi-slot partitioning method to replace currently active firmware with a newly received update and at the same time store a back-up copy of it in a (passive) secondary partition.
  • Predictablility over Performance:
    • one of rustBoot's core design objectives is to keep it simple and avoid complexity. So, there will be little to no application of meta or async programming constructs.
    • not that we need the extra performance, rustBoot can already hit sub-second secure boot-times as we've stripped it down to the bare-essentials.
  • Zero-dynamic memory allocation:
    • to make it highly portable, apart from its modular design, rustBoot relies on a zero dymnamic memory allocation architecture i.e. no heap required.
  • Memory safety & type-state programming:
    • the entire bootloader is written in rust's safe-fragment with a limited set of well-defined api(s) for unsafe HW access.
    • as a consequence, it makes rustBoot immune to a whole host of memory safety bugs. ex: things like parsing image-headers (i.e. container-formats) in rustBoot is much safer.
    • rustBoot takes advantage of rust's powerful type-system to make invalid boot-states unrepresentable at compile time and along with constructs such as sealed states, global singletons, it improves the overall security of the entire code-base.
  • Formal guarantees: an aspirational goal at this point but we think its do-able
    • property-based testing via symbolic execution: to formally verify rustBoot's parser.
    • deductive verification: for critical sections of code (ex: swapping contents of boot and update partitions).

Project layout:

This project's folder structure is divided into 2 workspaces.

  • core-bootloader:
    • resides in its own folder called rustBoot
  • hardware abstraction layer
    • the boards folder contains all hardware-specific code. It houses other neccessary folders
      • rustBoot-hal: contains flash-hal (read/write/erase) impls for a specific board.
      • rust-update: this crate/folder contains all of the board-agnostic A/B update logic.
      • test_firmware: contains test firmware (i.e. blinky-led firmware) for the boot and update partitions for a specific board.
      • test_impls: contains a test implementation of the bootoloader for a specific board.

Additionally, the project includes a folder called xtask to simplify the build-sign-flash process.

For detailed instructions on usage, you can take a look at the readme page for each board under - boards/test_impls/{board-name}

In short, you'll need 3 things:

  • flash-api: implement the FlashInterface trait for your board (abstracts out the necessary HW-specific flash operations such as writing/readin/erasing).
    • Note: I'm still contemplating switching to something like embedded-storage. Please feel free to chime-in if you have suggestions here.
  • memory-layout: choose a suitable memory layout based on your board's micro-architecture and make.
  • firmware-api: use the methods from the UpdateInterface trait in your firmware to trigger and confirm firmware updates. (note - downloading and installing the update is to be handled by whatever firmware/OS you're running).

rustBoot's high-level design

rustBoot – Secure bootloader architecture rustBoot – Application interface

Features:

  • A/B or multi-slot partitioning of the flash device.
  • elliptic curve cryptography for integrity and authenticity verification using RustCrypto
  • a tiny hardware abstraction layer for non-volatile memory (i.e. flash) programming.
  • anti-rollback protection via version numbering.
  • a fully memory safe core-bootloader implementation with safe parsers and flash-update logic.
  • power-interruptible firmware updates along with the assurance of fall-back availability.

Future roadmap:

  • switch to a rust-based KMI for manifest-header creation, key-generation and firmware signing to improve scalability and security (currently the lone available example uses wolfboot's python implementation for this).
  • support for external flash devices and serial/console logging interfaces.
  • support for ARM TrustZone-M and A and certified secure hardware elements - microchip ATECC608a, NXP SE050, STSAFE-100
  • support for a highly secure and efficient firmware transport method over end-end mutually authenticated and encrypted channels via ockam-networking-libraries.
  • many more examples with test implementations for a variety of boards.

Documentation:

[todo!] - rustBoot-book goes here.

Acknowledgment:

rustBoot's design was influenced by wolfBoot. It borrows wolfBoot's reliable-update design idea and builds on it with rust's memory safety guarantees, safer parsing libraries, compile-time state-transition checks and easy integration with crates (such as boards, HALs drivers etc.) developed by the embedded-rust community.

Support:

For questions, issues, feature requests, and other changes, please file an issue in the github project.

License:

rustBoot is licensed under

Contributing:

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the MIT license, shall be dual licensed as above, without any additional terms or conditions.

Comments
  • Add support for STM32F469 MCU in examples

    Add support for STM32F469 MCU in examples

    Hello, and first of all, thanks for this great work.

    I have tried to add support for the STM32F469 MCU in the STM HAL. This chip is used on the STM32F469-IDISCO board and supporting should be very close to the existing code implemented for STM32F411 and STM32F446. However, I am wondering how to adjust the value for the constant FW_RESET_VTR, for which the definition is based on an offset... [This offset is 0xA9 in the current STM446 implementation] (https://github.com/nihalpasham/rustBoot/blob/5a3cc7aa392abeb0ac322aa4279bba5a8eba7c6e/boards/hal/src/stm/stm32f446.rs#L15) ...and 0x99 in the STM411 implementation.

