Hi all,
I'd like to have a secure bootloader with encrypted firmwaremike AES 128 for example. I'm working with SAMD21E17A I'd like to know if it' possible to change/update this bootloader https://github.com/adafruit/uf2-samdx1 to add this feature? does it already exist ?
or this repo https://github.com/arduino/ArduinoCore- ... loader_D21 because i used Arduino...
Secure bootloader encrypted firmware
Moderators: adafruit_support_bill, adafruit
Please be positive and constructive with your questions and comments.
- User_UMjT7KxnxP8YN8
- Posts: 323
- Joined: Tue Jul 17, 2018 1:28 pm
Re: Secure bootloader encrypted firmware
The bootloader must be readable as plain text by the processor, otherwise it cannot be executed. So unless someone knows some powerful magic I never learned in 40+ years of programming, I'm going to say it can't be done.
That said, exactly what problem are you trying to solve? If you want to verify the integrity of your boot loader you could add code to calculate a hash of the code and compare it to a value stored elsewhere. If you don't want your code to be visible to debuggers, I know the SAMD51J19A has a 'security bit' that can be set to prevent external program memory access; your SAMD21E17A may have a similar feature.
The SAMD51J19A also has the ability to 'scramble' the contents of an external QSPI memory (not sure if SAMD51J19A has this feature). You could put your boot loader there, but would still need code stored in plain text in program memory to set up the QSPI interface and call the bootloader code stored in QSPI memory. The processor has the ability to execute code in-place in QSPI memory.
Don't know if any of that is directly helpful, but should provide food for thought.
That said, exactly what problem are you trying to solve? If you want to verify the integrity of your boot loader you could add code to calculate a hash of the code and compare it to a value stored elsewhere. If you don't want your code to be visible to debuggers, I know the SAMD51J19A has a 'security bit' that can be set to prevent external program memory access; your SAMD21E17A may have a similar feature.
The SAMD51J19A also has the ability to 'scramble' the contents of an external QSPI memory (not sure if SAMD51J19A has this feature). You could put your boot loader there, but would still need code stored in plain text in program memory to set up the QSPI interface and call the bootloader code stored in QSPI memory. The processor has the ability to execute code in-place in QSPI memory.
Don't know if any of that is directly helpful, but should provide food for thought.
Please be positive and constructive with your questions and comments.