Arhitecture concepts

[ZiGaMi]

Basic program flow proposal: UPDATE (26.02.2023): reason variable shall be linker in NOINIT RAM section to exchange data between app and bootlaoder

Requirements:

• [x] Data exchange between booloader and application via common shared file
• [x] Template of shared data structure must be provided
• [x] Using NOLOAD linker flag for .noinit section for data exchange + documentation
• [x] Detailed linker script configuration must be part of README
• [x] Explore possiblitites to share same linker file between application and bootloader (configured with compiler symbols -D...)
• [ ] Boot from external flash if configured to do so
• [x] Application image encryption
• [ ] Single-bank and Dual-bank options (like Nordic)
• [x] Must use application header to detect image version and to check CRC
• [x] Application header must be compatible with revision module

[ZiGaMi]

Use of CMOX on STM32 for cryption purposes

[ZiGaMi]

Interesting link at that topic:

• Sharing info between application and bootloader
• From Zero to main()

[ZiGaMi]

Invalid app catcher:

[ZiGaMi]

Locking bootloader with MPU:

[ZiGaMi]

Sharing linker script across bootloader and application:

• https://stackoverflow.com/questions/28837199/can-i-use-preprocessor-directives-in-ld-file
• https://interrupt.memfault.com/blog/noinit-memory
• https://github.com/noahp/cortex-m-bootloader-sample/tree/shared-linker-script
• https://community.st.com/t5/stm32cubeide-mcu/can-i-use-preprocessor-commands-in-linker-script-and-how/td-p/197598
• https://stackoverflow.com/questions/28837199/can-i-use-preprocessor-directives-in-ld-file

[ZiGaMi]

Firmware authentication using digital signatures

In a nutshell

NOTICE: On picture hash calculations are missing.

Link: https://interrupt.memfault.com/blog/secure-firmware-updates-with-code-signing

Interesting point of view on encrypting the application:

If using digital signatures (consequently HASH), then CRC of application is sort of a redundant info:

Digital signature is being evaluated based on:

• Public key
• Hash (SHA-256)
• Signature

Therefore if wanted to check signature in pre-validation phase, HASH and SIGNATURE shall be part of "Image info" in "Prepare command"!

Application header in that example:

[ZiGaMi]

OPEN SSL is already part of Git installation