rustBoot is a standalone bootloader, written entirely in Rust

Last update: Dec 28, 2022

Related tags

Overview

rustBoot

rustBoot is a standalone bootloader, written entirely in Rust, designed to run on anything from a microcontroller to a system on chip. It can be used to boot into bare-metal firmware or Linux.

Why build another `bootloader`?

So, how does `rustBoot` help?

rustBoot aims to offer an OS and micro-architecture agnostic (i.e. highly portable) secure bootloader which is standards-based, easy to integrate (into existing embedded software projects) and eliminates duplication of work for every project.

Goals and objectives:

A secure-bootloader is a complex project, despite its small size. The effort involved in developing/integrating one can be overwhelming. (key-management, code-safety, trust-chains, reliable back-ups etc.)

rustBoot's purpose is to help simplify the entire process. Some of its primary goals are

Compliance with the IETF-SUIT standard i.e.
- one of its requirements is to not require the use of specific protocols or data link interfaces to transfer updates to a device.
- transferring an update should be delegated to the firmware/OS to avoid size or computational limitations (along with a drastic reduction in attack surface).
Reliable updates:
- rustBoot will perform swap operations via the A/B or multi-slot partitioning method to replace currently active firmware with a newly received update and at the same time store a back-up copy of it in a (passive) secondary partition.
Predictablility over Performance:
- one of rustBoot's core design objectives is to keep it simple and avoid complexity. So, there will be little to no application of meta or async programming constructs.
- not that we need the extra performance, rustBoot can already hit sub-second secure boot-times as we've stripped it down to the bare-essentials.
Zero-dynamic memory allocation:
- to make it highly portable, apart from its modular design, rustBoot relies on a zero dymnamic memory allocation architecture i.e. no heap required.
Memory safety & type-state programming:
- the entire bootloader is written in rust's safe-fragment with a limited set of well-defined api(s) for unsafe HW access.
- as a consequence, it makes rustBoot immune to a whole host of memory safety bugs. ex: things like parsing image-headers (i.e. container-formats) in rustBoot is much safer.
- rustBoot takes advantage of rust's powerful type-system to make invalid boot-states unrepresentable at compile time and along with constructs such as sealed states, global singletons, it improves the overall security of the entire code-base.
Formal guarantees: an aspirational goal at this point but we think its do-able
- property-based testing via symbolic execution: to formally verify rustBoot's parser.
- deductive verification: for critical sections of code (ex: swapping contents of boot and update partitions).

Project layout:

This project's folder structure is divided into 2 workspaces.

core-bootloader:
- resides in its own folder called rustBoot
hardware abstraction layer
- the boards folder contains all hardware-specific code. It houses other neccessary folders
  - rustBoot-hal: contains flash-hal (read/write/erase) impls for a specific board.
  - rust-update: this crate/folder contains all of the board-agnostic A/B update logic.
  - test_firmware: contains test firmware (i.e. blinky-led firmware) for the boot and update partitions for a specific board.
  - test_impls: contains a test implementation of the bootoloader for a specific board.

Additionally, the project includes a folder called xtask to simplify the build-sign-flash process.

For detailed instructions on usage, you can take a look at the readme page for each board under - boards/test_impls/{board-name}

In short, you'll need 3 things:

flash-api: implement the FlashInterface trait for your board (abstracts out the necessary HW-specific flash operations such as writing/readin/erasing).
- Note: I'm still contemplating switching to something like embedded-storage. Please feel free to chime-in if you have suggestions here.
memory-layout: choose a suitable memory layout based on your board's micro-architecture and make.
firmware-api: use the methods from the UpdateInterface trait in your firmware to trigger and confirm firmware updates. (note - downloading and installing the update is to be handled by whatever firmware/OS you're running).

rustBoot's high-level design

Features:

A/B or multi-slot partitioning of the flash device.
elliptic curve cryptography for integrity and authenticity verification using RustCrypto
a tiny hardware abstraction layer for non-volatile memory (i.e. flash) programming.
anti-rollback protection via version numbering.
a fully memory safe core-bootloader implementation with safe parsers and flash-update logic.
power-interruptible firmware updates along with the assurance of fall-back availability.

