Select Page

Secure boot — 2020 Batch

Objective

•To design a bootloader which boots the application code by verifying its integrity, authenticity and securely updates the firmware through a serial communication protocol.

Specifications

• Communication Protocol – UART

• Encryption Standard – AES standard

• Hash Algorithm – SHA-256

• Digital Signature – Elliptic curve Digital Signature Algorithm (ECDSA)

Project Setup

• Host PC – contains python UART tool running on it

• TIVA board – connected to PC via UART0

 

 

 

 

Complete Application Image

• Application size – 4 bytes required to store the size

• Signature (ECDSA) – Elliptic Curve Digital Signature Algorithm provides authentication (verify the origin of message) and Integrity (message has not been modified)

• Public key – Used to decode the signature into hash of the message

• Encrypted Application Image – Application is encrypted using AES standard

 

 

 

 

 

 

Memory

• Total Flash – 256 kBytes (0x0000_0000 – 0x0004_0000)

• Bootloader – 64 kBytes (0x0000_0000 – 0x0001_0000)

• Application – 192 kBytes (0x0001_0000 – 0x0004_0000)

 

 

 

 

 

 

 

 

Python Tool

• Browse button – to select the binary file

• Baud – to specify the baud rate (115200)

• Port – to specify the port to which board is connected (ttyACM0 / ttyACM1)

• Radio buttons (Windows (COM), Linux (ttyACM0)) – to specify OS (serial port configuration is different for each platform)

 

 

 

 

 

 

 

Changes in linker script of application​ code

• Line 11 and line 25 are changed. The application start address is provided instead of 0x00000000.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

UART Communication

• send size

 

 

 

 

 

 

 

 

• send application image

 

 

 

 

 

 

 

 

 

 

 

 

 

 

• close connection

 

 

 

 

 

 

Bootloader flow

• Check for the BOOTPIN

• If pressed, then update the firmware

• Initialize UART0

• Receive application image

• Store in flash

• If not pressed, then

• boot application present in the flash

Conclusion

Secure boot ensures security in updating the firmware and executing the application securely. The hashing algorithm provides integrity, signature provides authentication, whereas the encryption provides confidentiality in communication. The application is stored as encrypted in the flash memory and decrypted at the time of execution in ram. So it prevents the application program getting accessed by an attacker. For hashing, signature and encryption, there are many other algorithms available and can be used to provide better security. This implementation is demonstration of basic security.

Resources

LInk to source codes: [1]