    What is the meaning of this offset? How can I adjust this for STM32F469? In the STM32 programming manual (PM201), the vector table is identical regardless of the chip STM32F411 or STM32F446...

    question board support 
    opened by lionelains 10
  • Added support for the RP2040 board

    Added support for the RP2040 board

    #19

    Added and tested both secure boot and update firmware with QSPI enabled external flash-driver on RP2040 Pico Board.

    Command line output

    PS C:\Users\ELCOME\Documents\RustProjects\rustBoot-Abhishek\rustBoot> cargo rp2040 build-sign-flash rustBoot
        Finished dev [unoptimized + debuginfo] target(s) in 0.07s
         Running `target\debug\xtask.exe rp2040 build-sign-flash rustBoot`
    $ cargo build --release
        Finished release [optimized] target(s) in 0.15s
    $ cargo build --release
        Finished release [optimized] target(s) in 0.16s
    $ cargo build --release
        Finished release [optimized] target(s) in 0.13s
    $ py convert2bin.py
    $ py signer.py
    ['sign.py', '--ecc256', '--sha256', 'rp2040_bootfw.bin', 'ecc256.der', '1234']
    Update type:          Firmware
    Input image:          rp2040_bootfw.bin
    Selected cipher:      ecc256
    Public key:           ecc256.der
    Output image:         rp2040_bootfw_v1234_signed.bin
    Not Encrypted
    Calculating sha256 digest...
    Signing the firmware...
    Done.
    Output image successfully created.
    ['sign.py', '--ecc256', '--sha256', 'rp2040_updtfw.bin', 'ecc256.der', '1235']
    Update type:          Firmware
    Input image:          rp2040_updtfw.bin
    Selected cipher:      ecc256
    Public key:           ecc256.der
    Output image:         rp2040_updtfw_v1235_signed.bin
    Not Encrypted
    Calculating sha256 digest...
    Signing the firmware...
    Done.
    Output image successfully created.
    $ probe-rs-cli download --format Bin --base-address 0x10020000 --chip RP2040 rp2040_bootfw_v1234_signed.bin
         Erasing sectors ✔ [00:00:00] [##############################################################################]  4.00KiB/ 4.00KiB @ 22.56KiB/s (eta 0s )
     Programming pages   ✔ [00:00:00] [##############################################################################]  4.00KiB/ 4.00KiB @ 10.01KiB/s (eta 0s )
        Finished in 0.489s
    $ probe-rs-cli download --format Bin --base-address 0x10040000 --chip RP2040 rp2040_updtfw_v1235_signed.bin
         Erasing sectors ✔ [00:00:00] [##############################################################################]  4.00KiB/ 4.00KiB @ 22.96KiB/s (eta 0s )
     Programming pages   ✔ [00:00:00] [##############################################################################]  4.00KiB/ 4.00KiB @  9.73KiB/s (eta 0s )
        Finished in 0.515s
    $ cargo flash --chip RP2040 --release
        Finished release [optimized] target(s) in 0.13s
        Flashing C:\Users\ELCOME\Documents\RustProjects\rustBoot-Abhishek\rustBoot\boards\target\thumbv6m-none-eabi\release\rp2040
         Erasing sectors ✔ [00:00:00] [##############################################################################] 48.00KiB/48.00KiB @ 43.30KiB/s (eta 0s )
     Programming pages   ✔ [00:00:02] [##############################################################################] 48.00KiB/48.00KiB @  9.69KiB/s (eta 0s )
        Finished in 3.184s
    
    board support block-device driver impls 
    opened by abhishekdhamale 4
  • Add a rust-based NVMC driver for the STM32F446RE board

    Add a rust-based NVMC driver for the STM32F446RE board

    In order to port rustBoot to the STM32F446RE board, we'll need to implement a flash-driver written in rust.

    Sub-tasks:

    • [x] The flash driver should support lock and unlock flash operations.
    • [x] The flash driver must read, write and erase data-blocks from the device's internal flash memory.
    • [x] Finally, it must implement rustBoot's FlashInterface trait.

    Additional notes:

    • You only need to implement the methods (of FlashInterface trait), applicable to your board.
    board support block-device driver impls 
    opened by nihalpasham 4
  • Add support for STM32F469 MCU in examples (closes #64)

    Add support for STM32F469 MCU in examples (closes #64)

    This PR allows running rustBoot and its example upgrade flow on the STM32F469-IDISCO board.

    On this board, the sample rustBoot flash upgrade process is as follows: (it is executed when issuing cargo stm32f469 build-sign-flash rustBoot 1234 1235 from the command line)

    • Once the demo is flashed on the STM32F469-IDISCO board, press the reset (black button) of the board to start the execution
    • The green LED flashes 3 times (while the MCU is running the boot firmware corresponding to source file boards/firmware/stm32f469/boot_fw_blinky_green/src/main.rs)
    • A delay of a few seconds occurs while the update partition is transferred to the boot partition by rustBoot
    • The red LED flashes 3 times (the MCU is now running the update firmware corresponding to source file boards/firmware/stm32f469/updt_fw_blinky_red/src/main.rs)
    • As soon as the new firmware sets the flash success state, the blue LED turns on while the red LED continues flashing forever

    Note
    When I mention color LEDs above, I mean the front LEDs (next to the LCD screen) of the STM32F469-IDISCO board.

    documentation enhancement board support 
    opened by lionelains 3
  • rust signing, support for rustBoot

    rust signing, support for rustBoot

    rbsigner modified and created PR for #23.