Future roadmap:

switch to a rust-based KMI for manifest-header creation, key-generation and firmware signing to improve scalability and security (currently the lone available example uses wolfboot's python implementation for this).
support for external flash devices and serial/console logging interfaces.
support for ARM TrustZone-M and A and certified secure hardware elements - microchip ATECC608a, NXP SE050, STSAFE-100
support for a highly secure and efficient firmware transport method over end-end mutually authenticated and encrypted channels via ockam-networking-libraries.
many more examples with test implementations for a variety of boards.

Documentation:

[todo!] - rustBoot-book goes here.

Acknowledgment:

rustBoot's design was influenced by wolfBoot. It borrows wolfBoot's reliable-update design idea and builds on it with rust's memory safety guarantees, safer parsing libraries, compile-time state-transition checks and easy integration with crates (such as boards, HALs drivers etc.) developed by the embedded-rust community.

Support:

For questions, issues, feature requests, and other changes, please file an issue in the github project.

License:

rustBoot is licensed under

MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

Contributing:

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the MIT license, shall be dual licensed as above, without any additional terms or conditions.

Comments

Add support for STM32F469 MCU in examples

Hello, and first of all, thanks for this great work.

I have tried to add support for the STM32F469 MCU in the STM HAL. This chip is used on the STM32F469-IDISCO board and supporting should be very close to the existing code implemented for STM32F411 and STM32F446. However, I am wondering how to adjust the value for the constant FW_RESET_VTR, for which the definition is based on an offset... [This offset is 0xA9 in the current STM446 implementation] (https://github.com/nihalpasham/rustBoot/blob/5a3cc7aa392abeb0ac322aa4279bba5a8eba7c6e/boards/hal/src/stm/stm32f446.rs#L15) ...and 0x99 in the STM411 implementation.

What is the meaning of this offset? How can I adjust this for STM32F469? In the STM32 programming manual (PM201), the vector table is identical regardless of the chip STM32F411 or STM32F446...
question board support

opened by lionelains 10

Added support for the RP2040 board

#19

Added and tested both secure boot and update firmware with QSPI enabled external flash-driver on RP2040 Pico Board.

Command line output

PS C:\Users\ELCOME\Documents\RustProjects\rustBoot-Abhishek\rustBoot> cargo rp2040 build-sign-flash rustBoot
    Finished dev [unoptimized + debuginfo] target(s) in 0.07s
     Running `target\debug\xtask.exe rp2040 build-sign-flash rustBoot`
$ cargo build --release
    Finished release [optimized] target(s) in 0.15s
$ cargo build --release
    Finished release [optimized] target(s) in 0.16s
$ cargo build --release
    Finished release [optimized] target(s) in 0.13s
$ py convert2bin.py
$ py signer.py
['sign.py', '--ecc256', '--sha256', 'rp2040_bootfw.bin', 'ecc256.der', '1234']
Update type:          Firmware
Input image:          rp2040_bootfw.bin
Selected cipher:      ecc256
Public key:           ecc256.der
Output image:         rp2040_bootfw_v1234_signed.bin
Not Encrypted
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created.
['sign.py', '--ecc256', '--sha256', 'rp2040_updtfw.bin', 'ecc256.der', '1235']
Update type:          Firmware
Input image:          rp2040_updtfw.bin
Selected cipher:      ecc256
Public key:           ecc256.der
Output image:         rp2040_updtfw_v1235_signed.bin
Not Encrypted
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created.
$ probe-rs-cli download --format Bin --base-address 0x10020000 --chip RP2040 rp2040_bootfw_v1234_signed.bin
     Erasing sectors ✔ [00:00:00] [##############################################################################]  4.00KiB/ 4.00KiB @ 22.56KiB/s (eta 0s )
 Programming pages   ✔ [00:00:00] [##############################################################################]  4.00KiB/ 4.00KiB @ 10.01KiB/s (eta 0s )
    Finished in 0.489s
$ probe-rs-cli download --format Bin --base-address 0x10040000 --chip RP2040 rp2040_updtfw_v1235_signed.bin
     Erasing sectors ✔ [00:00:00] [##############################################################################]  4.00KiB/ 4.00KiB @ 22.96KiB/s (eta 0s )
 Programming pages   ✔ [00:00:00] [##############################################################################]  4.00KiB/ 4.00KiB @  9.73KiB/s (eta 0s )
    Finished in 0.515s
$ cargo flash --chip RP2040 --release
    Finished release [optimized] target(s) in 0.13s
    Flashing C:\Users\ELCOME\Documents\RustProjects\rustBoot-Abhishek\rustBoot\boards\target\thumbv6m-none-eabi\release\rp2040
     Erasing sectors ✔ [00:00:00] [##############################################################################] 48.00KiB/48.00KiB @ 43.30KiB/s (eta 0s )
 Programming pages   ✔ [00:00:02] [##############################################################################] 48.00KiB/48.00KiB @  9.69KiB/s (eta 0s )
    Finished in 3.184s

