[embassy-usb-dfu] support ed25519 verification

This commit adds the ability to verify that USB DFU updates are correctly signed using ed25519.
This required adding support to embassy-boot for reading from the DFU partition.

Author: Gerharddc

ci.sh

@@ -282,6 +282,7 @@ cargo batch \
     --- build --release --manifest-path examples/boot/bootloader/rp/Cargo.toml --target thumbv6m-none-eabi \
     --- build --release --manifest-path examples/boot/bootloader/stm32/Cargo.toml --target thumbv7em-none-eabi --features embassy-stm32/stm32l496zg \
     --- build --release --manifest-path examples/boot/bootloader/stm32wb-dfu/Cargo.toml --target thumbv7em-none-eabi --features embassy-stm32/stm32wb55rg \
+    --- build --release --manifest-path examples/boot/bootloader/stm32wb-dfu/Cargo.toml --target thumbv7em-none-eabi --features embassy-stm32/stm32wb55rg,verify \
     --- build --release --manifest-path examples/boot/bootloader/stm32-dual-bank/Cargo.toml --target thumbv7em-none-eabi --features embassy-stm32/stm32h743zi \
     --- build --release --manifest-path examples/wasm/Cargo.toml --target wasm32-unknown-unknown --artifact-dir out/examples/wasm \
     --- build --release --manifest-path tests/stm32/Cargo.toml --target thumbv7m-none-eabi --features stm32f103c8 --artifact-dir out/tests/stm32f103c8 \

embassy-boot/src/firmware_updater/asynch.rs

@@ -161,6 +161,17 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> FirmwareUpdater<'d, DFU, STATE> {
         Ok(())
     }
 
+    /// Read a slice of data from the DFU storage peripheral, starting the read
+    /// operation at the given address offset, and reading `buf.len()` bytes.
+    ///
+    /// # Errors
+    ///
+    /// Returns an error if the arguments are not aligned or out of bounds.
+    pub async fn read_dfu(&mut self, offset: u32, buf: &mut [u8]) -> Result<(), FirmwareUpdaterError> {
+        self.dfu.read(offset, buf).await?;
+        Ok(())
+    }
+
     /// Mark to trigger firmware swap on next boot.
     #[cfg(not(feature = "_verify"))]
     pub async fn mark_updated(&mut self) -> Result<(), FirmwareUpdaterError> {

embassy-boot/src/firmware_updater/blocking.rs

@@ -196,6 +196,17 @@ impl<'d, DFU: NorFlash, STATE: NorFlash> BlockingFirmwareUpdater<'d, DFU, STATE>
         Ok(())
     }
 
+    /// Read a slice of data from the DFU storage peripheral, starting the read
+    /// operation at the given address offset, and reading `buf.len()` bytes.
+    ///
+    /// # Errors
+    ///
+    /// Returns an error if the arguments are not aligned or out of bounds.
+    pub fn read_dfu(&mut self, offset: u32, buf: &mut [u8]) -> Result<(), FirmwareUpdaterError> {
+        self.dfu.read(offset, buf)?;
+        Ok(())
+    }
+
     /// Mark to trigger firmware swap on next boot.
     #[cfg(not(feature = "_verify"))]
     pub fn mark_updated(&mut self) -> Result<(), FirmwareUpdaterError> {

embassy-usb-dfu/Cargo.toml

@@ -43,3 +43,8 @@ esp32c3-hal = { version = "0.13.0", optional = true, default-features = false }
 dfu = []
 application = []
 defmt = ["dep:defmt", "embassy-boot/defmt", "embassy-usb/defmt"]
+ed25519-dalek = ["embassy-boot/ed25519-dalek", "_verify"]
+ed25519-salty = ["embassy-boot/ed25519-salty", "_verify"]
+
+# Internal features
+_verify = []

embassy-usb-dfu/README.md

@@ -4,3 +4,9 @@ An implementation of the USB DFU 1.1 protocol using embassy-boot. It has 2 compo
 