    Changelog:

    • removed python dependencies
    • modified xtask
    • removed hardcoded image version value now support with cli
    • signed images are located in the signed_images folder
    • string concatenation added for creating output image name with image version
    • few test cases added

    rust signing, tested with hardware.

    single command change to cargo [board] [build-sign-flash] [boot-ver] [updt-ver] rustBoot. Example cargo stm32h723 build-sign-flash 1234 1235 rustBoot

    comand line output

    $ cargo stm32h723 build-sign-flash 1234 1235 rustBoot
        Finished dev [unoptimized + debuginfo] target(s) in 0.10s
         Running `target/debug/xtask stm32h723 build-sign-flash 1234 1235 rustBoot`
    $ cargo build --release
       Compiling version_check v0.9.4
       Compiling typenum v1.15.0
       ...
       ...
       Compiling rustBoot-update v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/boards/update)
        Finished release [optimized] target(s) in 53.55s
    $ cargo build --release
       Compiling stm32h723_updtfw v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/boards/firmware/stm32h723/updt_fw_blinky_red)
        Finished release [optimized] target(s) in 1.54s
    $ cargo build --release
       Compiling stm32h723 v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/boards/bootloaders/stm32h723)
        Finished release [optimized] target(s) in 2.25s
    $ rust-objcopy -I elf32-littlearm ../../target/thumbv7em-none-eabihf/release/stm32h723_bootfw -O binary stm32h723_bootfw.bin
    $ rust-objcopy -I elf32-littlearm ../../target/thumbv7em-none-eabihf/release/stm32h723_updtfw -O binary stm32h723_updtfw.bin
    $ cargo run mcu-image ../boards/rbSigner/signed_images/stm32h723_bootfw.bin nistp256 ../boards/rbSigner/keygen/ecc256.der 1234
       Compiling rbsigner v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/rbsigner)
        Finished dev [unoptimized + debuginfo] target(s) in 0.59s
         Running `/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/target/debug/rbsigner mcu-image ../boards/rbSigner/signed_images/stm32h723_bootfw.bin nistp256 ../boards/rbSigner/keygen/ecc256.der 1234`
    
    Update type       :Firmware
    Curve type        :nistp256
    Input image       :stm32h723_bootfw.bin
    Public key        :ecc256.der
    Image version     :1234
    Output image      :stm32h723_bootfw_v1234_signed.bin
    Calculating sha256 digest...
    Signing the firmware...
    Done.
    Output image successfully created with 4608 bytes.
    
    $ cargo run mcu-image ../boards/rbSigner/signed_images/stm32h723_updtfw.bin nistp256 ../boards/rbSigner/keygen/ecc256.der 1235
        Finished dev [unoptimized + debuginfo] target(s) in 0.05s
         Running `/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/target/debug/rbsigner mcu-image ../boards/rbSigner/signed_images/stm32h723_updtfw.bin nistp256 ../boards/rbSigner/keygen/ecc256.der 1235`
    
    Update type       :Firmware
    Curve type        :nistp256
    Input image       :stm32h723_updtfw.bin
    Public key        :ecc256.der
    Image version     :1235
    Output image      :stm32h723_updtfw_v1235_signed.bin
    Calculating sha256 digest...
    Signing the firmware...
    Done.
    Output image successfully created with 4624 bytes.
    
    $ probe-rs-cli erase --chip stm32h723ZGTx
    $ probe-rs-cli download --format Bin --base-address 0x8020000 --chip STM32H723ZGTx stm32h723_bootfw_v1234_signed.bin
         Erasing sectors ✔ [00:00:02] [############################] 128.00KiB/128.00KiB @ 63.21KiB/s (eta 0s )
     Programming pages   ✔ [00:00:00] [##############################]  5.00KiB/ 5.00KiB @  1.05KiB/s (eta 0s )
        Finished in 2.165s
    $ probe-rs-cli download --format Bin --base-address 0x8060000 --chip STM32H723ZGTx stm32h723_updtfw_v1235_signed.bin
         Erasing sectors ✔ [00:00:01] [############################] 128.00KiB/128.00KiB @ 64.68KiB/s (eta 0s )
     Programming pages   ✔ [00:00:00] [##############################]  5.00KiB/ 5.00KiB @  1.08KiB/s (eta 0s )
        Finished in 2.117s
    $ cargo flash --chip stm32h723ZGTx --release
        Finished release [optimized] target(s) in 0.08s
        Flashing /Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/boards/target/thumbv7em-none-eabihf/release/stm32h723
            WARN probe_rs::config::target > Using custom sequence for STM32H7
         Erasing sectors ✔ [00:00:01] [############################] 128.00KiB/128.00KiB @ 66.35KiB/s (eta 0s )
     Programming pages   ✔ [00:00:00] [##############################] 44.00KiB/44.00KiB @ 13.45KiB/s (eta 0s )
        Finished in 2.878s
    
    signing-tools 
    opened by imrank03 3
  • Add support for a QSPI enabled flash-driver for the RP2040 board

    Add support for a QSPI enabled flash-driver for the RP2040 board

    In order to port rustBoot to the RP2040 board, we'll need to implement a flash-driver written in rust.