board support block-device driver impls

opened by abhishekdhamale 4

Add a rust-based NVMC driver for the STM32F446RE board
In order to port rustBoot to the STM32F446RE board, we'll need to implement a flash-driver written in rust.

Sub-tasks:

[x] The flash driver should support lock and unlock flash operations.

[x] The flash driver must read, write and erase data-blocks from the device's internal flash memory.

[x] Finally, it must implement rustBoot's FlashInterface trait.

Additional notes:

You only need to implement the methods (of FlashInterface trait), applicable to your board.

board support block-device driver impls
opened by nihalpasham 4
Add support for STM32F469 MCU in examples (closes #64)
This PR allows running rustBoot and its example upgrade flow on the STM32F469-IDISCO board.

On this board, the sample rustBoot flash upgrade process is as follows: (it is executed when issuing cargo stm32f469 build-sign-flash rustBoot 1234 1235 from the command line)

Once the demo is flashed on the STM32F469-IDISCO board, press the reset (black button) of the board to start the execution

The green LED flashes 3 times (while the MCU is running the boot firmware corresponding to source file boards/firmware/stm32f469/boot_fw_blinky_green/src/main.rs)

A delay of a few seconds occurs while the update partition is transferred to the boot partition by rustBoot

The red LED flashes 3 times (the MCU is now running the update firmware corresponding to source file boards/firmware/stm32f469/updt_fw_blinky_red/src/main.rs)

As soon as the new firmware sets the flash success state, the blue LED turns on while the red LED continues flashing forever

Note
When I mention color LEDs above, I mean the front LEDs (next to the LCD screen) of the STM32F469-IDISCO board.

documentation enhancement board support
opened by lionelains 3

rust signing, support for rustBoot

rbsigner modified and created PR for #23.

Changelog:

removed python dependencies
modified xtask
removed hardcoded image version value now support with cli
signed images are located in the signed_images folder
string concatenation added for creating output image name with image version
few test cases added

rust signing, tested with hardware.

single command change to cargo [board] [build-sign-flash] [boot-ver] [updt-ver] rustBoot. Example cargo stm32h723 build-sign-flash 1234 1235 rustBoot

comand line output

$ cargo stm32h723 build-sign-flash 1234 1235 rustBoot
    Finished dev [unoptimized + debuginfo] target(s) in 0.10s
     Running `target/debug/xtask stm32h723 build-sign-flash 1234 1235 rustBoot`
$ cargo build --release
   Compiling version_check v0.9.4
   Compiling typenum v1.15.0
   ...
   ...
   Compiling rustBoot-update v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/boards/update)
    Finished release [optimized] target(s) in 53.55s
$ cargo build --release
   Compiling stm32h723_updtfw v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/boards/firmware/stm32h723/updt_fw_blinky_red)
    Finished release [optimized] target(s) in 1.54s
$ cargo build --release
   Compiling stm32h723 v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/boards/bootloaders/stm32h723)
    Finished release [optimized] target(s) in 2.25s
$ rust-objcopy -I elf32-littlearm ../../target/thumbv7em-none-eabihf/release/stm32h723_bootfw -O binary stm32h723_bootfw.bin
$ rust-objcopy -I elf32-littlearm ../../target/thumbv7em-none-eabihf/release/stm32h723_updtfw -O binary stm32h723_updtfw.bin
$ cargo run mcu-image ../boards/rbSigner/signed_images/stm32h723_bootfw.bin nistp256 ../boards/rbSigner/keygen/ecc256.der 1234
   Compiling rbsigner v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/rbsigner)
    Finished dev [unoptimized + debuginfo] target(s) in 0.59s
     Running `/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/target/debug/rbsigner mcu-image ../boards/rbSigner/signed_images/stm32h723_bootfw.bin nistp256 ../boards/rbSigner/keygen/ecc256.der 1234`

Update type       :Firmware
Curve type        :nistp256
Input image       :stm32h723_bootfw.bin
Public key        :ecc256.der
Image version     :1234
Output image      :stm32h723_bootfw_v1234_signed.bin
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created with 4608 bytes.

