nrf8240 Signature validation failed during testing

RE: nrf8240 Signature validation failed during testing

R_S — Sat, 04 Dec 2021 04:15:34 GMT

Thanks Einar

RE: nrf8240 Signature validation failed during testing

Einar Thorsrud — Fri, 03 Dec 2021 10:31:10 GMT

Hi,

No, these sets of commands are not OK. The specific problem is that the bootloader start address is stored in the UICR, and that is part of the bootloader hex file. When you later program the application with the "--sectoranduicrerase" option, the UICR is deleted again. In this specific case it would be enough to just skip "--sectoranduicrerase" from step 5, but as you start with an erase all there is no need to use this anywhere, so I suggest you remove this option from all the commands.

RE: nrf8240 Signature validation failed during testing

R_S — Thu, 02 Dec 2021 15:03:41 GMT

Thanks Einar,

one last thing is the below commands are ok for programming

1. Erase the entire flash

nrfjprog.exe --family NRF52 --eraseall

2.Program the MBR

nrfjprog --reset --program mbr_nrf52_2.4.1_mbr.hex --family NRF52 --sectoranduicrerase

3.Program the Bootloader Settings

nrfjprog --program settings.hex -f NRF52 -r

4. Program the Bootloader

nrfjprog --reset --program open_bootloader_usb_mbr_pca10056.hex --family NRF52 --sectoranduicrerase

5. Program Blinky App

nrfjprog --reset --program blinky_pca10056.hex --family NRF52 --sectoranduicrerase

Regards

RE: nrf8240 Signature validation failed during testing

Einar Thorsrud — Thu, 02 Dec 2021 14:21:37 GMT

Hi Rohit,

[quote user="R_S"]in this command , these version number will it effect the process or its just the version just assigning here?[/quote]

The version numbers for application and bootloader does not matter in itself, other than that downgrade protection ensures that you need to use increasing numbers. So when you set 1, a DFU image which is not higher will not be accepted (this can be adjusted by sdk_config.h macros, though). This data will be programmed to the bootloader settings page and is read whenever there is a DFU procedure. This is just the starting point though. If you update to for instance application version 3, the number in the settings page on the device would then be changed to 3.

The bl-settings-version is a bit different, and depends on the SDK version of the bootloader. As you use SDK 17.1 it should always be set to 2. This is to match the data structure and content that is used by the bootloader version you use.

[quote user="R_S"]And in application part which hex file i need to pass whether its a bootloader hex file or my application hex file which will run after bootloader?[/quote]

You normally only need to pass the hex file of the application when generating bootloader settings page. If you also want SD boot validation you need to pass the SoftDevice hex file as well.

Einar

RE: nrf8240 Signature validation failed during testing

R_S — Thu, 02 Dec 2021 14:13:05 GMT

Hi Einar,

in this command , these version number will it effect the process or its just the version just assigning here?

And in application part which hex file i need to pass whether its a bootloader hex file or my application hex file which will run after bootloader?

Regards

Rohit Saini

RE: nrf8240 Signature validation failed during testing

Einar Thorsrud — Thu, 02 Dec 2021 13:27:04 GMT

Hi Rohit,

You would have to expand your nrfutil command to something like this:

nrfutil.exe settings generate --family NRF52840 --application blinky_pca10056.hex --application-version 1 --bootloader-version 1 --bl-settings-version 2 --app-boot-validation VALIDATE_ECDSA_P256_SHA256 --key-file /path/to/key_file.pem settings.hex

You should also set NRF_BL_APP_SIGNATURE_CHECK_REQUIRED to 1 in the bootloader's sdk_config.h to enforce it.

RE: nrf8240 Signature validation failed during testing

R_S — Thu, 02 Dec 2021 13:10:20 GMT

HI Einar,

yes you are right i am just verify my application before it start.

bootloader settings i am using following command.

nrfutil.exe settings generate --family NRF52840 --application blinky_pca10056.hex --application-version 1 --bootloader-version 1 --bl-settings-version 2 settings.hex

and how to specify that i want to validate VALIDATE_ECDSA_P256_SHA256 while creating bootloader settings rather than CRC.

Regards

Rohit saini

RE: nrf8240 Signature validation failed during testing

Einar Thorsrud — Thu, 02 Dec 2021 12:44:31 GMT

Hi Rohit,

So what you try to do here is just to verify the application before you start it on every boot, right?

How do you generate the bootloader settings?

Do you test with DUMMY defined here? If so, I don't see where this m_message comes from nor do I know how the signature you compare with is generated, so I cannot say much other than that as the verification fails there are issues with the data of some sort (could be anywhere). What I can say though is that this is supported by the unmodified bootloader SDK bootloader example, so you could simply do as is done there. When you generate the bootloader settings page you can specify that you want to use signature verification on every boot instead of just a CRC which is default using the --app-boot-validation VALIDATE_ECDSA_P256_SHA256 when you generate the settings page using nrfutil settings generate. Search for VALIDATE_ECDSA_P256_SHA256 in the bootloader code to see how it is used there.

