• State Verified Answer
  • Replies 3 replies
  • Subscribers 74 subscribers
  • Views 708 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 326070
Options

How provision partition is used in net core bootloader ?

darshan.patel

Hello Team,

I have few question related to network core bootloader.

1. Does b0n verify net core image signature before booting ?

2. who uses provision partition here and how  https://github.com/nrfconnect/sdk-nrf/blob/main/samples/nrf5340/netboot/pm.yml#L9 ?

3. validation_data.py seems to add signature and public key at the end of binary. does b0n read that verify ?

python3 nrf/scripts/bootloader/hash.py
--in build/hci_ipc/zephyr/app.hex > build/hci_ipc/zephyr/nrf/subsys/bootloader/generated/app_firmware.sha256 

python3 nrf/scripts/bootloader/do_sign.py
--private-key build/hci_ipc/zephyr/GENERATED_NON_SECURE_SIGN_KEY_PRIVATE.pem
--in build/hci_ipc/zephyr/nrf/subsys/bootloader/generated/app_firmware.sha256 > build/hci_ipc/zephyr/nrf/subsys/bootloader/generated/app_firmware.signature

python3 nrf/scripts/bootloader/validation_data.py
--input build/hci_ipc/zephyr/app.hex
--output-hex build/hci_ipc/zephyr/signed_by_b0_app.hex
--output-bin build/hci_ipc/zephyr/signed_by_b0_app.bin
--offset 0 --signature build/hci_ipc/zephyr/nrf/subsys/bootloader/generated/app_firmware.signature
--public-key build/hci_ipc/zephyr/nrf/subsys/bootloader/generated/public.pem
--magic-value 0x281ee6de,0x86518483,79106

4. If I exclude provision.hex from merged_CPUNET.hex board isn't booting. but If I remove b0n_container.hex and signed_by_b0_app.hex , network core boots OK

Parents
  • 0

    Hi, 

    Does b0n verify net core image signature before booting ?

    Yes, the B0 bootloader does verify the signature of the image before booting. This is part of the image verification process that ensures the integrity of the image. The bootloader checks if the image was signed with a private key that corresponds to the embedded KEYHASH TLV. If the verification is successful, the bootloader boots the new version of the application. Otherwise, the old version is used. See this post

    2. who uses provision partition here and how  https://github.com/nrfconnect/sdk-nrf/blob/main/samples/nrf5340/netboot/pm.yml#L9 ?

    See the description in the comitt https://github.com/nrfconnect/sdk-nrf/commit/c1e274659d0c4998e70e984dbdd6a4d35cd43333 

    3. validation_data.py seems to add signature and public key at the end of binary. does b0n read that verify ?

    Yes, see my colleague's answer in this post

    4. If I exclude provision.hex from merged_CPUNET.hex board isn't booting. but If I remove b0n_container.hex and signed_by_b0_app.hex , network core boots OK

    Any special reason to exclude provision.hex from merged_CPUNET.hex if you want to sign with the key? See Provisioning doc.

    What would you want to achieve?

    Regards,
    Amanda H.

  • 0 in reply to Amanda Hsieh

    Hello Amanda,

    Thanks for helping on this. Adding more context, We use MCUBoot for appcore and b0n for netcore. We use https://github.com/zephyrproject-rtos/zephyr/tree/main/samples/bluetooth/hci_ipc  sample for our netcore and since MCUBoot and Secure Boot is enabled, It includes b0n ( netboot sample ). We use NCS SDK v2.6.0.

    Flash layout of net core

    0x1000000 - b0n / netboot 

    0x1008580 - provision.hex 

    0x1008800 - bt_hci sample

    1. Why validation_data.py includes public key in image footer in this code when provision.hex already has the public key ?

    2. I am able to boot net core with vanilla zephyr.hex . So It doesn't look like b0n is verifying signature or even HASH. Could you please point me to exact code that verifies the HASH ? Note in following command I excluded signed_by_b0_app.hex.

    python3 scripts/build/mergehex.py -o build/hci_ipc/zephyr/merged_CPUNET.hex  \
        --overlap=replace \
        build/hci_ipc/b0n/zephyr/zephyr.hex \
        build/hci_ipc/zephyr/provision.hex \
        build/hci_ipc/zephyr/zephyr.hex

    Thanks,

    Darshan 

Reply
  • 0 in reply to Amanda Hsieh

    Hello Amanda,

    Thanks for helping on this. Adding more context, We use MCUBoot for appcore and b0n for netcore. We use https://github.com/zephyrproject-rtos/zephyr/tree/main/samples/bluetooth/hci_ipc  sample for our netcore and since MCUBoot and Secure Boot is enabled, It includes b0n ( netboot sample ). We use NCS SDK v2.6.0.

    Flash layout of net core

    0x1000000 - b0n / netboot 

    0x1008580 - provision.hex 

    0x1008800 - bt_hci sample

    1. Why validation_data.py includes public key in image footer in this code when provision.hex already has the public key ?

    2. I am able to boot net core with vanilla zephyr.hex . So It doesn't look like b0n is verifying signature or even HASH. Could you please point me to exact code that verifies the HASH ? Note in following command I excluded signed_by_b0_app.hex.

    python3 scripts/build/mergehex.py -o build/hci_ipc/zephyr/merged_CPUNET.hex  \
        --overlap=replace \
        build/hci_ipc/b0n/zephyr/zephyr.hex \
        build/hci_ipc/zephyr/provision.hex \
        build/hci_ipc/zephyr/zephyr.hex

    Thanks,

    Darshan 

Children
Related
Terms of service