Boot validation with Cryptocell (CC310)

Hi,

For what is the App validation required?

1. After the Update, the bootloader is ensuring that a valid application is available, or?
2. So then I have just to ensure that my app is not modifying the app section. Or are there other reasons?

The default configuration of the bootloader use a cryptographic signature verification during upgrades to ensure that only updates that are properly signed can be installed. So that would be your case a. The bootloader also supports verifying that the application is valid on every startup, which is your case b. The default configuration is a CRC, which protects against accidental flash modifications. Selecting a cryptographic signature verification here can make sense if you want something like secure boot (see here). That is usually not required by most applications though.

Why is the startup time not reduced when I am using the hash validation with the cryptocell?

1. Is that not possible?
2. How I do have to configure the sdk_config.h?
3. I read somewhere that the cryptocell is around 20 times faster than the sw function. Is that true, or do I expecting to much?

1. I would not expect a reduction in startup time. CRC is a very simple process that requires little CPU time, and replacing that with hash calculation will generally not be efficient, even with a HW accelerator.

2. If you want to use signature verification instead of CRC you need to change the bootloader's sdk_config.h so that NRF_BL_APP_SIGNATURE_CHECK_REQUIRED is set to 1.

3. It depends entirely on the algorithm in question and what you compare against (SW crypto implementations differ significantly), data size, data source etc. Note that CC310 can only operate on data form RAM. So in this case, you will copy data (entire application) in chucks from flash to ram in order to validate it.

To conclude, there are reasons to select signature verification instead of CRC, but to speed up boot or reduce current consumption is not one of them. In that case, I would rather consider skipping the check altogether as it is unlikely that you will ever need it provided you test your application properly. To do this, just modify crc_on_valid_app_required() in nrf_bootloader.c to always return false.

Hi,

For what is the App validation required?

1. After the Update, the bootloader is ensuring that a valid application is available, or?
2. So then I have just to ensure that my app is not modifying the app section. Or are there other reasons?

The default configuration of the bootloader use a cryptographic signature verification during upgrades to ensure that only updates that are properly signed can be installed. So that would be your case a. The bootloader also supports verifying that the application is valid on every startup, which is your case b. The default configuration is a CRC, which protects against accidental flash modifications. Selecting a cryptographic signature verification here can make sense if you want something like secure boot (see here). That is usually not required by most applications though.

Why is the startup time not reduced when I am using the hash validation with the cryptocell?

1. Is that not possible?
2. How I do have to configure the sdk_config.h?
3. I read somewhere that the cryptocell is around 20 times faster than the sw function. Is that true, or do I expecting to much?

1. I would not expect a reduction in startup time. CRC is a very simple process that requires little CPU time, and replacing that with hash calculation will generally not be efficient, even with a HW accelerator.

2. If you want to use signature verification instead of CRC you need to change the bootloader's sdk_config.h so that NRF_BL_APP_SIGNATURE_CHECK_REQUIRED is set to 1.

3. It depends entirely on the algorithm in question and what you compare against (SW crypto implementations differ significantly), data size, data source etc. Note that CC310 can only operate on data form RAM. So in this case, you will copy data (entire application) in chucks from flash to ram in order to validate it.

To conclude, there are reasons to select signature verification instead of CRC, but to speed up boot or reduce current consumption is not one of them. In that case, I would rather consider skipping the check altogether as it is unlikely that you will ever need it provided you test your application properly. To do this, just modify crc_on_valid_app_required() in nrf_bootloader.c to always return false.