Hi all,
First of all let me thank you for taking time to review this "SOS".
I've tried to read and collect all the information I have been capable before opening this thread.
I have finally decided to contact you because althouth I found some interesting information, it is not totally clear to me, so let me present you the project I am currently working on...
It is base on: WIN11 / nrf52840DK and nrf Connect SDK 2.2.0 / Implementation base on first-stage architecture where MCUboot is used as immutable bootloader (we just need to update the app)
Currently, we have the project running and working properly (with some extra features) but with NON secure capabilities. This is why I am here, because I would like to apply some securements to the loading/updating flow.
I have distinguished two phases for securizing my proyect:
1) Customize the SIGNATURE key used by the MCUboot.
2) Encrypt the binary before updating it.
Lets go to focus on the first stage (1): "Customize the SIGNATURE key used by the MCUboot"
I have visited all these pages:
> https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.2.0/mcuboot/design.html
> https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.2.0/mcuboot/imgtool.html
> https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.2.0/nrf/ug_bootloader.html
Additional info as to MCUboot, such as:
> https://developer.nordicsemi.com/nRF_Connect_SDK/doc/1.4.1/mcuboot/ecdsa.html
> https://docs.foundries.io/44/howto/zephyr-mcuboot-keys.html#configure-mcuboot-to-use-your-key
... I have done my best trying to understand the described processes, but some doubts came to my mind:
I added the following entry to the 'prj.conf':
CONFIG_BOOTLOADER_MCUBOOT=y
...to say: "hey, I want to make use of the MCUboot as (immutable) bootloader".
To be able to configure and modify the MCUboot, I've also added the next sentence to the 'CMakeLists.txt' of the main project:
list(APPEND mcuboot_OVERLAY_CONFIG "${CMAKE_CURRENT_SOURCE_DIR}/mcuboot.conf")
and create a 'mcuboot.conf' file, where I set:
# CUSTOMIZING SIGNATURE KEY (ECDSA 256) CONFIG_BOOT_SIGNATURE_TYPE_ECDSA_P256=y CONFIG_BOOT_SIGNATURE_KEY_FILE="C:/\Private_Soltec_Keys/\priv_signing_key.pem"
(I have also been able to generate and set a RSA key, but as long as I saw type 'ECDSA 256' used by default, I have also wanted to keep this format).
After setting these parameters, I build and flash getting the following prompt:
Connected via Serial Port with settings COM8 115200 8n1 rtscts:off *** Booting Zephyr OS build v3.2.99-ncs1 *** I: Starting bootloader I: Bootloader chainload address offset: 0x40000 : Jumping to the first image slot
Here is the question:
Am I attaching to the MCUboot my custom signing key? I have this doubt because I have seen others parameters such as:
CONFIG_SB_SIGNING_KEY_FILE CONFIG_SB_SIGNING_CUSTOM CONFIG_SB_SIGNING_PUBLIC_KEY CONFIG_SB_SIGNING_COMMAND
I really do not know if I must use or not. Or what are their purpose for? And what is the different against the one I use: CONFIG_BOOT_SIGNATURE_KEY_FILE?
What did I miss?
For signing I will use the following comand: imgtool sign -k priv_a.pem --align 8 -v 52 -H 32 --pad-header -S 0x60000 --confirm App.bin App_SIGNED.bin
But honestly, appart from the help, I do not have quite clear the value: -S 0x60000, that I use... what reference should I take to know the correct value to this entry?
I was thinking on using mcumgr tool for sending, updating the app image, but I am getting the error: NMP timeout, (yes, I am working on WIN) so I am considering the use of a different tool instead of 'mcumgr', any suggestion?
(As to the 2nd phase of my securizing plan: "Encrypt the binary before updating it").
We pospone it up to confirm the correct behaviour of the 1st phase, ok?
