b9fca1d79a
|
||
|---|---|---|
| docs | ||
| hal | ||
| include | ||
| lib | ||
| src | ||
| test-app | ||
| tools/ed25519 | ||
| .gdbinit | ||
| .gitignore | ||
| .gitmodules | ||
| LICENSE | ||
| Makefile | ||
| NOTICE | ||
| README.md | ||
README.md
wolfBoot
wolfSSL Secure Bootloader
wolfBoot is a portable, OS-agnostic, secure bootloader solution for 32-bit microcontrollers, relying on wolfCrypt for firmware authentication, and a modified version of mcuboot's bootutil library to implement firmware upgrade mechanisms.
Due to the minimalist design of the bootloader and the tiny HAL API, wolfBoot is completely independent from any OS or bare-metal application, and can be easily ported and integrated in existing embedded software projects to provide a secure firmware upgrade mechanism.
Features
- Multi-slot partitioning of the flash device
- Integrity verification of the firmware image(s)
- Authenticity verification of the firmware image(s) using wolfCrypt's Digital Signature Algorithms (DSA)
- Minimalist hardware abstraction layer (HAL) interface to facilitate portability across different vendors/MCUs
- In-place chain-loading of the firmware image in the primary slot
- Copy/swap images from secondary slots into the primary slots to consent firmware upgrade operations
Components
This repository contains the following components:
- the bootloader
- Ed25519 key generator and image signing tools
- Baremetal test applications
The bootloader
The bootloader is a memory-safe standalone bare-metal application, designed to run on a generic 32bit MCU, with no dynamic memory allocation mechanism or linkage to any standard C library.
The core application depends on the following libraries:
- wolfCrypt, which is used to verify the Ed25519 signature of the images
- A modified version of mcuboot's bootutil, to handle the firmware image slots and the upgrade state-machine
- A minimalist Hardware Abstraction Layer, with an implementation provided for the supported target, which is in charge for IAP flash access and clock setting on the specific MCU
The goal of this application is to perform image verification and/or requested firmware upgrade tasks before chain-loading the actual firmware from a specific location in flash.
Only ARM Cortex-M is supported at this stage. Support for more architectures and microcontrollers will be added later.
Integrating wolfBoot in an existing project
Requirements:
- Provide a HAL implementation for the target platform (see Hardware Abstraction Layer)
- Decide a flash partition strategy and modify
include/target.haccordingly (see Flash partitions
The following steps are automated in the default Makefile target, using the baremetal test
application as an example to create the factory image:
- Create a Ed25519 Key-pair using the
ed25519_keygentool - Compile the bootloader. The public key generated in the step above is included in the build
- Compile the firmware image
- Re-link the firmware to change the entry-point to the start address of the primary partition
- Sign the firmware image using the
ed25519_signtool - Create a factory image by concatenating the bootloader and the firmware image
- Flash the factory image to the target
For more detailed information about the firmware image format, see Firmware image
Upgrading the firmware
- Compile the new firmware image, and link it so that its entry point is at the start address of the primary partition
- Sign the firmware using the
ed25519_signtool and the private key generated for the factory image - Transfer the image using a secure connection, and store it to the secondary firmware slot
- Trigger the image swap using bootutil's
boot_set_pending()function - Reboot to let the bootloader begin the image swap
For more detailed information about firmware upgrade procedures, see Firmware Upgrade