rust signing, support for rustBoot

imrank03 commented 2 years ago

rbsigner modified and created PR for #23.

Changelog:

removed python dependencies
modified xtask
removed hardcoded image version value now support with cli
signed images are located in the signed_images folder
string concatenation added for creating output image name with image version
few test cases added

rust signing, tested with hardware.

single command change to cargo [board] [build-sign-flash] [boot-ver] [updt-ver] rustBoot. Example cargo stm32h723 build-sign-flash 1234 1235 rustBoot

comand line output

$ cargo stm32h723 build-sign-flash 1234 1235 rustBoot
    Finished dev [unoptimized + debuginfo] target(s) in 0.10s
     Running `target/debug/xtask stm32h723 build-sign-flash 1234 1235 rustBoot`
$ cargo build --release
   Compiling version_check v0.9.4
   Compiling typenum v1.15.0
   ...
   ...
   Compiling rustBoot-update v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/boards/update)
    Finished release [optimized] target(s) in 53.55s
$ cargo build --release
   Compiling stm32h723_updtfw v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/boards/firmware/stm32h723/updt_fw_blinky_red)
    Finished release [optimized] target(s) in 1.54s
$ cargo build --release
   Compiling stm32h723 v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/boards/bootloaders/stm32h723)
    Finished release [optimized] target(s) in 2.25s
$ rust-objcopy -I elf32-littlearm ../../target/thumbv7em-none-eabihf/release/stm32h723_bootfw -O binary stm32h723_bootfw.bin
$ rust-objcopy -I elf32-littlearm ../../target/thumbv7em-none-eabihf/release/stm32h723_updtfw -O binary stm32h723_updtfw.bin
$ cargo run mcu-image ../boards/rbSigner/signed_images/stm32h723_bootfw.bin nistp256 ../boards/rbSigner/keygen/ecc256.der 1234
   Compiling rbsigner v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/rbsigner)
    Finished dev [unoptimized + debuginfo] target(s) in 0.59s
     Running `/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/target/debug/rbsigner mcu-image ../boards/rbSigner/signed_images/stm32h723_bootfw.bin nistp256 ../boards/rbSigner/keygen/ecc256.der 1234`

Update type       :Firmware
Curve type        :nistp256
Input image       :stm32h723_bootfw.bin
Public key        :ecc256.der
Image version     :1234
Output image      :stm32h723_bootfw_v1234_signed.bin
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created with 4608 bytes.

$ cargo run mcu-image ../boards/rbSigner/signed_images/stm32h723_updtfw.bin nistp256 ../boards/rbSigner/keygen/ecc256.der 1235
    Finished dev [unoptimized + debuginfo] target(s) in 0.05s
     Running `/Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/target/debug/rbsigner mcu-image ../boards/rbSigner/signed_images/stm32h723_updtfw.bin nistp256 ../boards/rbSigner/keygen/ecc256.der 1235`

Update type       :Firmware
Curve type        :nistp256
Input image       :stm32h723_updtfw.bin
Public key        :ecc256.der
Image version     :1235
Output image      :stm32h723_updtfw_v1235_signed.bin
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created with 4624 bytes.

$ probe-rs-cli erase --chip stm32h723ZGTx
$ probe-rs-cli download --format Bin --base-address 0x8020000 --chip STM32H723ZGTx stm32h723_bootfw_v1234_signed.bin
     Erasing sectors ✔ [00:00:02] [############################] 128.00KiB/128.00KiB @ 63.21KiB/s (eta 0s )
 Programming pages   ✔ [00:00:00] [##############################]  5.00KiB/ 5.00KiB @  1.05KiB/s (eta 0s )
    Finished in 2.165s
$ probe-rs-cli download --format Bin --base-address 0x8060000 --chip STM32H723ZGTx stm32h723_updtfw_v1235_signed.bin
     Erasing sectors ✔ [00:00:01] [############################] 128.00KiB/128.00KiB @ 64.68KiB/s (eta 0s )
 Programming pages   ✔ [00:00:00] [##############################]  5.00KiB/ 5.00KiB @  1.08KiB/s (eta 0s )
    Finished in 2.117s
$ cargo flash --chip stm32h723ZGTx --release
    Finished release [optimized] target(s) in 0.08s
    Flashing /Users/imrankhaleelsab/Imran/Boschspace/RB_workspace/rustBoot-mcusigner/rustBoot/boards/target/thumbv7em-none-eabihf/release/stm32h723
        WARN probe_rs::config::target > Using custom sequence for STM32H7
     Erasing sectors ✔ [00:00:01] [############################] 128.00KiB/128.00KiB @ 66.35KiB/s (eta 0s )
 Programming pages   ✔ [00:00:00] [##############################] 44.00KiB/44.00KiB @ 13.45KiB/s (eta 0s )
    Finished in 2.878s

yashwanthsinghm commented 2 years ago

Already PR is sent ,which is tested on all the boards you need to wait until its merged to avoid conflicts.

nihalpasham commented 2 years ago

@imrank03, looks good.

just one observation: reorder rustBoot in the sequence of command parameters as shown below.

cargo stm32h723 build-sign-flash rustBoot 1234 1235

I'm assuming you've corrected the end of header changes.

imrank03 commented 2 years ago

reordered the command in the sequence of cargo [board] [build-sign-flash] rustBoot [boot-ver] [updt-ver]
yes, the end of header changes have been fixed and tested with hardware.

nihalpasham / rustBoot

rust signing, support for rustBoot #44