rustBoot image signing tools

[nihalpasham]

rustBoot image signing tools

[imrank03]

Acknowledged.

[yashwanthsinghm]

Acknowledged

[yashwanthsinghm]

1. Singing tool was written in rust.
2. Private key and Public key were taken from ecc256.der to sign and verify the image respectively.
3. Test was performed to verify the authenticity .
4. The image were signed and then it was verified using the public key in the same Signing tool where the signing logic was written.
5. The image got verified successfully.

Result from SigningTool

PS D:\Bosch\git_signingtool\Signingtool> cargo run --example test .\stm32f411_bootfw.bin
   Compiling rbsigner v0.1.0 (D:\Bosch\git_signingtool\Signingtool)
    Finished dev [unoptimized + debuginfo] target(s) in 1.74s       
     Running `target\debug\examples\test.exe .\stm32f411_bootfw.bin`
Binary hash1: [167, 142, 69, 57, 38, 138, 112, 67, 201, 232, 9, 106, 19, 129, 146, 61, 184, 135, 37, 157, 203, 47, 125, 205, 90, 250, 130, 112, 99, 
48, 60, 217] 

public key and private key : [116, 191, 93, 233, 248, 105, 105, 68, 53, 174, 183, 57, 111, 161, 64, 17, 182, 161, 127, 45, 138, 134, 185, 88, 188, 74, 81, 247, 243, 15, 35, 119, 120, 14, 17, 70, 149, 58, 29, 223, 105, 205, 52, 35, 254, 99, 5, 21, 48, 67, 187, 158, 117, 99, 224, 65, 106, 112, 206, 22, 10, 96, 42, 56, 83, 206, 126, 93, 64, 168, 190, 202, 227, 223, 127, 159, 179, 7, 26, 147, 249, 82, 71, 48, 204, 48, 230, 7, 28, 231, 252, 144, 125, 94, 88, 160] 

signature: ecdsa::Signature<NistP256>([189, 242, 103, 160, 160, 43, 254, 104, 167, 217, 16, 76, 181, 46, 104, 193, 51, 29, 121, 201, 254, 123, 235, 
118, 201, 209, 248, 157, 62, 215, 55, 92, 77, 189, 31, 197, 204, 104, 248, 215, 21, 225, 6, 80, 244, 222, 230, 157, 241, 251, 36, 190, 155, 65, 102, 159, 110, 226, 60, 204, 105, 101, 201, 156]) 

signature : BDF267A0A02BFE68A7D9104CB52E68C1331D79C9FE7BEB76C9D1F89D3ED7375C4DBD1FC5CC68F8D715E10650F4DEE69DF1FB24BE9B41669F6EE23CCC6965C99C        

verification result :true
rustBoot header RBHeader { buffer: [52, 55, 53, 54, 28, 7, 0, 0, 1, 0, 4, 0, d3, 4, 0, 0, ff, ff, ff, ff, 2, 0, 8, 0, de, 2b, 16, 62, 0, 0, 0, 0, 4, 0, 2, 0, 1, 2, ff, ff, ff, ff, ff, ff, 3, 0, 20, 0, a7, 8e, 45, 39, 26, 8a, 70, 43, c9, e8, 9, 6a, 13, 81, 92, 3d, b8, 87, 25, 9d, cb, 2f, 7d, cd, 
5a, fa, 82, 70, 63, 30, 3c, d9, 10, 0, 20, 0, 6, 6e, 19, 55, 17, e5, c0, 3, 82, a2, aa, c8, 7d, 8, 9a, 40, ec, 1f, 1a, 47, a2, d7, a5, c9, 82, c9, 63, 92, af, 24, 9d, 2b, 20, 0, 40, 0, bd, f2, 67, a0, a0, 2b, fe, 68, a7, d9, 10, 4c, b5, 2e, 68, c1, 33, 1d, 79, c9, fe, 7b, eb, 76, c9, d1, f8, 9d, 3e, d7, 37, 5c, 4d, bd, 1f, c5, cc, 68, f8, d7, 15, e1, 6, 50, f4, de, e6, 9d, f1, fb, 24, be, 9b, 41, 66, 9f, 6e, e2, 3c, cc, 69, 65, c9, 9c, ff, 
ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, 
ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, 0, 0] }

Testing on Hardware

1. Signed image was flashed to stm32f411.
2. During booting firmware Integrity test passed while authentication failed.As the bootloader failed to verify the image using the public key.

