search

nihalpasham / rustBoot

rustBoot is a standalone bootloader written entirely in `Rust`, designed to run on anything from a microcontroller to a system on chip. It can be used to boot into bare-metal firmware or Linux.
MIT License
214 stars 21 forks source link

rbsigner fixed for "fit-image" #58

Closed imrank03 closed 2 years ago

imrank03 commented 2 years ago

Changelog:

Successfully created sign fit-image for rpi4 and tested stm32h723zg board for new changes in file stm32h723.

single command to sign fit-image cargo rpi4 sign fit-image

Command line output for fit-image

❯ cargo rpi4 sign fit-image
   Compiling xtask v0.1.0 (/Users/imrankhaleelsab/Imran/Boschspace/mcusigner/rustBoot/xtask)
    Finished dev [unoptimized + debuginfo] target(s) in 0.47s
     Running `target/debug/xtask rpi4 sign fit-image`
$ mkimage -f rpi4-apertis.its rpi4-apertis.itb
rpi4-apertis.its:65.37-70.6: Warning (unit_address_vs_reg): /configurations/bootconfig/signature@1: node has a unit name, but no reg or ranges property
Image contains unit addresses @, this will break signing
FIT description: rustBoot FIT Image
Created:         Wed Jul 20 17:01:20 2022
 Image 0 (kernel)
  Description:  Kernel
  Created:      Wed Jul 20 17:01:20 2022
  Type:         Kernel Image
  Compression:  uncompressed
  Data Size:    29272576 Bytes = 28586.50 KiB = 27.92 MiB
  Architecture: AArch64
  OS:           Linux
  Load Address: 0x40480000
  Entry Point:  0x40480000
  Hash algo:    sha256
  Hash value:   97dcbff24ad0a60514e31a7a6b34a765681fea81f8dd11e4644f3ec81e1044fb
 Image 1 (fdt)
  Description:  DTB
  Created:      Wed Jul 20 17:01:20 2022
  Type:         Flat Device Tree
  Compression:  uncompressed
  Data Size:    25713 Bytes = 25.11 KiB = 0.02 MiB
  Architecture: AArch64
  Load Address: 0x43000000
  Hash algo:    sha256
  Hash value:   3572783be74511b710ed7fca9b3131e97fd8073c620a94269a4e4ce79d331540
 Image 2 (initrd)
  Description:  Initrd
  Created:      Wed Jul 20 17:01:20 2022
  Type:         RAMDisk Image
  Compression:  uncompressed
  Data Size:    32901194 Bytes = 32130.07 KiB = 31.38 MiB
  Architecture: AArch64
  OS:           Linux
  Load Address: unavailable
  Entry Point:  unavailable
  Hash algo:    sha256
  Hash value:   f1290587e2155e3a5c2c870fa1d6e3e2252fb0dddf74992113d2ed86bc67f37c
 Image 3 (rbconfig)
  Description:  rustBoot Config
  Created:      Wed Jul 20 17:01:20 2022
  Type:         Unknown Image
  Compression:  uncompressed
  Data Size:    141 Bytes = 0.14 KiB = 0.00 MiB
  Hash algo:    sha256
  Hash value:   b16d058c4f09abdb8da98561f3a15d06ff271c38a4655c2be11dec23567fd519
 Default Configuration: 'bootconfig'
 Configuration 0 (bootconfig)
  Description:  Boot Config
  Kernel:       kernel
  Init Ramdisk: initrd
  FDT:          fdt
  Sign algo:    sha256,ecdsa256,nistp256:dev
  Sign value:   00
  Timestamp:    unavailable
$ cargo run fit-image ../boards/bootloaders/rpi4/apertis/rpi4-apertis.itb nistp256 ../boards/sign_images/keygen/ecc256.der
    Finished dev [unoptimized + debuginfo] target(s) in 0.08s
     Running `/Users/imrankhaleelsab/Imran/Boschspace/mcusigner/rustBoot/target/debug/rbsigner fit-image ../boards/bootloaders/rpi4/apertis/rpi4-apertis.itb nistp256 ../boards/sign_images/keygen/ecc256.der`

Image type:       fit-image
Curve type:       nistp256
Input image:      rpi4-apertis.bin
Public key:       ecc256.der
Output image:     signed-rpi4-apertis.itb
signature: ecdsa::Signature<NistP256>([67, 129, 47, 187, 185, 164, 219, 55, 185, 108, 6, 113, 113, 98, 237, 36, 220, 88, 158, 209, 99, 235, 56, 240, 93, 158, 44, 32, 10, 25, 45, 229, 105, 143, 2, 170, 234, 73, 149, 205, 202, 133, 147, 102, 167, 73, 229, 224, 237, 213, 8, 56, 28, 232, 246, 175, 28, 132, 68, 90, 234, 77, 108, 137])

bytes_written: 62202019

Command line output for mcu-image

❯ cargo stm32h723 build-sign-flash rustBoot 1234 1235
    Finished dev [unoptimized + debuginfo] target(s) in 0.08s
     Running `target/debug/xtask stm32h723 build-sign-flash rustBoot 1234 1235`
$ cargo build --release
    Finished release [optimized] target(s) in 0.12s
$ cargo build --release
    Finished release [optimized] target(s) in 0.11s
$ cargo build --release
    Finished release [optimized] target(s) in 0.12s
$ rust-objcopy -I elf32-littlearm ../../target/thumbv7em-none-eabihf/release/stm32h723_bootfw -O binary stm32h723_bootfw.bin
$ rust-objcopy -I elf32-littlearm ../../target/thumbv7em-none-eabihf/release/stm32h723_updtfw -O binary stm32h723_updtfw.bin
$ cargo run mcu-image ../boards/sign_images/signed_images/stm32h723_bootfw.bin nistp256 ../boards/sign_images/keygen/ecc256.der 1234
    Finished dev [unoptimized + debuginfo] target(s) in 0.07s
     Running `/Users/imrankhaleelsab/Imran/Boschspace/mcusigner/rustBoot/target/debug/rbsigner mcu-image ../boards/sign_images/signed_images/stm32h723_bootfw.bin nistp256 ../boards/sign_images/keygen/ecc256.der 1234`

Image type:       mcu-image
Curve type:       nistp256
Input image:      stm32h723_bootfw.bin
Public key:       ecc256.der
Image version:    1234
Output image:     stm32h723_bootfw_v1234_signed.bin
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created with 4640 bytes.

$ cargo run mcu-image ../boards/sign_images/signed_images/stm32h723_updtfw.bin nistp256 ../boards/sign_images/keygen/ecc256.der 1235
    Finished dev [unoptimized + debuginfo] target(s) in 0.08s
     Running `/Users/imrankhaleelsab/Imran/Boschspace/mcusigner/rustBoot/target/debug/rbsigner mcu-image ../boards/sign_images/signed_images/stm32h723_updtfw.bin nistp256 ../boards/sign_images/keygen/ecc256.der 1235`

Image type:       mcu-image
Curve type:       nistp256
Input image:      stm32h723_updtfw.bin
Public key:       ecc256.der
Image version:    1235
Output image:     stm32h723_updtfw_v1235_signed.bin
Calculating sha256 digest...
Signing the firmware...
Done.
Output image successfully created with 4640 bytes.

$ probe-rs-cli erase --chip STM32H723ZGTx
$ probe-rs-cli download --format Bin --base-address 0x8020000 --chip STM32H723ZGTx stm32h723_bootfw_v1234_signed.bin
     Erasing sectors ✔ [00:00:02] [#########################################################################################################] 128.00KiB/128.00KiB @ 61.47KiB/s (eta 0s )
 Programming pages   ✔ [00:00:00] [###########################################################################################################]  5.00KiB/ 5.00KiB @  1.03KiB/s (eta 0s )
    Finished in 2.222s
$ probe-rs-cli download --format Bin --base-address 0x8060000 --chip STM32H723ZGTx stm32h723_updtfw_v1235_signed.bin
     Erasing sectors ✔ [00:00:01] [#########################################################################################################] 128.00KiB/128.00KiB @ 63.64KiB/s (eta 0s )
 Programming pages   ✔ [00:00:00] [###########################################################################################################]  5.00KiB/ 5.00KiB @  1.06KiB/s (eta 0s )
    Finished in 2.153s
$ cargo flash --chip STM32H723ZGTx --release
    Finished release [optimized] target(s) in 0.11s
    Flashing /Users/imrankhaleelsab/Imran/Boschspace/mcusigner/rustBoot/boards/target/thumbv7em-none-eabihf/release/stm32h723
        WARN probe_rs::config::target > Using custom sequence for STM32H7
     Erasing sectors ✔ [00:00:01] [#########################################################################################################] 128.00KiB/128.00KiB @ 66.20KiB/s (eta 0s )
 Programming pages   ✔ [00:00:00] [###########################################################################################################] 44.00KiB/44.00KiB @ 13.35KiB/s (eta 0s )
    Finished in 2.929s
yashwanthsinghm commented 2 years ago

Tested for stm32f411 , its working fine.