-
Notifications
You must be signed in to change notification settings - Fork 550
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Question: Is secure boot working stably? #216
Comments
@jlaitine any comment? |
I didn't check the latest master, my own branch is from March 2021. There doesn't seem to be much differencies, however, so it should be fine with the master. Please let me know if you have any problems with it, I can check it out. To use it, you need to 1) enable signature check and embed the public key to the bootloader binary. 2) Add the TOC structure to px4 firmare and sign the binary. 3) Protect the public key embedded in the bootloader from tampering
$ export CRYPTO_HAL=monocypher To use your own keys, just point the PUBLIC_KEY0 to your own key-pair public part. But I suggest first testing with the provided test keys. After flashing the bootloader you'll find out that the board doesn't boot any more
$ export SIGNING_TOOL=./Tools/cryptotools.py The python script uses the same test key by default as what was used by default for the bootloader above. Again, to use your own key pair, the private key can be given as an argument to the "cryptotools.py" (via an envronment variable), or alternatively the whole script can be changed to your own one, which e.g. can operate over in your own infrastructure signing server or whatever. Just check the python script and what the build script gives to it as arguments.
The 1) and 2) are enough to test whether the signature check works and for the R&D. If you want to use this for a product, you need to enable RDP protection (level 2) on the STM chip to protect the bootloader. This can be done via JTAG and st-link utility. Don't do this until you are sure that everything is ok, it permanenty disables JTAG etc. Please note that I am not promising that the STM RDP protection is unbreakable ;) It is. however, commonly used in commercial products. Please let me know if you need any more assistance! |
Thanks a lot @jlaitine. I'll try it out in a few days. If things go well, I'll try to create a PR of the step by step process. |
Has anyone tried building the bootloader and firmware for pix32 v6 (px4_fmu-v6c) microcontroller? |
Hello,
We are planning to use this on one of our drones (fmuv5x). I can see that the last release was 6 years ago. Since then some important features like secure boot have been implemented. Therefore, I wanted to know if the master build of the bootloader is working stably for fmuv5x.
PS.
Please provide any documentation on how to use this.
The text was updated successfully, but these errors were encountered: