rustBoot image signing tools
nihalpasham opened this issue · 11 comments
Acknowledged.
Acknowledged
- Singing tool was written in rust.
- Private key and Public key were taken from ecc256.der to sign and verify the image respectively.
- Test was performed to verify the authenticity .
- The image were signed and then it was verified using the public key in the same Signing tool where the signing logic was written.
- The image got verified successfully.
Result from SigningTool
PS D:\Bosch\git_signingtool\Signingtool> cargo run --example test .\stm32f411_bootfw.bin
Compiling rbsigner v0.1.0 (D:\Bosch\git_signingtool\Signingtool)
Finished dev [unoptimized + debuginfo] target(s) in 1.74s
Running `target\debug\examples\test.exe .\stm32f411_bootfw.bin`
Binary hash1: [167, 142, 69, 57, 38, 138, 112, 67, 201, 232, 9, 106, 19, 129, 146, 61, 184, 135, 37, 157, 203, 47, 125, 205, 90, 250, 130, 112, 99,
48, 60, 217]
public key and private key : [116, 191, 93, 233, 248, 105, 105, 68, 53, 174, 183, 57, 111, 161, 64, 17, 182, 161, 127, 45, 138, 134, 185, 88, 188, 74, 81, 247, 243, 15, 35, 119, 120, 14, 17, 70, 149, 58, 29, 223, 105, 205, 52, 35, 254, 99, 5, 21, 48, 67, 187, 158, 117, 99, 224, 65, 106, 112, 206, 22, 10, 96, 42, 56, 83, 206, 126, 93, 64, 168, 190, 202, 227, 223, 127, 159, 179, 7, 26, 147, 249, 82, 71, 48, 204, 48, 230, 7, 28, 231, 252, 144, 125, 94, 88, 160]
signature: ecdsa::Signature<NistP256>([189, 242, 103, 160, 160, 43, 254, 104, 167, 217, 16, 76, 181, 46, 104, 193, 51, 29, 121, 201, 254, 123, 235,
118, 201, 209, 248, 157, 62, 215, 55, 92, 77, 189, 31, 197, 204, 104, 248, 215, 21, 225, 6, 80, 244, 222, 230, 157, 241, 251, 36, 190, 155, 65, 102, 159, 110, 226, 60, 204, 105, 101, 201, 156])
signature : BDF267A0A02BFE68A7D9104CB52E68C1331D79C9FE7BEB76C9D1F89D3ED7375C4DBD1FC5CC68F8D715E10650F4DEE69DF1FB24BE9B41669F6EE23CCC6965C99C
verification result :true
rustBoot header RBHeader { buffer: [52, 55, 53, 54, 28, 7, 0, 0, 1, 0, 4, 0, d3, 4, 0, 0, ff, ff, ff, ff, 2, 0, 8, 0, de, 2b, 16, 62, 0, 0, 0, 0, 4, 0, 2, 0, 1, 2, ff, ff, ff, ff, ff, ff, 3, 0, 20, 0, a7, 8e, 45, 39, 26, 8a, 70, 43, c9, e8, 9, 6a, 13, 81, 92, 3d, b8, 87, 25, 9d, cb, 2f, 7d, cd,
5a, fa, 82, 70, 63, 30, 3c, d9, 10, 0, 20, 0, 6, 6e, 19, 55, 17, e5, c0, 3, 82, a2, aa, c8, 7d, 8, 9a, 40, ec, 1f, 1a, 47, a2, d7, a5, c9, 82, c9, 63, 92, af, 24, 9d, 2b, 20, 0, 40, 0, bd, f2, 67, a0, a0, 2b, fe, 68, a7, d9, 10, 4c, b5, 2e, 68, c1, 33, 1d, 79, c9, fe, 7b, eb, 76, c9, d1, f8, 9d, 3e, d7, 37, 5c, 4d, bd, 1f, c5, cc, 68, f8, d7, 15, e1, 6, 50, f4, de, e6, 9d, f1, fb, 24, be, 9b, 41, 66, 9f, 6e, e2, 3c, cc, 69, 65, c9, 9c, ff,
ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff,
ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, ff, 0, 0] }
Testing on Hardware
- Signed image was flashed to stm32f411.
- During booting firmware Integrity test passed while authentication failed.As the bootloader failed to verify the image using the public key.
Result from Bootloader
PS D:\bosch\git_rustBoot\rustBoot\boards\target\thumbv7em-none-eabihf\release> probe-run stm32f411 --chip stm32f411vetx
(HOST) WARN insufficient DWARF info; compile your program with `debug = 2` to enable location info
(HOST) INFO flashing program (42 pages / 42.00 KiB)
(HOST) INFO success!