RE: nrf8240 Signature validation failed during testing

R_S — Thu, 02 Dec 2021 04:46:48 GMT

yes public key i cross checked its the same which i generated, there is no confusion in that.

And regarding changes i did, so the base code i am using nordic sdk open bootloader code.

i comment out all nrf_bootloader_init part. below is my main function content.

In IsSignatureVerified() i am calling API for validation .

And before all these things i am using following steps to program my bootloader code and application code.

1. Erase the entire flash

nrfjprog.exe --family NRF52 --eraseall

2.Program the MBR

nrfjprog --reset --program mbr_nrf52_2.4.1_mbr.hex --family NRF52 --sectoranduicrerase

3.Program the Bootloader Settings

nrfjprog --program settings.hex -f NRF52 -r

4. Program the Bootloader

nrfjprog --reset --program open_bootloader_usb_mbr_pca10056.hex --family NRF52 --sectoranduicrerase

5. Program Blinky App

nrfjprog --reset --program blinky_pca10056.hex --family NRF52 --sectoranduicrerase

one controller boot up its start my open bootloader in that i am doing signature validation of the application code and then jump to the application part.

but during validation it fails every time. and i am not sure which steps i am missing here.

for validation i am reading the flash data of application code and store it in a local buffer (dataBuffer) and that buffer i am passing in the nrf_dfu_validation_signature_check() as input.

My intension only to validate the application hex file data which i flash directly to the controller.

Regards

Rohit Saini

RE: nrf8240 Signature validation failed during testing

Einar Thorsrud — Wed, 01 Dec 2021 14:21:54 GMT

Hi,

[quote user="R_S"]

And above this can i c ross check my created signature whether it is ok or not.

is there any way to do that....?

[/quote]

The only way I can see to do that is to do the validation operation and ensure that it is successful. Also, there is not really much information you can get about what is wrong wen you you validate the signature. Either it validates OK, or there is a problem.

[quote user="R_S"]i am following this user guide to generate private key. but what about the signature data, how can i generate that so that i can cross check whether there is an issue with my signature or not.[/quote]

I see you use nrfutil, and the nRF5 SDK bootloader, with some modification. If you use nrfutil to generate the upgrade image and an unmodified bootloader, this will work assuming you did not accidentally use wrong keys (for instance forget to build the bootloader with the public key that corresponds to the private key you used with nrfutil). If you have checked the keys it would be interesting to know which changes you have done in the bootloader? Perhaps you can backtrack and go back to the working SDK example and then see which change you does that cause problems?

RE: nrf8240 Signature validation failed during testing

R_S — Wed, 01 Dec 2021 03:06:14 GMT

And above this can i c ross check my created signature whether it is ok or not.

is there any way to do that....?

https://infocenter.nordicsemi.com/pdf/nrfutil_v1.3.pdf

i am following this user guide to generate private key. but what about the signature data, how can i generate that so that i can cross check whether there is an issue with my signature or not.

Thanks

RE: nrf8240 Signature validation failed during testing

R_S — Tue, 30 Nov 2021 15:17:13 GMT

Yes my Signature data is already in big endian format but my public key is in little endian format.

So according to you in my case Signature i no need to swap , but for public key i need that swap function right..?

Please correct me if my understanding is not ok..?

RE: nrf8240 Signature validation failed during testing

Einar Thorsrud — Tue, 30 Nov 2021 15:12:19 GMT

The crypto library operates on big-endian data. However, the signature in the DFU protocol use little endian, so it needs to be converted. If you allready have big endian data (I am not sure about the exact use in your case) then you can either modify the nrf_dfu_validation_signature_check() function to not swap endian in that case, or swap twice (though that means doing unnecessary calculations).

RE: nrf8240 Signature validation failed during testing

R_S — Tue, 30 Nov 2021 14:55:52 GMT

Thanks for reply Einar.

Error is "NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE" only.

And want to know regarding endianness of the data... like Signature and public key should be in little endian or big endian format before nrf_crypto_internal_double_swap_endian_in_place() this function call...?

RE: nrf8240 Signature validation failed during testing

Einar Thorsrud — Tue, 30 Nov 2021 13:11:13 GMT

Hi,

nrf_dfu_validation_signature_check() returns NRF_DFU_RES_CODE_INVALID_OBJECT on any failure of the verify operation itself, so it could be good to debug to see which error is actually returned from the call to nrf_crypto_ecdsa_verify(). If it is NRF_ERROR_CRYPTO_ECDSA_INVALID_SIGNATURE, then there simply is a signature verification failure due to the input not being a valid signature with the provided public key.

Typical reasons for getting problems with signature verifications is:

Perhaps you used the wrong key
Corrupt data (signature)
Endianness problems

Regarding the latter note that for historical reasons the secure DFU bootloader use little-endian format (as does Bluetooth), and therefor endianness of the signature is converted by a call to nrf_crypto_internal_double_swap_endian_in_place() within nrf_dfu_validation_signature_check().