$ cargo run mcu-image ../boards/rbSigner/signed_images/stm32h723_updtfw.bin nistp256 ../boards/rbSigner/keygen/ecc256.der 1235
    Finished dev [unoptimized + debuginfo] target(s) in 0.05s
     Running `/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/target/debug/rbsigner mcu-image ../boards/rbSigner/signed_images/stm32h723_updtfw.bin nistp256 ../boards/rbSigner/keygen/ecc256.der 1235`

Update type       :Firmware
Curve type        :nistp256
Input image       :stm32h723_updtfw.bin
Public key        :ecc256.der
Image version     :1235
Output image      :stm32h723_updtfw_v1235_signed.bin
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created with 4624 bytes.

$ probe-rs-cli erase --chip stm32h723ZGTx
$ probe-rs-cli download --format Bin --base-address 0x8020000 --chip STM32H723ZGTx stm32h723_bootfw_v1234_signed.bin
     Erasing sectors ✔ [00:00:02] [############################] 128.00KiB/128.00KiB @ 63.21KiB/s (eta 0s )
 Programming pages   ✔ [00:00:00] [##############################]  5.00KiB/ 5.00KiB @  1.05KiB/s (eta 0s )
    Finished in 2.165s
$ probe-rs-cli download --format Bin --base-address 0x8060000 --chip STM32H723ZGTx stm32h723_updtfw_v1235_signed.bin
     Erasing sectors ✔ [00:00:01] [############################] 128.00KiB/128.00KiB @ 64.68KiB/s (eta 0s )
 Programming pages   ✔ [00:00:00] [##############################]  5.00KiB/ 5.00KiB @  1.08KiB/s (eta 0s )
    Finished in 2.117s
$ cargo flash --chip stm32h723ZGTx --release
    Finished release [optimized] target(s) in 0.08s
    Flashing /Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/boards/target/thumbv7em-none-eabihf/release/stm32h723
        WARN probe_rs::config::target > Using custom sequence for STM32H7
     Erasing sectors ✔ [00:00:01] [############################] 128.00KiB/128.00KiB @ 66.35KiB/s (eta 0s )
 Programming pages   ✔ [00:00:00] [##############################] 44.00KiB/44.00KiB @ 13.45KiB/s (eta 0s )
    Finished in 2.878s

signing-tools

opened by imrank03 3

Add support for a QSPI enabled flash-driver for the RP2040 board
In order to port rustBoot to the RP2040 board, we'll need to implement a flash-driver written in rust.

Sub-tasks:

[ ] The flash driver must write and erase data-blocks from the device's external flash memory.

[ ] More specifically, the RP2040 includes an Q-SPI flash chip, the flash driver must be a QSPI driver capable of performing block write and erase operations.

[ ] Finally, it must implement rustBoot's FlashInterface trait.

Additional notes:

You only need to implement the methods (of FlashInterface trait), applicable to your board.

board support block-device driver impls
opened by nihalpasham 3
Unknown command: python3 in wsl

Dear Nihal

I have an issue related to wsl and python3. when i run command

wsl python3 signer.py

and issue happens as below

$ python3 convert2bin.py $ wsl python3 signer.py Unknown command: python3 WSL Wsman Shell commandLine, version 0.2.1

USAGE: wsl COMMAND [PARAMS...]

COMMANDS: identify - WS-Identify enum - WS-Enumerate get - WS-Get put - WS-Put invoke - WS-Invoke xclean - Delete all files generated by this tool set xcred - Create or display credential file xcert - Get server certificate (saved to .crt)

PARAMS specification is specific to a COMMAND.

Output will be saved to ./response.xml. If you want to run parallel executions in the same directory, define RTFILEPREFIX in the environment. Doing so may significantly increase files generated.