────────────────────────────────────────────────────────────────────────────────
parse_tlv = [161, 80, 231, 200, 200, 124, 101, 218, 168, 183, 17, 62, 76, 135, 95, 86, 156, 107, 134, 98, 254, 69, 150, 166, 60, 68, 2, 146, 209, 175, 252, 230, 42, 253, 201, 119, 215, 1, 95, 114, 39, 236, 53, 160, 201, 21, 67, 85, 196, 149, 28, 154, 102, 66, 194, 119, 131, 228, 85, 154, 242, 48, 176, 61]
stored_signature
img_type_val [1, 2]
val 513
after if val
computed hash = Some(2000f94c)
resfalse
ERROR panicked at 'all boot options exhausted', D:\bosch\git_rustBoot\rustBoot\boards\update\src\update\update_flash.rs:303:33
────────────────────────────────────────────────────────────────────────────────
stack backtrace:
0: HardFaultTrampoline
<exception entry>
1: lib::inline::__udf
at ./asm/inline.rs:181:5
2: __udf
at ./asm/lib.rs:51:17
3: cortex_m::asm::udf
4: rust_begin_unwind
5: core::panicking::panic_fmt
at /rustc/734368a200904ef9c21db86c595dc04263c87be0/library/core/src/panicking.rs:143:14
6: core::panicking::panic
at /rustc/734368a200904ef9c21db86c595dc04263c87be0/library/core/src/panicking.rs:48:5
7: <&rustBoot_update::update::update_flash::FlashUpdater<Interface> as rustBoot_update::update::UpdateInterface>::rustboot_start 8: stm32f411::__cortex_m_rt_main
9: main
10: ResetTrampoline
11: Reset
(HOST) ERROR the program panicked
Result from rust signing tool
Firmware authentication failed.
yashwanthsingh@Yashwanths-MBP release % probe-run stm32f411 --chip stm32f411vetx
(HOST) WARN insufficient DWARF info; compile your program with `debug = 2` to enable location info
(HOST) INFO flashing program (44 pages / 44.00 KiB)
(HOST) INFO success!
────────────────────────────────────────────────────────────────────────────────
integrity check done
verify_authenticity function
stored signature [161, 80, 231, 200, 200, 124, 101, 218, 168, 183, 17, 62, 76, 135, 95, 86, 156, 107, 134, 98, 254, 69, 150, 166, 60, 68, 2, 146, 209, 175, 252, 230, 42, 253, 201, 119, 215, 1, 95, 114, 39, 236, 53, 160, 201, 21, 67, 85, 196, 149, 28, 154, 102, 66, 194, 119, 131, 228, 85, 154, 242, 48, 176, 61]
ecc256_verifier_result : false
────────────────────────────────
Result from python signing tool
yashwanthsingh@Yashwanths-MBP release % probe-run stm32f411 --chip stm32f411vetx
(HOST) WARN insufficient DWARF info; compile your program with `debug = 2` to enable location info
(HOST) INFO flashing program (44 pages / 44.00 KiB)
(HOST) INFO success!
────────────────────────────────────────────────────────────────────────────────
integrity check done
verify_authenticity function
stored signature [48, 9, 230, 175, 7, 110, 134, 143, 114, 219, 3, 55, 118, 105, 225, 101, 103, 190, 107, 229, 36, 203, 239, 74, 38, 117, 217, 207, 114, 250, 185, 127, 136, 108, 104, 146, 20, 212, 153, 202, 248, 222, 12, 61, 114, 63, 212, 162, 0, 253, 209, 14, 96, 64, 24, 218, 70, 31, 186, 205, 37, 185, 61, 40]
ecc256_verifier_result : true
auth_checktrue
integrity check done
verify_authenticity function
stored signature [48, 74, 254, 60, 63, 57, 18, 81, 233, 129, 30, 155, 159, 0, 105, 68, 120, 92, 95, 68, 97, 76, 199, 21, 206, 254, 232, 66, 218, 192, 77, 38, 155, 185, 118, 254, 15, 134, 52, 59, 237, 101, 117, 126, 221, 46, 160, 246, 154, 129, 172, 219, 221, 193, 189, 153, 97, 79, 228, 84, 246, 125, 13, 50]
ecc256_verifier_result : true
auth_checktrue
Here is new branch for signing rustBoot.
https://github.com/yashwanthsinghm/rustBoot/tree/rustSigning
Separate repository is created to test and update the signing tool.Final changes will be ported to main rustBoot project.
checkout mcusigner
branch for the updated implementation.
Tested mcusigner Branch, for STM32F446 board, Everything is OK.
Build-sign-flash command is working fine.
- Tested mcusigner branch for
stm32f746
board,cargo [board] build-sign-flash rustBoot [boot-version] [update-version]
command is working fine.
Tested cargo [board] build-sign-flash rustBoot [boot-version] [update-version]
command with latest rustup update
and working OK.
Tested mcusigner branch for stm32f411 board, cargo [board] build-sign-flash rustBoot [boot-version] [update-version].Everything working fine.
Tested mcusigner branch for stm32f334 board, cargo [board] build-sign-flash rustBoot [boot-version] [update-version].Everything working fine.