Secure bootloader encrypted firmware

Please tell us which board you are using.
For CircuitPython issues, ask in the Adafruit CircuitPython forum.

Moderators: adafruit_support_bill, adafruit

Please be positive and constructive with your questions and comments.
Locked
User avatar
Simon88
 
Posts: 10
Joined: Wed Mar 24, 2021 2:40 pm

Secure bootloader encrypted firmware

Post by Simon88 »

Hi all,

I'd like to have a secure bootloader with encrypted firmwaremike AES 128 for example. I'm working with SAMD21E17A I'd like to know if it' possible to change/update this bootloader https://github.com/adafruit/uf2-samdx1 to add this feature? does it already exist ?

or this repo https://github.com/arduino/ArduinoCore- ... loader_D21 because i used Arduino...

User avatar
User_UMjT7KxnxP8YN8
 
Posts: 323
Joined: Tue Jul 17, 2018 1:28 pm

Re: Secure bootloader encrypted firmware

Post by User_UMjT7KxnxP8YN8 »

The bootloader must be readable as plain text by the processor, otherwise it cannot be executed. So unless someone knows some powerful magic I never learned in 40+ years of programming, I'm going to say it can't be done.

That said, exactly what problem are you trying to solve? If you want to verify the integrity of your boot loader you could add code to calculate a hash of the code and compare it to a value stored elsewhere. If you don't want your code to be visible to debuggers, I know the SAMD51J19A has a 'security bit' that can be set to prevent external program memory access; your SAMD21E17A may have a similar feature.

The SAMD51J19A also has the ability to 'scramble' the contents of an external QSPI memory (not sure if SAMD51J19A has this feature). You could put your boot loader there, but would still need code stored in plain text in program memory to set up the QSPI interface and call the bootloader code stored in QSPI memory. The processor has the ability to execute code in-place in QSPI memory.

Don't know if any of that is directly helpful, but should provide food for thought.

Locked
Please be positive and constructive with your questions and comments.

Return to “Metro, Metro Express, and Grand Central Boards”