• State Not Answered
  • Replies 22 replies
  • Subscribers 67 subscribers
  • Views 522 views
  • Users 0 members are here
Attachments (1) Download All
Nordic Case Info
  • Case ID: 328849
Options

nrf5340 - MCUboot secure boot with production keys

Gabriele

Hi,
I'm working on nRF5340, NCS v2.6.1, Zephyr v3.4.99.
The net core is running the child image HCI RPMsg controller.
Th app core is running application and child image mcuboot.

I know that by default MCUboot uses generated NSIB key pair <ncs>/bootloader/mcuboot/root-rsa-2048.pem, not to be used for production.
Therefore, for production, my goal is to hash and sign image using custom keys and let MCUBoot to validate it at boot time.

Generating the key was pretty simple using

$ ./scripts/imgtool.py keygen -k mycompany.pem -t rsa-2048

Then I put the key file at path /home/gabriele/myproject/mycompany.pem

In myproject/child_image/mcuboot.conf I set

CONFIG_BOOT_SIGNATURE_KEY_FILE="/home/gabriele/myproject/mycompany.pem"
CONFIG_BOOT_SIGNATURE_TYPE_RSA=y
CONFIG_BOOT_VALIDATE_SLOT0=y

In /home/gabriele/myproject/prj.conf I set

CONFIG_SECURE_BOOT=y
CONFIG_SB_SIGNING_KEY_FILE="/home/gabriele/myproject/mycompany.pem"

At build time I get the following error in the end

[153/158] Linking C executable zephyr/zephyr_pre0.elf
[154/158] Generating linker.cmd
[155/158] Generating isr_tables.c, isr_tables_vt.ld, isr_tables_swi.ld
[156/158] Building C object zephyr/CMakeFiles/zephyr_final.dir/misc/empty_file.c.obj
[157/158] Building C object zephyr/CMakeFiles/zephyr_final.dir/isr_tables.c.obj
[158/158] Linking C executable zephyr/zephyr.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:       24538 B      34176 B     71.80%
             RAM:        3488 B        64 KB      5.32%
           SRAM1:          0 GB        64 KB      0.00%
        IDT_LIST:          0 GB        32 KB      0.00%
[232/243] Building C object zephyr/CMakeFiles/zephyr_final.dir/isr_tables.c.obj
[233/243] Creating public key from private key used for signing
[235/243] Completed 'b0n_subimage'
[236/243] Creating data to be provisioned to the Bootloader, storing to provision.hex
[238/243] Generating zephyr/b0n_container.hex
[239/243] Linking C executable zephyr/zephyr.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:      177528 B       222 KB     78.09%
             RAM:       47604 B        64 KB     72.64%
           SRAM1:          0 GB        64 KB      0.00%
        IDT_LIST:          0 GB        32 KB      0.00%
[240/243] Generating zephyr/app.hex
[240/243] Creating signature of application
[241/243] Creating validation for zephyr.hex, storing to
[243/243] Generating zephyr/merged_CPUNET.hex
[368/394] Building C object zephyr/CMakeFiles/zephyr_final.dir/isr_tables.c.obj
[369/394] Creating data to be provisioned to the Bootloader, storing to provision.hex
Traceback (most recent call last):
  File "/home/gabriele/spiro-dev/nrf53sdk/ncs/zephyr/../nrf/scripts/bootloader/provision.py", line 199, in <module>
    main()
  File "/home/gabriele/spiro-dev/nrf53sdk/ncs/zephyr/../nrf/scripts/bootloader/provision.py", line 180, in main
    hashes = get_hashes(
  File "/home/gabriele/spiro-dev/nrf53sdk/ncs/zephyr/../nrf/scripts/bootloader/provision.py", line 140, in get_hashes
    digest = sha256(VerifyingKey.from_pem(f.read()).to_string()).digest()[:16]
  File "/home/gabriele/spiro-dev/nrf53sdk/zephyr/python-env/lib/python3.8/site-packages/ecdsa/keys.py", line 318, in from_pem
    return cls.from_der(
  File "/home/gabriele/spiro-dev/nrf53sdk/zephyr/python-env/lib/python3.8/site-packages/ecdsa/keys.py", line 393, in from_der
    raise der.UnexpectedDER(
ecdsa.der.UnexpectedDER: Unexpected object identifier in DER encoding: (1, 2, 840, 113549, 1, 1, 1)
[371/394] Completed 'hci_ipc_subimage'
FAILED: zephyr/provision.hex /home/gabriele/spiro-dev/apps/spiro/build/zephyr/provision.hex 
cd /home/gabriele/spiro-dev/apps/spiro/build/zephyr && /home/gabriele/spiro-dev/nrf53sdk/zephyr/python-env/bin/python /home/gabriele/spiro-dev/nrf53sdk/ncs/zephyr/../nrf/scripts/bootloader/provision.py --s0-addr 0x14200 --s1-addr 0x68100 --provision-addr 0xff8100 --public-key-files /home/gabriele/spiro-dev/apps/spiro/build/zephyr/nrf/subsys/bootloader/generated/public.pem --output /home/gabriele/spiro-dev/apps/spiro/build/zephyr/provision.hex --max-size 0x280 --num-counter-slots-version 20
[373/394] Generating ../../zephyr/net_core_app_update.bin
image.py: sign the payload
[374/394] Linking C executable zephyr/zephyr.elf
Memory region         Used Size  Region Size  %age Used
           FLASH:      320356 B     343808 B     93.18%
             RAM:      229084 B       440 KB     50.84%
        IDT_LIST:          0 GB        32 KB      0.00%
[375/394] Generating ../../zephyr/net_core_app_signed.hex
image.py: sign the payload
ninja: build stopped: subcommand failed.