    Sub-tasks:

    • [ ] The flash driver must write and erase data-blocks from the device's external flash memory.
    • [ ] More specifically, the RP2040 includes an Q-SPI flash chip, the flash driver must be a QSPI driver capable of performing block write and erase operations.
    • [ ] Finally, it must implement rustBoot's FlashInterface trait.

    Additional notes:

    • You only need to implement the methods (of FlashInterface trait), applicable to your board.
    board support block-device driver impls 
    opened by nihalpasham 3
  • Unknown command: python3 in wsl

    Unknown command: python3 in wsl

    Dear Nihal

    I have an issue related to wsl and python3. when i run command

    wsl python3 signer.py

    and issue happens as below

    $ python3 convert2bin.py $ wsl python3 signer.py Unknown command: python3 WSL Wsman Shell commandLine, version 0.2.1

    USAGE: wsl COMMAND [PARAMS...]

    COMMANDS: identify - WS-Identify enum - WS-Enumerate get - WS-Get put - WS-Put invoke - WS-Invoke xclean - Delete all files generated by this tool set xcred - Create or display credential file xcert - Get server certificate (saved to .crt)

    PARAMS specification is specific to a COMMAND.

    Output will be saved to ./response.xml. If you want to run parallel executions in the same directory, define RTFILEPREFIX in the environment. Doing so may significantly increase files generated.

    Requires: curl, xmllint, GNU core utilities. Optional: xsltproc for output formatting, gpg for encrypted credential. Optional: wget as alternate for curl when not available. Error: command wsl python3 signer.py failed, exit status: 1 home@home:/media/home/3BBA6BB21611231A/data/Prj_Security/SourceCode/rustBoot-main/rustBoot$ python --version Python 3.6.9

    I think python3 is not recognized in wsl even python3 is installed

    https://www.codegrepper.com/code-examples/python/wsl+install+python+3.10 https://www.codegrepper.com/code-examples/shell/bash%3A+python%3A+command+not+found

    Could you please support me fix issue related to wsl and python3

    Dat Nguyen

    question 
    opened by datnguyentien1981 3
  • how to build Rustboot for nrf52840 Development kit.

    how to build Rustboot for nrf52840 Development kit.

    Dear Nihal

    I have one nrf52840 kit purchased on market (https://infocenter.nordicsemi.com/pdf/nRF52840_DK_User_Guide_v1.2.pdf) and I try to modify test-firmware and build Rustboot with below command

    cargo xtask build-sign-flash rustBoot nrf52840

    as your comment in https://github.com/nihalpasham/rustBoot/tree/main/boards/test_impls/nrf52840 but currently, I have an issue as below.

    nad6hc@VM-NAD6HC-OSD5:~/Prj_Security/SourceCode/rustBoot-main$ cargo xtask build-sign-flash rustBoot nrf52840 Compiling version_check v0.9.3 Compiling typenum v1.14.0 Compiling p256 v0.9.0 Compiling defmt-macros v0.2.3 ..................... Compiling rustBoot v0.1.0 (/home/nad6hc/Prj_Security/SourceCode/rustBoot-main/rustBoot)

    error[E0554]: #![feature] may not be used on the stable release channel --> rustBoot/src/lib.rs:3:1 | 3 | #![feature(once_cell)] | ^^^^^^^^^^^^^^^^^^^^^^ For more information about this error, try rustc --explain E0554.

    error: could not compile rustBoot due to previous error nad6hc@VM-NAD6HC-OSD5:~/Prj_Security/SourceCode/rustBoot-main$

    could you please support me fix the issue in Rustboot.

    Dat Nguyen

    question 
    opened by datnguyentien1981 3
  • Test case added for

    Test case added for "digest_tag_len", Made changes in stm32f334 flash driver indentation and Xtask

    Test case added for "digest_tag_len" is passed

    > Executing task: cargo test --package rbsigner --bin rbsigner -- mcusigner::tests::digest_tag_len_test --exact --nocapture <
    
       Compiling rbsigner v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/rbsigner)
        Finished test [unoptimized + debuginfo] target(s) in 1.45s
         Running unittests src/main.rs (target/debug/deps/rbsigner-788554ad0c9b6684)
    
    running 1 test
    test mcusigner::tests::digest_tag_len_test ... digest_tag: [0, 1]
    digest_len: [0, 4]
    ok
    
    test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 9 filtered out; finished in 0.00s
    
    
    Terminal will be reused by tasks, press any key to close it.
    

