/armory-boot

USB armory - boot loader

Primary LanguageGoBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Introduction

This TamaGo based unikernel acts as a primary boot loader for the USB armory Mk II, allowing boot of kernel images (e.g. Linux) from either the eMMC card or an external microSD card.

Compiling

Build the TamaGo compiler (or use the latest binary release):

git clone https://github.com/f-secure-foundry/tamago-go -b latest
cd tamago-go/src && ./all.bash
cd ../bin && export TAMAGO=`pwd`/go

The BOOT environment variable must be set to either uSD or eMMC to configure the bootloader media for /boot/armory-boot.conf, as well as kernel images, location.

The START environment variable must be set to the offset of the first valid ext4 partition where /boot/armory-boot.conf is located (typically 5242880 for USB armory Mk II default pre-compiled images).

The CONSOLE environment variable may be set to on to enable serial logging when a debug accessory is connected.

Build the armory-boot.imx application executable:

git clone https://github.com/f-secure-foundry/armory-boot && cd armory-boot
make CROSS_COMPILE=arm-none-eabi- imx BOOT=uSD START=5242880

Installing

The armory-boot.imx file can be flashed on the internal eMMC card or an external micro SD card as shown in these instructions.

Configuration

The bootloader expects a single configuration file to read information on the command line, kernel and device tree blob paths along with their SHA256 checksum for validation.

Example /boot/armory-boot.conf configuration file:

{
  "kernel": [
    "/boot/zImage-5.4.51-0-usbarmory",
    "aceb3514d5ba6ac591a7d5f2cad680e83a9f848d19763563da8024f003e927c7"
  ],
  "dtb": [
    "/boot/imx6ulz-usbarmory-default-5.4.51-0.dtb",
    "60d4fe465ef60042293f5723bf4a001d8e75f26e517af2b55e6efaef9c0db1f6"
  ],
  "cmdline": "console=ttymxc1,115200 root=/dev/mmcblk1p1 rootwait rw"
}

Secure Boot

On secure booted systems the imx_signed target should be used instead with the relevant HAB_KEYS set.

Additionally, to maintain the chain of trust, the PUBLIC_KEY environment variable must be set with either a signify or minisign public key to enable configuration file signature verification.

Example key generation (signify):

signify -G -p armory-boot.pub -s armory-boot.sec

Example key generation (minisign):

minisign -G -p armory-boot.pub -s armory-boot.sec

Compilation with embedded key:

make CROSS_COMPILE=arm-none-eabi- imx_signed BOOT=uSD START=5242880 PUBLIC_KEY=<last line of armory-boot.pub> HAB_KEYS=<path>

When armory-boot is compiled with the PUBLIC_KEY variable, a signature for the configuration file must be created in /boot/armory-boot.conf.sig using with the corresponding secret key.

Example signature generation (signify):

signify -S -s armory-boot.sec -m armory-boot.conf -x armory-boot.conf.sig

Example signature generation (minisign):

minisign -S -s armory-boot.sec -m armory-boot.conf -x armory-boot.conf.sig

Authors

Andrea Barisani
andrea.barisani@f-secure.com | andrea@inversepath.com

License

armory-boot | https://github.com/f-secure-foundry/armory-boot
Copyright (c) F-Secure Corporation

These source files are distributed under the BSD-style license found in the LICENSE file.