Can anyone give a help ?

Parents
  • 0

    Hello,

    Please check if 'CONFIG_BOOT_SIGNATURE_TYPE_RSA' is indeed selected in build/mcuboot/zephyr/.config. This line " File "/home/gabriele/spiro-dev/nrf53sdk/zephyr/python-env/lib/python3.8/site-packages/ecdsa/keys.py", line 393, in from_der
    raise der.UnexpectedDER(" indicates that the build system is trying to use ECDSA instead of RSA.

    Best regards,

    Vidar

  • 0 in reply to Vidar Berg

    yes Vidar, it is.

    So, I generated a ECDSA key and switch to 

    CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y
    CONFIG_BOOT_SIGNATURE_TYPE_RSA=n

    The build ends successfully but, at flashing time, I just get this on the console.

    *** Booting nRF Connect SDK 7d80c8bcf3c8 ***
Attempting to boot slot 0.
Attempting to boot from address 0x8200.
Verifying signature against key 0.
Hash: 0x8f...99
Firmware signature verified.
Firmware version 1
Setting monotonic counter (version: 1, slot: 0)
Booting (0x8200).

    What's going on ?

  • 0 in reply to Vidar Berg

    Hi Vidar, please find here the build/mcuboot/zephyr/.config. Yes, the last part of the console output is from the application

    mcuboot_config.zip

  • 0 in reply to Gabriele

    You've set CONFIG_LOG_BACKEND_UART to '=n', which prevents the logger from writing anything to your uart terminal.

  • 0 in reply to Vidar Berg

    OK, I've added 

    CONFIG_UART_CONSOLE=y
    CONFIG_LOG_BACKEND_UART=y
    CONFIG_LOG_MODE_MINIMAL=y

    Then I checked it out trying a DFU using a not-signed application image

    *** Booting nRF Connect SDK 7d80c8bcf3c8 ***
Attempting to boot slot 0.
Attempting to boot from address 0x8200.
Verifying signature against key 0.
Hash: 0x8f...99
Firmware signature verified.
Firmware version 2
Booting (0x8200).*** Booting nRF Connect SDK 7d80c8bcf3c8 ***
I: Starting bootloader
I: Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
I: Secondary image: magic=good, swap_type=0x2, copy_done=0x3, image_ok=0x3
I: Boot source: none
I: Primary image: magic=unset, swap_type=0x1, copy_done=0x1, image_ok=0x3
I: Secondary image: magic=good, swap_type=0x2, copy_done=0x3, image_ok=0x3
I: Boot source: none
I: Image index: 1, Swap type: test
I: Starting swap using move algorithm.
W: Not enough free space to run swap upgrade
W: required 253952 bytes but only 65536 are available
I: Bootloader chainload address offset: 0x30000
I: Jumping to the first image slot*** Booting nRF Connect SDK 7d80c8bcf3c8 ***
[00:00:00.215,698] <inf> hostgw: initialized
[00:00:00.220,581] <inf> hostgw: start thread (priority: 1)
[00:00:00.237,091] <dbg> hostgw: hgw_thread: timeout, buffer size: 1 bytes.