    Changes made in "version_tag_len"

    > Executing task: cargo test --package rbsigner --bin rbsigner -- mcusigner::tests::version_tag_len_test --exact --nocapture <
    
        Finished test [unoptimized + debuginfo] target(s) in 0.07s
         Running unittests src/main.rs (target/debug/deps/rbsigner-788554ad0c9b6684)
    
    running 1 test
    test mcusigner::tests::version_tag_len_test ... version_tag: [0, 1]
    version_len: [4, 0]
    ok
    
    test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 9 filtered out; finished in 0.00s
    
    
    Terminal will be reused by tasks, press any key to close it.
    

    Xtask is modified and tested

    sarathk@sarath:~/stm32f/pull_req/rustBoot$ cargo stm32f334 build-sign-flash rustBoot 1234 1235
        Finished dev [unoptimized + debuginfo] target(s) in 0.05s
         Running `target/debug/xtask stm32f334 build-sign-flash rustBoot 1234 1235`
    $ cargo build --release
       Compiling rustBoot-hal v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/boards/hal)
       Compiling rustBoot-update v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/boards/update)
       Compiling stm32f334_bootfw v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/boards/firmware/stm32f334/boot_fw_blinky_green)
        Finished release [optimized] target(s) in 1.60s
    $ cargo build --release
       Compiling stm32f334_updtfw v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/boards/firmware/stm32f334/updt_fw_blinky_red)
        Finished release [optimized] target(s) in 1.17s
    $ cargo build --release
       Compiling defmt v0.3.2
       Compiling defmt-macros v0.3.2
       Compiling critical-section v0.2.7
       Compiling defmt-parser v0.3.1
       Compiling bare-metal v1.0.0
       Compiling bitflags v1.3.2
       Compiling defmt-rtt v0.3.2
       Compiling stm32f334 v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/boards/bootloaders/stm32f334)
       Compiling proc-macro-error-attr v1.0.4
       Compiling proc-macro-error v1.0.4
        Finished release [optimized] target(s) in 9.29s
    $ rust-objcopy -I elf32-littlearm ../../target/thumbv7em-none-eabihf/release/stm32f334_bootfw -O binary stm32f334_bootfw.bin
    $ rust-objcopy -I elf32-littlearm ../../target/thumbv7em-none-eabihf/release/stm32f334_updtfw -O binary stm32f334_updtfw.bin
    $ cargo run mcu-image ../boards/sign_images/signed_images/stm32f334_bootfw.bin nistp256 ../boards/sign_images/keygen/ecc256.der 1234
       Compiling libc v0.2.126
       Compiling filetime v0.2.17
       Compiling rustBoot v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/rustBoot)
       Compiling rbsigner v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/rbsigner)
        Finished dev [unoptimized + debuginfo] target(s) in 3.89s
         Running `/home/sarathk/stm32f/pull_req/rustBoot/target/debug/rbsigner mcu-image ../boards/sign_images/signed_images/stm32f334_bootfw.bin nistp256 ../boards/sign_images/keygen/ecc256.der 1234`
    
    Update type:    Firmware
    Curve type:       nistp256
    Input image:      stm32f334_bootfw.bin
    Public key:       ecc256.der
    Image version:    1234
    Output image:     stm32f334_bootfw_v1234_signed.bin
    Calculating sha256 digest...
    Signing the firmware...
    Done.
    Output image successfully created with 2508 bytes.
    
    $ cargo run mcu-image ../boards/sign_images/signed_images/stm32f334_updtfw.bin nistp256 ../boards/sign_images/keygen/ecc256.der 1235
        Finished dev [unoptimized + debuginfo] target(s) in 0.04s
         Running `/home/sarathk/stm32f/pull_req/rustBoot/target/debug/rbsigner mcu-image ../boards/sign_images/signed_images/stm32f334_updtfw.bin nistp256 ../boards/sign_images/keygen/ecc256.der 1235`
    
    Update type:    Firmware
    Curve type:       nistp256
    Input image:      stm32f334_updtfw.bin
    Public key:       ecc256.der
    Image version:    1235
    Output image:     stm32f334_updtfw_v1235_signed.bin
    Calculating sha256 digest...
    Signing the firmware...
    Done.
    Output image successfully created with 2484 bytes.
    
    $ probe-rs-cli erase --chip stm32f334r8tx
    $ probe-rs-cli download --format Bin --base-address 0x800b800 --chip stm32f334r8tx stm32f334_bootfw_v1234_signed.bin
         Erasing sectors ✔ [00:00:01] [################################################################################################]  4.00KiB/ 4.00KiB @  1.81KiB/s (eta 0s )
     Programming pages   ✔ [00:00:02] [################################################################################################]  3.00KiB/ 3.00KiB @     557B/s (eta 0s )
        Finished in 4.483s
    $ probe-rs-cli download --format Bin --base-address 0x800d000 --chip stm32f334r8tx stm32f334_updtfw_v1235_signed.bin
         Erasing sectors ✔ [00:00:01] [################################################################################################]  4.00KiB/ 4.00KiB @  1.85KiB/s (eta 0s )
     Programming pages   ✔ [00:00:02] [################################################################################################]  3.00KiB/ 3.00KiB @     554B/s (eta 0s )
        Finished in 4.491s
    $ cargo flash --chip stm32f334r8tx --release
        Finished release [optimized] target(s) in 0.08s
        Flashing /home/sarathk/stm32f/pull_req/rustBoot/boards/target/thumbv7em-none-eabihf/release/stm32f334
         Erasing sectors ✔ [00:00:10] [################################################################################################] 44.00KiB/44.00KiB @  4.03KiB/s (eta 0s )
     Programming pages   ✔ [00:00:20] [################################################################################################] 43.00KiB/43.00KiB @  1.31KiB/s (eta 0s )
        Finished in 31.232s
    