Result from Bootloader

PS D:\bosch\git_rustBoot\rustBoot\boards\target\thumbv7em-none-eabihf\release> probe-run stm32f411 --chip stm32f411vetx       
(HOST) WARN  insufficient DWARF info; compile your program with `debug = 2` to enable location info
(HOST) INFO  flashing program (42 pages / 42.00 KiB)
(HOST) INFO  success!
────────────────────────────────────────────────────────────────────────────────
parse_tlv = [161, 80, 231, 200, 200, 124, 101, 218, 168, 183, 17, 62, 76, 135, 95, 86, 156, 107, 134, 98, 254, 69, 150, 166, 60, 68, 2, 146, 209, 175, 252, 230, 42, 253, 201, 119, 215, 1, 95, 114, 39, 236, 53, 160, 201, 21, 67, 85, 196, 149, 28, 154, 102, 66, 194, 119, 131, 228, 85, 154, 242, 48, 176, 61]
stored_signature
img_type_val  [1, 2]
val  513
after if val
computed hash = Some(2000f94c)
resfalse
ERROR panicked at 'all boot options exhausted', D:\bosch\git_rustBoot\rustBoot\boards\update\src\update\update_flash.rs:303:33
────────────────────────────────────────────────────────────────────────────────
stack backtrace:
   0: HardFaultTrampoline
      <exception entry>
   1: lib::inline::__udf
        at ./asm/inline.rs:181:5
   2: __udf
        at ./asm/lib.rs:51:17
   3: cortex_m::asm::udf
   4: rust_begin_unwind
   5: core::panicking::panic_fmt
        at /rustc/734368a200904ef9c21db86c595dc04263c87be0/library/core/src/panicking.rs:143:14
   6: core::panicking::panic
        at /rustc/734368a200904ef9c21db86c595dc04263c87be0/library/core/src/panicking.rs:48:5
   7: <&rustBoot_update::update::update_flash::FlashUpdater<Interface> as rustBoot_update::update::UpdateInterface>::rustboot_start   8: stm32f411::__cortex_m_rt_main
   9: main
  10: ResetTrampoline
  11: Reset
(HOST) ERROR the program panicked

Result from rust signing tool

Firmware authentication failed.

yashwanthsingh@Yashwanths-MBP release % probe-run stm32f411 --chip stm32f411vetx
(HOST) WARN  insufficient DWARF info; compile your program with `debug = 2` to enable location info
(HOST) INFO  flashing program (44 pages / 44.00 KiB)
(HOST) INFO  success!
────────────────────────────────────────────────────────────────────────────────
integrity check done
verify_authenticity function 
stored signature [161, 80, 231, 200, 200, 124, 101, 218, 168, 183, 17, 62, 76, 135, 95, 86, 156, 107, 134, 98, 254, 69, 150, 166, 60, 68, 2, 146, 209, 175, 252, 230, 42, 253, 201, 119, 215, 1, 95, 114, 39, 236, 53, 160, 201, 21, 67, 85, 196, 149, 28, 154, 102, 66, 194, 119, 131, 228, 85, 154, 242, 48, 176, 61]
ecc256_verifier_result : false 
────────────────────────────────

Result from python signing tool

yashwanthsingh@Yashwanths-MBP release % probe-run stm32f411 --chip stm32f411vetx
(HOST) WARN  insufficient DWARF info; compile your program with `debug = 2` to enable location info
(HOST) INFO  flashing program (44 pages / 44.00 KiB)
(HOST) INFO  success!
────────────────────────────────────────────────────────────────────────────────
integrity check done
verify_authenticity function 
stored signature [48, 9, 230, 175, 7, 110, 134, 143, 114, 219, 3, 55, 118, 105, 225, 101, 103, 190, 107, 229, 36, 203, 239, 74, 38, 117, 217, 207, 114, 250, 185, 127, 136, 108, 104, 146, 20, 212, 153, 202, 248, 222, 12, 61, 114, 63, 212, 162, 0, 253, 209, 14, 96, 64, 24, 218, 70, 31, 186, 205, 37, 185, 61, 40]
ecc256_verifier_result : true 
auth_checktrue
integrity check done
verify_authenticity function 
stored signature [48, 74, 254, 60, 63, 57, 18, 81, 233, 129, 30, 155, 159, 0, 105, 68, 120, 92, 95, 68, 97, 76, 199, 21, 206, 254, 232, 66, 218, 192, 77, 38, 155, 185, 118, 254, 15, 134, 52, 59, 237, 101, 117, 126, 221, 46, 160, 246, 154, 129, 172, 219, 221, 193, 189, 153, 97, 79, 228, 84, 246, 125, 13, 50]
ecc256_verifier_result : true 
auth_checktrue

[yashwanthsinghm]

Here is new branch for signing rustBoot.
https://github.com/yashwanthsinghm/rustBoot/tree/rustSigning

[yashwanthsinghm]

Separate repository is created to test and update the signing tool.Final changes will be ported to main rustBoot project.

https://github.com/yashwanthsinghm/Signingtool

[nihalpasham]

checkout mcusigner branch for the updated implementation.

[Strange21]

Tested mcusigner Branch, for STM32F446 board, Everything is OK.
Build-sign-flash command is working fine.

[UdayakumarHidakal]

• Tested mcusigner branch for stm32f746 board, cargo [board] build-sign-flash rustBoot [boot-version] [update-version] command is working fine.

[abhishekdhamale]

Tested cargo [board] build-sign-flash rustBoot [boot-version] [update-version] command with latest rustup update and working OK.

[yashwanthsinghm]

Tested mcusigner branch for stm32f411 board, cargo [board] build-sign-flash rustBoot [boot-version] [update-version].Everything working fine.

[sarath3192]

Tested mcusigner branch for stm32f334 board, cargo [board] build-sign-flash rustBoot [boot-version] [update-version].Everything working fine.