I want to bring up a secure bootloader with support for ECDSA and SHA-256.
I am having a hard time coming up with a combination of SDK components (frontend, backend), external libraries, and preprocessor symbol definitions in the sdk_config.h file.
I am a novice when it comes to security and am somewhat clueless as to what is needed to create such a firmware design.
I have been able to 'compile' the uECC source code with the GCC ARM compiler of my choice.
The first issue I ran into was that I need to set up a 'frontend' and a 'backend'.
1. In this regard I am not sure what role is played by the external uECC library that I built with GCC ARM.
2.I was able to recreate the build used by the secure_bootloader example but over time I am beginning to get the feeling that the configuration out of the box does not support ECDSA-256 (?)
3. I found out, after navigating through many web pages and spending quite a few hours, that the 310 backend is NOT supported on the nRF52832. Now I don't know what is ACTUALLY supported on the nRF52832 -- should Iuse uECC or should I use OBERON or 'nrf sw implementation/?
I have been playing with the various options and some builds do complete with no errors but there are warnings that I am not comfortable about ignoring.
An example is when I tried to enable the OBERON backend --
If I enable all the same flags in the basic crypto example I get this warning (even though the build succeeds)
#warning "NRF_CRYPTO_CURVE25519_BIG_ENDIAN_ENABLED not defined. Please define it to choose the endianness of Curve25519 parameters."
If I do not define the Curve25519 specific parameters then I get this warning:
#warning NRF_CRYPTO_BACKEND_CC310_BL_HASH_SHA256_ENABLED define not found in sdk_config.h (Is the sdk_config.h valid?)
Basically I think I am just going through a lot of trial and error without any clear idea of how to approach this problem.
Any input would be appreciated.
Cheers
RMV