    opened by sarath3192 2
  • Flashdriver and rustBoot support was added for stm32f334 board  and conflicts resolved

    Flashdriver and rustBoot support was added for stm32f334 board and conflicts resolved

    #20 New board added

    Command : cargo stm32f334 build rustBoot-only
    

    sarathk@sarath:~/stm32f/PULL_REQUEST/rustBoot$ cargo stm32f334 build rustBoot-only Finished dev [unoptimized + debuginfo] target(s) in 0.05s Running target/debug/xtask stm32f334 build rustBoot-only $ cargo build --release Compiling version_check v0.9.4 Compiling autocfg v1.1.0 Compiling typenum v1.15.0 ... ... Comp Compiling ecdsa v0.13.4 Compiling p256 v0.10.1 Compiling rustBoot v0.1.0 (/home/sarathk/stm32f/PULL_REQUEST/rustBoot/rustBoot) Compiling rustBoot-hal v0.1.0 (/home/sarathk/stm32f/PULL_REQUEST/rustBoot/boards/hal) Compiling rustBoot-update v0.1.0 (/home/sarathk/stm32f/PULL_REQUEST/rustBoot/boards/update) Finished release [optimized] target(s) in 1m 38s

    Command : cargo stm32f334 build pkgs-for
    

    sarathk@sarath:~/stm32f/PULL_REQUEST/rustBoot$ cargo stm32f334 build pkgs-for Finished dev [unoptimized + debuginfo] target(s) in 0.05s Running target/debug/xtask stm32f334 build pkgs-for $ cargo build --release Compiling panic-probe v0.3.0 Compiling stm32f334_bootfw v0.1.0 (/home/sarathk/stm32f/PULL_REQUEST/rustBoot/boards/firmware/stm32f334/boot_fw_blinky_green) Finished release [optimized] target(s) in 1.79s $ cargo build --release Compiling stm32f334_updtfw v0.1.0 (/home/sarathk/stm32f/PULL_REQUEST/rustBoot/boards/firmware/stm32f334/updt_fw_blinky_red) Finished release [optimized] target(s) in 1.13s $ cargo build --release Finished release [optimized] target(s) in 0.15s

    Command : cargo stm32f334 sign pkgs-for
    

    sarathk@sarath:~/stm32f/PULL_REQUEST/rustBoot$ cargo stm32f334 sign pkgs-for Finished dev [unoptimized + debuginfo] target(s) in 0.06s Running target/debug/xtask stm32f334 sign pkgs-for $ python3 convert2bin.py $ python3 signer.py ['sign.py', '--ecc256', '--sha256', 'stm32f334_updtfw.bin', 'ecc256.der', '1235'] Update type: Firmware Input image: stm32f334_updtfw.bin Selected cipher: ecc256 Public key: ecc256.der Output image: stm32f334_updtfw_v1235_signed.bin Not Encrypted Calculating sha256 digest... Signing the firmware... Done. Output image successfully created. ['sign.py', '--ecc256', '--sha256', 'stm32f334_bootfw.bin', 'ecc256.der', '1234'] Update type: Firmware Input image: stm32f334_bootfw.bin Selected cipher: ecc256 Public key: ecc256.der Output image: stm32f334_bootfw_v1234_signed.bin Not Encrypted Calculating sha256 digest... Signing the firmware... Done. Output image successfully created.

    board support block-device driver impls 
    opened by sarath3192 2
  • New board stm32f746zg added.

    New board stm32f746zg added.

    • #31 added and tested both secure boot and update firmware.

    -Command line output

    udayakumar@udayakumar-VirtualBox:~/devspace/rustBoot$ cargo stm32f746 build rustBoot-only
       Compiling xtask v0.1.0 (/home/udayakumar/devspace/rustBoot/xtask)
        Finished dev [unoptimized + debuginfo] target(s) in 0.46s
         Running `target/debug/xtask stm32f746 build rustBoot-only`
    $ cargo build --release
       Compiling version_check v0.9.4
       Compiling typenum v1.15.0
       Compiling proc-macro2 v1.0.40
       Compiling unicode-ident v1.0.1
       ...
       ...
        Finished release [optimized] target(s) in 40.61s
    udayakumar@udayakumar-VirtualBox:~/devspace/rustBoot$ cargo stm32f746 build pkgs-for
        Finished dev [unoptimized + debuginfo] target(s) in 0.03s
         Running `target/debug/xtask stm32f746 build pkgs-for`
    $ cargo build --release
       Compiling stm32f746_bootfw v0.1.0 (/home/udayakumar/devspace/rustBoot/boards/firmware/stm32f746/boot_fw_blinky_green)
        Finished release [optimized] target(s) in 0.93s
    $ cargo build --release
       Compiling stm32f746_updtfw v0.1.0 (/home/udayakumar/devspace/rustBoot/boards/firmware/stm32f746/updt_fw_blinky_red)
        Finished release [optimized] target(s) in 0.93s
    $ cargo build --release
    