Requires: curl, xmllint, GNU core utilities. Optional: xsltproc for output formatting, gpg for encrypted credential. Optional: wget as alternate for curl when not available. Error: command wsl python3 signer.py failed, exit status: 1 home@home:/media/home/3BBA6BB21611231A/data/Prj_Security/SourceCode/rustBoot-main/rustBoot$ python --version Python 3.6.9

I think python3 is not recognized in wsl even python3 is installed

https://www.codegrepper.com/code-examples/python/wsl+install+python+3.10 https://www.codegrepper.com/code-examples/shell/bash%3A+python%3A+command+not+found

Could you please support me fix issue related to wsl and python3

Dat Nguyen
question

opened by datnguyentien1981 3
how to build Rustboot for nrf52840 Development kit.

Dear Nihal

I have one nrf52840 kit purchased on market (https://infocenter.nordicsemi.com/pdf/nRF52840_DK_User_Guide_v1.2.pdf) and I try to modify test-firmware and build Rustboot with below command

cargo xtask build-sign-flash rustBoot nrf52840

as your comment in https://github.com/nihalpasham/rustBoot/tree/main/boards/test_impls/nrf52840 but currently, I have an issue as below.

nad6hc@VM-NAD6HC-OSD5:~/Prj_Security/SourceCode/rustBoot-main$ cargo xtask build-sign-flash rustBoot nrf52840 Compiling version_check v0.9.3 Compiling typenum v1.14.0 Compiling p256 v0.9.0 Compiling defmt-macros v0.2.3 ..................... Compiling rustBoot v0.1.0 (/home/nad6hc/Prj_Security/SourceCode/rustBoot-main/rustBoot)

error[E0554]: #![feature] may not be used on the stable release channel --> rustBoot/src/lib.rs:3:1 | 3 | #![feature(once_cell)] | ^^^^^^^^^^^^^^^^^^^^^^ For more information about this error, try rustc --explain E0554.

error: could not compile rustBoot due to previous error nad6hc@VM-NAD6HC-OSD5:~/Prj_Security/SourceCode/rustBoot-main$

could you please support me fix the issue in Rustboot.

Dat Nguyen
question

opened by datnguyentien1981 3

Test case added for "digest_tag_len", Made changes in stm32f334 flash driver indentation and Xtask

Test case added for "digest_tag_len" is passed

> Executing task: cargo test --package rbsigner --bin rbsigner -- mcusigner::tests::digest_tag_len_test --exact --nocapture <

   Compiling rbsigner v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/rbsigner)
    Finished test [unoptimized + debuginfo] target(s) in 1.45s
     Running unittests src/main.rs (target/debug/deps/rbsigner-788554ad0c9b6684)

running 1 test
test mcusigner::tests::digest_tag_len_test ... digest_tag: [0, 1]
digest_len: [0, 4]
ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 9 filtered out; finished in 0.00s


Terminal will be reused by tasks, press any key to close it.

Changes made in "version_tag_len"

> Executing task: cargo test --package rbsigner --bin rbsigner -- mcusigner::tests::version_tag_len_test --exact --nocapture <

    Finished test [unoptimized + debuginfo] target(s) in 0.07s
     Running unittests src/main.rs (target/debug/deps/rbsigner-788554ad0c9b6684)

running 1 test
test mcusigner::tests::version_tag_len_test ... version_tag: [0, 1]
version_len: [4, 0]
ok

test result: ok. 1 passed; 0 failed; 0 ignored; 0 measured; 9 filtered out; finished in 0.00s


Terminal will be reused by tasks, press any key to close it.