	*********************************
	*       XXXXXXXXXXXXXX          *
	*********************************
	product name : Q
	part number  : C09094-01-99
	serial number: 1234509876
	ble address  : E7:7B:3A:2F:63:D5 (random)
	ble serial   : 2020016037
	fw version   : 1.0-beta17
	fw commit    : 154e35853e82d4b7cae3f3bcfc60c3e81a171983
	hw revision  : A
	hw config    : 0
	auth sw ver  : -.-.-.-
	auth fw ver  : -.-.-.-
	Ta (0.1C)    : 272
	Rh (perc)    : 51
	Pb (mmHg)    : 742

[00:02:14.711,395] <wrn> control: starting dfu..		<-- STARTING DFU OF AN APPLICATION IMAGE WHICH IS NOT SIGNED

*** Booting nRF Connect SDK 7d80c8bcf3c8 ***
Attempting to boot slot 0.
Attempting to boot from address 0x8200.
Verifying signature against key 0.
Hash: 0x8f...99
Firmware signature verified.
Firmware version 2
Booting (0x8200).*** Booting nRF Connect SDK 7d80c8bcf3c8 ***
I: Starting bootloader
I: Primary image: magic=unset, swap_type=0x1, copy_done=0x3, image_ok=0x3
I: Secondary image: magic=good, swap_type=0x2, copy_done=0x3, image_ok=0x3
I: Boot source: none
I: Primary image: magic=unset, swap_type=0x1, copy_done=0x1, image_ok=0x3
I: Secondary image: magic=good, swap_type=0x2, copy_done=0x3, image_ok=0x3
I: Boot source: none
I: Image index: 1, Swap type: test
I: Starting swap using move algorithm.
W: Not enough free space to run swap upgrade
W: required 253952 bytes but only 65536 are available
I: Bootloader chainload address offset: 0x30000
I: Jumping to the first image slot*** Booting nRF Connect SDK 7d80c8bcf3c8 ***
[00:00:00.216,217] <inf> hostgw: initialized
[00:00:00.221,069] <inf> hostgw: start thread (priority: 1)
[00:00:00.237,579] <dbg> hostgw: hgw_thread: timeout, buffer size: 1 bytes.

	*********************************
	*       XXXXXXXXXXXXXX          *
	*********************************
	product name : Q
	part number  : C09094-01-99
	serial number: 1234509876
	ble address  : E7:7B:3A:2F:63:D5 (random)
	ble serial   : 2020016037
	fw version   : 1.0-beta17
	fw commit    : 154e35853e82d4b7cae3f3bcfc60c3e81a171983
	hw revision  : A
	hw config    : 0
	auth sw ver  : -.-.-.-
	auth fw ver  : -.-.-.-
	Ta (0.1C)    : 271
	Rh (perc)    : 51
	Pb (mmHg)    : 742

    The firmware update gets failed (I know that).
    The problem is that from the mcuboot log there is no cues that something went wrong.

  • 0 in reply to Gabriele

    It says that there is not enough free space to perform a swap upgrade. Seems like it is trying to place the FW image into the s0/s1 slot intended for mcuboot, given the reported number of bytes available.

    Warning messages from MCUBoot in your log:

    W: Not enough free space to run swap upgrade
    W: required 253952 bytes but only 65536 are available

  • 0 in reply to Vidar Berg

    It's weird. In the subsequent tests I've not seen the "Not enough free space" warning anymore.

Reply Children
No Data
Related