        Finished release [optimized] target(s) in 0.07s
    udayakumar@udayakumar-VirtualBox:~/devspace/rustBoot$ cargo stm32f746 sign pkgs-for
        Finished dev [unoptimized + debuginfo] target(s) in 0.03s
         Running `target/debug/xtask stm32f746 sign pkgs-for`
    $ python3 convert2bin.py
    $ python3 signer.py
    ['sign.py', '--ecc256', '--sha256', 'stm32f746_updtfw.bin', 'ecc256.der', '1235']
    Update type:          Firmware
    Input image:          stm32f746_updtfw.bin
    Selected cipher:      ecc256
    Public key:           ecc256.der
    Output image:         stm32f746_updtfw_v1235_signed.bin
    Not Encrypted
    Calculating sha256 digest...
    Signing the firmware...
    Done.
    Output image successfully created.
    ['sign.py', '--ecc256', '--sha256', 'stm32f746_bootfw.bin', 'ecc256.der', '1234']
    Update type:          Firmware
    Input image:          stm32f746_bootfw.bin
    Selected cipher:      ecc256
    Public key:           ecc256.der
    Output image:         stm32f746_bootfw_v1234_signed.bin
    Not Encrypted
    Calculating sha256 digest...
    Signing the firmware...
    Done.
    Output image successfully created.
    udayakumar@udayakumar-VirtualBox:~/devspace/rustBoot$ 
    
    
    udayakumar@udayakumar-VirtualBox:~/devspace/rustBoot/boards/target/thumbv7em-none-eabihf/release$ probe-run stm32f746 --chip stm32f746zgtx
    (HOST) INFO  flashing program (43 pages / 43.00 KiB)
    (HOST) INFO  success!
    ────────────────────────────────────────────────────────────────────────────────
    
    board support block-device driver impls 
    opened by UdayakumarHidakal 2
  • Build a prototype impl for a firmware distribution platform using ockam's secure channels

    Build a prototype impl for a firmware distribution platform using ockam's secure channels

    firmware distribution platform using Ockam secure channels.

    sub-tasks

    Using ockam secure channels -

    • [ ] send and receive messages over a local network.
    • [ ] send and receive messages over the internet.
    • [ ] distribute firmware files over the internet.
    secure channels 
    opened by sarath3192 0
  • Support for NRF9160DK

    Support for NRF9160DK

    Add support for NRF9160 board

    • Implement the Hal flash driver for NRF9160 board

      • [ ] Search for the well maintained HAL crate for the board
      • [ ] Get the Blinky code working
      • [ ] Get the write and erase functions working on the flash
      • [ ] Integrate the write and erase functions in rust boot
      • [ ] Create the Boot and Update firmware using different LEDs
      • [ ] Integrate and Test the rustBoot project for the NRF9160 board
    board support block-device driver impls 
    opened by Strange21 0
  • Add a rust-based  secure element

    Add a rust-based secure element "NXP SE050" driver for ARM TrustZone-M and A

    Need to implement a secure element NXP SE050 driver with support for ARM TrustZone-M.

    Sub-tasks:

    • [ ] I2C driver for NXP's crypto authentication HW (i.e. secure element NXP SE050).
    • [ ] A method for sending commands to the NXP SE050 and retrieving the associated response.
    • [ ] rustBoot demonstration with secure element.
    • [ ] ARM TrustZone-M
    crypto secure element 
    opened by imrank03 0
  • Rust based driver development for secure element STSAFE-A100

    Rust based driver development for secure element STSAFE-A100

    STSAFE-A100 The STSAFE-A100 is a highly secure solution that acts as a secure element providing authentication and data management services to a local or remote host.

    Features

    1. Authentication .
    2. Secure channel establishment with remote host including transport layer security (TLS) handshake.
    3. Signature verification service (secure boot and firmware upgrade).
    4. Usage monitoring with secure counters Pairing and secure channel with host application processor.
    5. Wrapping and unwrapping of local or remote host envelopes.
    6. On-chip key pair generation.

    sub-tasks

    • [ ] I2C driver for STSAFE-A100 crypto authentication HW .
    • [ ] A method for sending commands to the STSAFE-A100 and retrieving the associated response.
    • [ ] rustBoot demonstration with secure element.