 * DFU protocol mode, enabled by the `dfu` feature. This mode corresponds to the transfer phase DFU protocol described by the USB IF. It supports DFU_DNLOAD requests if marked by the user, and will automatically reset the chip once a DFU transaction has been completed. It also responds to DFU_GETSTATUS, DFU_GETSTATE, DFU_ABORT, and DFU_CLRSTATUS with no user intervention.
 * DFU runtime mode, enabled by the `application feature`. This mode allows users to expose a DFU interface on their USB device, informing the host of the capability to DFU over USB, and allowing the host to reset the device into its bootloader to complete a DFU operation. Supports DFU_GETSTATUS and DFU_DETACH. When detach/reset is seen by the device as described by the standard, will write a new DFU magic number into the bootloader state in flash, and reset the system.
+
+## Verification
+
+Embassy-boot provides functionality to verify that an update binary has been correctly signed using ed25519 as described in https://embassy.dev/book/#_verification. Even though the linked procedure describes the signature being concatenated to the end of the update binary, embassy-boot does not force this and is flexible in terms of how the signature for a binary is distributed. The current implementation in embassy-usb-dfu does however assume that the signature is 64 bytes long and concatenated to the end of the update binary since this is the simplest way to make it work with the usb-dfu mechanism. I.e. embassy-usb-dfu does not currently offer the same flexibility as embassy-boot.
+
+To enable verification, you need to enable either the `ed25519-dalek` or the `ed25519-salty` feature with `ed25519-salty` being recommended.

embassy-usb-dfu/src/dfu.rs

@@ -19,11 +19,19 @@ pub struct Control<'d, DFU: NorFlash, STATE: NorFlash, RST: Reset, const BLOCK_S
     offset: usize,
     buf: AlignedBuffer<BLOCK_SIZE>,
     reset: RST,
+
+    #[cfg(feature = "_verify")]
+    public_key: &'static [u8; 32],
 }
 
 impl<'d, DFU: NorFlash, STATE: NorFlash, RST: Reset, const BLOCK_SIZE: usize> Control<'d, DFU, STATE, RST, BLOCK_SIZE> {
     /// Create a new DFU instance to handle DFU transfers.
-    pub fn new(updater: BlockingFirmwareUpdater<'d, DFU, STATE>, attrs: DfuAttributes, reset: RST) -> Self {
+    pub fn new(
+        updater: BlockingFirmwareUpdater<'d, DFU, STATE>,
+        attrs: DfuAttributes,
+        reset: RST,
+        #[cfg(feature = "_verify")] public_key: &'static [u8; 32],
+    ) -> Self {
         Self {
             updater,
             attrs,
@@ -32,6 +40,9 @@ impl<'d, DFU: NorFlash, STATE: NorFlash, RST: Reset, const BLOCK_SIZE: usize> Co
             offset: 0,
             buf: AlignedBuffer([0; BLOCK_SIZE]),
             reset,
+
+            #[cfg(feature = "_verify")]
+            public_key,
         }
     }
 
@@ -102,7 +113,23 @@ impl<'d, DFU: NorFlash, STATE: NorFlash, RST: Reset, const BLOCK_SIZE: usize> Ha
                 if final_transfer {
                     debug!("Receiving final transfer");
 
-                    match self.updater.mark_updated() {
+                    #[cfg(feature = "_verify")]
+                    let update_res: Result<(), FirmwareUpdaterError> = {
+                        const SIGNATURE_LEN: usize = 64;
+
+                        let mut signature = [0; SIGNATURE_LEN];
+                        let update_len = (self.offset - SIGNATURE_LEN) as u32;
+
+                        self.updater.read_dfu(update_len, &mut signature).and_then(|_| {
+                            self.updater
+                                .verify_and_mark_updated(self.public_key, &signature, update_len)
+                        })
+                    };
+
+                    #[cfg(not(feature = "_verify"))]
+                    let update_res = self.updater.mark_updated();
+
+                    match update_res {
                         Ok(_) => {
                             self.status = Status::Ok;
                             self.state = State::ManifestSync;
@@ -168,7 +195,7 @@ impl<'d, DFU: NorFlash, STATE: NorFlash, RST: Reset, const BLOCK_SIZE: usize> Ha
                 Some(InResponse::Accepted(&buf[0..1]))
             }
             Ok(Request::Upload) if self.attrs.contains(DfuAttributes::CAN_UPLOAD) => {
-                //TODO: FirmwareUpdater does not provide a way of reading the active partition, can't upload.
+                //TODO: FirmwareUpdater provides a way of reading the active partition so we could in theory add functionality to upload firmware.
                 Some(InResponse::Rejected)
             }
             _ => None,

examples/boot/application/stm32wb-dfu/memory.x

@@ -1,10 +1,10 @@
 MEMORY
 {
   /* NOTE 1 K = 1 KiBi = 1024 bytes */
-  BOOTLOADER                        : ORIGIN = 0x08000000, LENGTH = 24K
-  BOOTLOADER_STATE                  : ORIGIN = 0x08006000, LENGTH = 4K
-  FLASH                             : ORIGIN = 0x08008000, LENGTH = 128K
-  DFU                               : ORIGIN = 0x08028000, LENGTH = 132K
+  BOOTLOADER                        : ORIGIN = 0x08000000, LENGTH = 48K
+  BOOTLOADER_STATE                  : ORIGIN = 0x0800C000, LENGTH = 4K
+  FLASH                             : ORIGIN = 0x0800D000, LENGTH = 120K
+  DFU                               : ORIGIN = 0x0802B000, LENGTH = 120K
   RAM                         (rwx) : ORIGIN = 0x20000000, LENGTH = 32K
 }
 