Xtask is modified and tested

sarathk@sarath:~/stm32f/pull_req/rustBoot$ cargo stm32f334 build-sign-flash rustBoot 1234 1235
    Finished dev [unoptimized + debuginfo] target(s) in 0.05s
     Running `target/debug/xtask stm32f334 build-sign-flash rustBoot 1234 1235`
$ cargo build --release
   Compiling rustBoot-hal v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/boards/hal)
   Compiling rustBoot-update v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/boards/update)
   Compiling stm32f334_bootfw v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/boards/firmware/stm32f334/boot_fw_blinky_green)
    Finished release [optimized] target(s) in 1.60s
$ cargo build --release
   Compiling stm32f334_updtfw v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/boards/firmware/stm32f334/updt_fw_blinky_red)
    Finished release [optimized] target(s) in 1.17s
$ cargo build --release
   Compiling defmt v0.3.2
   Compiling defmt-macros v0.3.2
   Compiling critical-section v0.2.7
   Compiling defmt-parser v0.3.1
   Compiling bare-metal v1.0.0
   Compiling bitflags v1.3.2
   Compiling defmt-rtt v0.3.2
   Compiling stm32f334 v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/boards/bootloaders/stm32f334)
   Compiling proc-macro-error-attr v1.0.4
   Compiling proc-macro-error v1.0.4
    Finished release [optimized] target(s) in 9.29s
$ rust-objcopy -I elf32-littlearm ../../target/thumbv7em-none-eabihf/release/stm32f334_bootfw -O binary stm32f334_bootfw.bin
$ rust-objcopy -I elf32-littlearm ../../target/thumbv7em-none-eabihf/release/stm32f334_updtfw -O binary stm32f334_updtfw.bin
$ cargo run mcu-image ../boards/sign_images/signed_images/stm32f334_bootfw.bin nistp256 ../boards/sign_images/keygen/ecc256.der 1234
   Compiling libc v0.2.126
   Compiling filetime v0.2.17
   Compiling rustBoot v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/rustBoot)
   Compiling rbsigner v0.1.0 (/home/sarathk/stm32f/pull_req/rustBoot/rbsigner)
    Finished dev [unoptimized + debuginfo] target(s) in 3.89s
     Running `/home/sarathk/stm32f/pull_req/rustBoot/target/debug/rbsigner mcu-image ../boards/sign_images/signed_images/stm32f334_bootfw.bin nistp256 ../boards/sign_images/keygen/ecc256.der 1234`

Update type:    Firmware
Curve type:       nistp256
Input image:      stm32f334_bootfw.bin
Public key:       ecc256.der
Image version:    1234
Output image:     stm32f334_bootfw_v1234_signed.bin
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created with 2508 bytes.

$ cargo run mcu-image ../boards/sign_images/signed_images/stm32f334_updtfw.bin nistp256 ../boards/sign_images/keygen/ecc256.der 1235
    Finished dev [unoptimized + debuginfo] target(s) in 0.04s
     Running `/home/sarathk/stm32f/pull_req/rustBoot/target/debug/rbsigner mcu-image ../boards/sign_images/signed_images/stm32f334_updtfw.bin nistp256 ../boards/sign_images/keygen/ecc256.der 1235`

Update type:    Firmware
Curve type:       nistp256
Input image:      stm32f334_updtfw.bin
Public key:       ecc256.der
Image version:    1235
Output image:     stm32f334_updtfw_v1235_signed.bin
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created with 2484 bytes.

$ probe-rs-cli erase --chip stm32f334r8tx
$ probe-rs-cli download --format Bin --base-address 0x800b800 --chip stm32f334r8tx stm32f334_bootfw_v1234_signed.bin
     Erasing sectors ✔ [00:00:01] [################################################################################################]  4.00KiB/ 4.00KiB @  1.81KiB/s (eta 0s )
 Programming pages   ✔ [00:00:02] [################################################################################################]  3.00KiB/ 3.00KiB @     557B/s (eta 0s )
    Finished in 4.483s
$ probe-rs-cli download --format Bin --base-address 0x800d000 --chip stm32f334r8tx stm32f334_updtfw_v1235_signed.bin
     Erasing sectors ✔ [00:00:01] [################################################################################################]  4.00KiB/ 4.00KiB @  1.85KiB/s (eta 0s )
 Programming pages   ✔ [00:00:02] [################################################################################################]  3.00KiB/ 3.00KiB @     554B/s (eta 0s )
    Finished in 4.491s
$ cargo flash --chip stm32f334r8tx --release
    Finished release [optimized] target(s) in 0.08s
    Flashing /home/sarathk/stm32f/pull_req/rustBoot/boards/target/thumbv7em-none-eabihf/release/stm32f334
     Erasing sectors ✔ [00:00:10] [################################################################################################] 44.00KiB/44.00KiB @  4.03KiB/s (eta 0s )
 Programming pages   ✔ [00:00:20] [################################################################################################] 43.00KiB/43.00KiB @  1.31KiB/s (eta 0s )
    Finished in 31.232s

opened by sarath3192 2

Flashdriver and rustBoot support was added for stm32f334 board and conflicts resolved
#20 New board added