    Note: Communication between the host and STSAFE-A100 will be through I²C-bus slave interface with 7 bit addressing mode up to 400kbps transmission speed.

    crypto secure element 
    opened by yashwanthsinghm 1
  • Upgrade board specific dependencies

    Upgrade board specific dependencies

    If I try to upgrade board specific dependencies I get Cortex-m-rt conflicts error, because all board specific dependencies depend on Cortex-m-rt version number 0.6.15. All board specific and Cortex-m-rt dependencies need to be updated.

    board support 
    opened by imrank03 1
Owner
A seasoned cybersecurity leader (and practitioner), specializes in industrial & enterprise systems security.
null
A command-line tool collection to assist development written in RUST

dtool dtool is a command-line tool collection to assist development Table of Contents Description Usage Tips Installation Description Now dtool suppor

GB 314 Dec 18, 2022
Simple ray tracer written in Rust

Simple ray tracer written in Rust from scratch I've just finished my first semester at the Faculty of Applied Mathematics and Computer Science at the

Vladislav 190 Dec 21, 2022
BSV stdlib written in Rust and runs in WASM environments

BSV.WASM A Rust/WASM Library to interact with Bitcoin SV Installation NodeJS: npm i bsv-wasm --save Web: npm i bsv-wasm-web --save Rust: https://crate

null 56 Dec 15, 2022
Basically a KrabsETW rip-off written in Rust

FerrisETW ?? Basically a KrabsETW rip-off written in Rust, hence the name Ferris ?? All credits go to the team at Microsoft who develop KrabsEtw, with

n4r1B 25 Dec 21, 2022
A wasm interpreter written by rust

A wasm interpreter written by rust

nasa 69 Dec 6, 2022
Rustymind is a driver and parser for NeuroSky MindWave EEG headset written in pure Rust.

Rustymind is a driver and parser for NeuroSky MindWave EEG headset written in pure Rust. You can use it to connect, interact, and plot real time data from the headset.

Junjun Dong 34 Sep 13, 2022
a wasm interpreter written by rust

wai (WebAssembly interpreter) A simple wasm interpreter This is an ongoing project DEMO 2021-06-27.10.23.18.mov Install Install via Homebrew brew inst

nasa 69 Dec 6, 2022
Simple Spreadsheet editor written in Rust

Rexcel Simple Spreadsheet editor written in Rust Keyboard Shortcuts: CTRL + S => Save CTRL + Q => Quit CTRL + W +> Save And Quit CTRL + ALT + S => Sav

Saulane 16 Dec 1, 2022
Re-implementation of Panda Doodle in Rust targetting WASM, a mobile game originally written in C++

Description This is the source code of my game Panda Doodle, which can be played at https://pandadoodle.lucamoller.com/ (it's best playable on touch s

null 79 Dec 5, 2022
Utilities to gather data out of roms. Written in Rust. It (should) support all types.

snesutilities Utilities to gather data out of roms. Written in Rust. It (should) support all types. How Have a look at main.rs: use snesutilities::Sne

Layle | Luca 5 Oct 12, 2022
A program written in pure Rust to query music info from mpd and display it in a notification.

musinfo A program written in pure Rust to query music info from mpd and display it in a notification. Note: Cover art is expected to be placed at /tmp

Cpt.Howdy 10 Aug 16, 2022
ᎩᎦᎨᎢ (IPA: [gigagei]) is a random quote fetching console utility. Written in Rust.

gigagei ᎩᎦᎨᎢ (IPA: [gigagei]) is a random quote fetching console utility. Written in Rust. Installing Use latest pre-built binary from releases Buildi

veleth 10 Jun 17, 2022
A rewrite of Phonelink for Windows Forms written in Rust, with cross-platform support.

phonelink-rs A rewrite of Phonelink for Windows Forms written in Rust, with cross-platform support. Usage Clone the repository and build, or download

ahsan-a 4 Aug 6, 2022
A simple omegle API written in Rust

omegalul-rs omegalul-rs is a work-in-progress opensource library for building Omegle clients. Features Current Features Fetching random server from om

NV6 5 Jun 21, 2022
ASM moulinette written in Rust(🚀)

BFM: The Blazing Fast Moulinette ASM moulinette written in Rust( ?? ) Build with cargo build, run with cargo run -- <flags> <args> Flags: -h or --help

Timothée Denizou 5 Sep 17, 2021
Simplified glue code generation for Deno FFI libraries written in Rust.

deno_bindgen This tool aims to simplify glue code generation for Deno FFI libraries written in Rust. Quickstart # install CLI deno install -Afq -n den

Divy Srivastava 173 Dec 17, 2022
MIPS assembler written in Rust

frasm MIPS assembler written in Rust About frasm is an assembler written in Rust speicifally for the MIPs architecture. This is my first time writing

Jacob Mealey 3 Oct 23, 2022
A program written in Rust, that allows the user to find the current location of the International Space Station and see it on a map.

ISS Location ViewFinder A program written in Rust, that allows the user to find the current location of the International Space Station and see it on

Suvaditya Mukherjee 2 Nov 8, 2021
A fast, multi-threaded line counting utility written in Rust.

xloc A fast, multi-threaded line counting utility written in Rust. What is xloc A drop in replacement for bash's wc -l. Your project has x lines of co

null 1 Nov 15, 2021