• State Not Answered
  • Replies 4 replies
  • Subscribers 75 subscribers
  • Views 1888 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 242409
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Queries Regarding Secure Boot

devang r dixit

I have below queries Regarding Secure Boot and DFU:

1) Is the secure boot functionality available in nRF52840, if available please provide the procedure for doing it?

2) In the secure DFU, it is shown in this document that only the init packet is being signed and the public key is being compiled with the bootloader, so is it possible to sign the whole image? If possible how to do it? Also Is there any procedure to store the public key in flash instead of compiling it with bootloader and verifying it from flash?

  • 0

    Also please provide the Penetration test result for nrf52840.

  • 0

    Hi,

    Secure Boot is implemented in our bootloader from nRF SDK v16.0. You can read about the Secure Boot here.


    The init packet contain the hash of the actual image. So when you sign the content of the init packet it also verify that the hash value of the DFU image. 

    What do you mean by "store the public key in flash instead of compiling it with bootloader" ? The public key will still be in flash regardless how you store it. The public key is protected from the application the same way as the bootloader is protected from the application when booting up with Secure Boot. 

  • 0 in reply to Hung Bui

    Hi Hung,

    Thanks for the information but still some confusion. Please clarify. You mean to say if I use the SDkv16.0 and enable the option NRF_BL_APP_SIGNATURE_CHECK_REQUIRED my images are signed and the bootloader verifies whenever it boots? the signature of the images is transferred as part of the Init packet? Is the Init packet signed?

    Form the link whatever you have shared what does the following statement mean

    “Only the SoftDevice and the application can be validated because the bootloader performs the validation. Note that bootloaders are always checked when they are updated.”

    Does this mean that Bootloader will validate the application and SoftDevice using the signature whenever the bootloader is executed by MBR?

    Does this mean that MBR will not validate the bootloader signature whenever it tries to invoke it?

    “Note that bootloaders are always checked when they are updated” does this statement mean when the bootloader is updated using the DFU the bootloader signature is validated? (only once)

  • 0 in reply to devang r dixit

    Hi Devang, 

    - The init packet is always signed. It's part of the Secure DFU bootloader. Unless you use Open Bootloader the signing of the init packet is obligated. Inside the init packet is the hash of the images so this mean the image is also signed. Only the signature of the init packet is transferred. It's also used to verify the image on each boot (if boot validation with signature enabled)

    - Correct, the bootloader validate the app and/or the softdevice on every boot using the signature. 

    - MBR will not validate the bootloader. The assumption here is that the MBR and the bootloader, which is the foundation of the secure boot won't be modified or compromised. If the system work correctly, the application won't be able to modify the bootloader, it's protected by the BPROT or ACL in the hardware. The bootloader when being updated, will be verified by the original bootloader with a signature before it update itself. In short, the bootloader is only verified only once. But there shouldn't be any easy way to compromise the bootloader, as far as we know until now. 

Related
Terms of service