Command : cargo stm32f334 build rustBoot-only

sarathk@sarath:~/stm32f/PULL_REQUEST/rustBoot$ cargo stm32f334 build rustBoot-only Finished dev [unoptimized + debuginfo] target(s) in 0.05s Running target/debug/xtask stm32f334 build rustBoot-only $ cargo build --release Compiling version_check v0.9.4 Compiling autocfg v1.1.0 Compiling typenum v1.15.0 ... ... Comp Compiling ecdsa v0.13.4 Compiling p256 v0.10.1 Compiling rustBoot v0.1.0 (/home/sarathk/stm32f/PULL_REQUEST/rustBoot/rustBoot) Compiling rustBoot-hal v0.1.0 (/home/sarathk/stm32f/PULL_REQUEST/rustBoot/boards/hal) Compiling rustBoot-update v0.1.0 (/home/sarathk/stm32f/PULL_REQUEST/rustBoot/boards/update) Finished release [optimized] target(s) in 1m 38s

Command : cargo stm32f334 build pkgs-for

sarathk@sarath:~/stm32f/PULL_REQUEST/rustBoot$ cargo stm32f334 build pkgs-for Finished dev [unoptimized + debuginfo] target(s) in 0.05s Running target/debug/xtask stm32f334 build pkgs-for $ cargo build --release Compiling panic-probe v0.3.0 Compiling stm32f334_bootfw v0.1.0 (/home/sarathk/stm32f/PULL_REQUEST/rustBoot/boards/firmware/stm32f334/boot_fw_blinky_green) Finished release [optimized] target(s) in 1.79s $ cargo build --release Compiling stm32f334_updtfw v0.1.0 (/home/sarathk/stm32f/PULL_REQUEST/rustBoot/boards/firmware/stm32f334/updt_fw_blinky_red) Finished release [optimized] target(s) in 1.13s $ cargo build --release Finished release [optimized] target(s) in 0.15s

Command : cargo stm32f334 sign pkgs-for

sarathk@sarath:~/stm32f/PULL_REQUEST/rustBoot$ cargo stm32f334 sign pkgs-for Finished dev [unoptimized + debuginfo] target(s) in 0.06s Running target/debug/xtask stm32f334 sign pkgs-for $ python3 convert2bin.py $ python3 signer.py ['sign.py', '--ecc256', '--sha256', 'stm32f334_updtfw.bin', 'ecc256.der', '1235'] Update type: Firmware Input image: stm32f334_updtfw.bin Selected cipher: ecc256 Public key: ecc256.der Output image: stm32f334_updtfw_v1235_signed.bin Not Encrypted Calculating sha256 digest... Signing the firmware... Done. Output image successfully created. ['sign.py', '--ecc256', '--sha256', 'stm32f334_bootfw.bin', 'ecc256.der', '1234'] Update type: Firmware Input image: stm32f334_bootfw.bin Selected cipher: ecc256 Public key: ecc256.der Output image: stm32f334_bootfw_v1234_signed.bin Not Encrypted Calculating sha256 digest... Signing the firmware... Done. Output image successfully created.
board support block-device driver impls
opened by sarath3192 2

New board stm32f746zg added.

#31 added and tested both secure boot and update firmware.

-Command line output

udayakumar@udayakumar-VirtualBox:~/devspace/rustBoot$ cargo stm32f746 build rustBoot-only
   Compiling xtask v0.1.0 (/home/udayakumar/devspace/rustBoot/xtask)
    Finished dev [unoptimized + debuginfo] target(s) in 0.46s
     Running `target/debug/xtask stm32f746 build rustBoot-only`
$ cargo build --release
   Compiling version_check v0.9.4
   Compiling typenum v1.15.0
   Compiling proc-macro2 v1.0.40
   Compiling unicode-ident v1.0.1
   ...
   ...
    Finished release [optimized] target(s) in 40.61s
udayakumar@udayakumar-VirtualBox:~/devspace/rustBoot$ cargo stm32f746 build pkgs-for
    Finished dev [unoptimized + debuginfo] target(s) in 0.03s
     Running `target/debug/xtask stm32f746 build pkgs-for`
$ cargo build --release
   Compiling stm32f746_bootfw v0.1.0 (/home/udayakumar/devspace/rustBoot/boards/firmware/stm32f746/boot_fw_blinky_green)
    Finished release [optimized] target(s) in 0.93s
$ cargo build --release
   Compiling stm32f746_updtfw v0.1.0 (/home/udayakumar/devspace/rustBoot/boards/firmware/stm32f746/updt_fw_blinky_red)
    Finished release [optimized] target(s) in 0.93s
$ cargo build --release

