• State Verified Answer
  • Replies 3 replies
  • Subscribers 73 subscribers
  • Views 3112 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 116293
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Can’t make bootloader_secure example to pass signature check

Konstantin

Hi, I’m trying to use new SKD 12 secured bootloader but can’t pass signature check in dfu_req_handling.c\dfu_handle_prevalidate() (code after switch case DFU_SIGNATURE_TYPE_ECDSA_P256_SHA256 ). Function nrf_crypto_verify() returns 0.

The things I’ve done before:

nrfutil keys generate xxx.pem

nrfutil keys display --key pk --format code xxx.pem --out_file dfu_public_key.c

nrfutil pkg generate --hw-version 52 --sd-req 0x8c --application-version 4 --application some_nrf_project.hex --key-file xxx.pem app_dfu_package.zip

Include resulted dfu_public_key.c in BL project.

Include uecc.c from github.com/.../micro-ecc in BL project instead of using precompiled library.

I used latest NRF Tools for Android to download app_dfu_package.zip with no result. In debugger I found the fail point at nrf_crypto_verify(). I reproduce all important code of dfu_handle_prevalidate() in shorted form for clearer explanation:

uint32_t check_debug(void)
{
// .dat file contain in distributive zip
	uint8_t init_data[] = {
0x12, 0x84, 0x01, 0x0A, 0x3E, 0x08, 0x01, 0x12, 0x3A, 0x08, 0x04, 0x10, 0x34, 0x1A, 0x02, 0x8C,
0x01, 0x20, 0x00, 0x28, 0x00, 0x30, 0x00, 0x38, 0xF8, 0x9E, 0x03, 0x42, 0x24, 0x08, 0x03, 0x12,
0x20, 0x50, 0xA7, 0x62, 0x8C, 0x89, 0x33, 0xE3, 0xD8, 0x14, 0x67, 0xB8, 0x24, 0xB1, 0xA9, 0x7D,
0x0D, 0x8B, 0x51, 0x65, 0xCA, 0x3F, 0x36, 0x42, 0x68, 0xDD, 0x08, 0x66, 0x6A, 0x88, 0x6F, 0xB9,
0x0E, 0x48, 0x00, 0x10, 0x00, 0x1A, 0x40, 0xF2, 0x79, 0xB5, 0xC0, 0xBC, 0x39, 0x97, 0xA4, 0xFA,
0x67, 0x83, 0xA0, 0x3A, 0x28, 0xE2, 0x4D, 0x6E, 0x87, 0x5C, 0x0C, 0xC4, 0x12, 0xF7, 0xFE, 0xCA,
0xE6, 0x75, 0xB9, 0x2A, 0x28, 0xC0, 0xCB, 0xCE, 0x20, 0xDF, 0x85, 0x0F, 0x83, 0x7C, 0x03, 0xE6,
0x7B, 0x01, 0x4D, 0x0C, 0xF1, 0x9E, 0x96, 0xC8, 0xF7, 0xAC, 0xDB, 0x46, 0x6B, 0x80, 0x74, 0x48,
0xE9, 0x7E, 0xD5, 0x52, 0x41, 0x9D, 0xFB
	};
	
uint32_t err_code;
uint8_t *p_init_cmd = init_data+9; // data shift I took from debugger
uint8_t init_cmd_len = 58; // from debugger

hash_data.p_le_data = &hash[0];
hash_data.len = sizeof(hash);

err_code = nrf_crypto_hash_compute(NRF_CRYPTO_HASH_ALG_SHA256, p_init_cmd, init_cmd_len, &hash_data);
if (err_code != NRF_SUCCESS) return NRF_DFU_RES_CODE_OPERATION_FAILED;
memcpy(&sig[0], init_data+0x47, 64); // data shift I took from debugger
crypto_sig.p_le_data = sig;
crypto_sig.len = 64;
// calculate the signature
err_code = nrf_crypto_verify(NRF_CRYPTO_CURVE_SECP256R1, &crypto_key_pk, &hash_data, &crypto_sig);
if (err_code != NRF_SUCCESS)
{
	return NRF_DFU_RES_CODE_INVALID_OBJECT; // I’m here :(
}
}

Have you any idea what I did wrong?

Parents Reply Children
  • 0 in reply to Konstantin

    Konstantin,

    Awesome! Thanks for the advice. It works now.

    Originally, when you link it with the IAR project and tries to download and debug your secure application, IAR would throw an error as it contains unsupported .debug_out format due to the uECC library which is compiled using ARM GCC. Hence, this led me to try using IAR to build the library which led to this issue.

Related
Terms of service