    Finished release [optimized] target(s) in 0.07s
udayakumar@udayakumar-VirtualBox:~/devspace/rustBoot$ cargo stm32f746 sign pkgs-for
    Finished dev [unoptimized + debuginfo] target(s) in 0.03s
     Running `target/debug/xtask stm32f746 sign pkgs-for`
$ python3 convert2bin.py
$ python3 signer.py
['sign.py', '--ecc256', '--sha256', 'stm32f746_updtfw.bin', 'ecc256.der', '1235']
Update type:          Firmware
Input image:          stm32f746_updtfw.bin
Selected cipher:      ecc256
Public key:           ecc256.der
Output image:         stm32f746_updtfw_v1235_signed.bin
Not Encrypted
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created.
['sign.py', '--ecc256', '--sha256', 'stm32f746_bootfw.bin', 'ecc256.der', '1234']
Update type:          Firmware
Input image:          stm32f746_bootfw.bin
Selected cipher:      ecc256
Public key:           ecc256.der
Output image:         stm32f746_bootfw_v1234_signed.bin
Not Encrypted
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created.
udayakumar@udayakumar-VirtualBox:~/devspace/rustBoot$ 


udayakumar@udayakumar-VirtualBox:~/devspace/rustBoot/boards/target/thumbv7em-none-eabihf/release$ probe-run stm32f746 --chip stm32f746zgtx
(HOST) INFO  flashing program (43 pages / 43.00 KiB)
(HOST) INFO  success!
────────────────────────────────────────────────────────────────────────────────

board support block-device driver impls

opened by UdayakumarHidakal 2

Build a prototype impl for a firmware distribution platform using ockam's secure channels
firmware distribution platform using Ockam secure channels.

sub-tasks

Using ockam secure channels -

[ ] send and receive messages over a local network.

[ ] send and receive messages over the internet.

[ ] distribute firmware files over the internet.

secure channels
opened by sarath3192 0
Support for NRF9160DK
Add support for NRF9160 board

Implement the Hal flash driver for NRF9160 board

[ ] Search for the well maintained HAL crate for the board

[ ] Get the Blinky code working

[ ] Get the write and erase functions working on the flash

[ ] Integrate the write and erase functions in rust boot

[ ] Create the Boot and Update firmware using different LEDs

[ ] Integrate and Test the rustBoot project for the NRF9160 board

board support block-device driver impls
opened by Strange21 0
Add a rust-based secure element "NXP SE050" driver for ARM TrustZone-M and A
Need to implement a secure element NXP SE050 driver with support for ARM TrustZone-M.

Sub-tasks:

[ ] I2C driver for NXP's crypto authentication HW (i.e. secure element NXP SE050).

[ ] A method for sending commands to the NXP SE050 and retrieving the associated response.

[ ] rustBoot demonstration with secure element.

[ ] ARM TrustZone-M

crypto secure element
opened by imrank03 0
Rust based driver development for secure element STSAFE-A100
STSAFE-A100 The STSAFE-A100 is a highly secure solution that acts as a secure element providing authentication and data management services to a local or remote host.

Features

Authentication .

Secure channel establishment with remote host including transport layer security (TLS) handshake.

Signature verification service (secure boot and firmware upgrade).

Usage monitoring with secure counters Pairing and secure channel with host application processor.

Wrapping and unwrapping of local or remote host envelopes.

On-chip key pair generation.

sub-tasks

[ ] I2C driver for STSAFE-A100 crypto authentication HW .

[ ] A method for sending commands to the STSAFE-A100 and retrieving the associated response.

[ ] rustBoot demonstration with secure element.

Note: Communication between the host and STSAFE-A100 will be through I²C-bus slave interface with 7 bit addressing mode up to 400kbps transmission speed.
crypto secure element
opened by yashwanthsinghm 1
Upgrade board specific dependencies

If I try to upgrade board specific dependencies I get Cortex-m-rt conflicts error, because all board specific dependencies depend on Cortex-m-rt version number 0.6.15. All board specific and Cortex-m-rt dependencies need to be updated.
board support

opened by imrank03 1