examples/boot/application/stm32wb-dfu/secrets/key.sec

@@ -0,0 +1,2 @@
+untrusted comment: signify secret key
+RWRCSwAAAAATdHQF3B4jEIoNZrjADRp2LbjJjNdNNzKwTCe4IB6mDNq96pe53nbNxwbdCc/T4hrz7W+Kx1MwrZ0Yz5xebSK5Z0Kh/3Cdf039U5f+eoTDS2fIGbohyUbrtwKzjyE0qXI=

examples/boot/bootloader/stm32wb-dfu/Cargo.toml

@@ -30,6 +30,7 @@ defmt = [
     "embassy-usb/defmt",
     "embassy-usb-dfu/defmt"
 ]
+verify = ["embassy-usb-dfu/ed25519-salty"]
 
 [profile.dev]
 debug = 2

examples/boot/bootloader/stm32wb-dfu/README.md

@@ -28,6 +28,32 @@ cargo objcopy --release -- -O binary fw.bin
 dfu-util -d c0de:cafe -w -D fw.bin
 ```
 
+### 3. Sign Updates Before Flashing (Optional)
+
+Currently, embassy-usb-dfu only supports a limited implementation of the generic support for ed25519-based update verfication in embassy-boot. This implementation assumes that a signature is simply concatenated to the end of an update binary. For more details, please see https://embassy.dev/book/#_verification and/or refer to the documentation for embassy-boot-dfu.
+
+To sign (and then verify) application updates, you will first need to generate a key pair:
+
+```
+signify-openbsd -G -n -p secrets/key.pub -s secrets/key.sec
+tail -n1 secrets/key.pub | base64 -d -i - | dd ibs=10 skip=1 > secrets/key.pub.short
+```
+
+Then you will need to sign all you binaries with the private key:
+
+```
+cargo objcopy --release -- -O binary fw.bin
+shasum -a 512 -b fw.bin | head -c128 | xxd -p -r > target/fw-hash.txt
+signify-openbsd -S -s secrets/key.sec -m target/fw-hash.txt -x target/fw-hash.sig
+cp fw.bin fw-signed.bin
+tail -n1 target/fw-hash.sig | base64 -d -i - | dd ibs=10 skip=1 >> fw-signed.bin
+dfu-util -d c0de:cafe -w -D fw-signed.bin
+```
+
+Finally, as shown in this example with the `verify` feature flag enabled, you then need to embed the public key into your bootloader so that it can verify update signatures.
+
+N.B. Please note that the exact steps above are NOT a good example of how to manage your keys securely. In a production environment, you should take great care to ensure that (at least the private key) is protected and not leaked into your version control system.
+
 ## Troubleshooting
 
 - Make sure your device is in DFU mode before flashing

examples/boot/bootloader/stm32wb-dfu/memory.x

@@ -1,10 +1,10 @@
 MEMORY
 {
   /* NOTE 1 K = 1 KiBi = 1024 bytes */
-  FLASH                             : ORIGIN = 0x08000000, LENGTH = 24K
-  BOOTLOADER_STATE                  : ORIGIN = 0x08006000, LENGTH = 4K
-  ACTIVE                            : ORIGIN = 0x08008000, LENGTH = 128K
-  DFU                               : ORIGIN = 0x08028000, LENGTH = 132K
+  FLASH                             : ORIGIN = 0x08000000, LENGTH = 48K
+  BOOTLOADER_STATE                  : ORIGIN = 0x0800C000, LENGTH = 4K
+  ACTIVE                            : ORIGIN = 0x0800D000, LENGTH = 120K
+  DFU                               : ORIGIN = 0x0802B000, LENGTH = 120K
   RAM                         (rwx) : ORIGIN = 0x20000000, LENGTH = 16K
 }
 

examples/boot/bootloader/stm32wb-dfu/secrets/key.pub.short

@@ -0,0 +1 @@
+gB��p�M�S��z��Kg��!�F���!4�r

examples/boot/bootloader/stm32wb-dfu/src/main.rs

@@ -25,6 +25,12 @@ bind_interrupts!(struct Irqs {
 // N.B. update to a custom GUID for your own device!
 const DEVICE_INTERFACE_GUIDS: &[&str] = &["{EAA9A5DC-30BA-44BC-9232-606CDC875321}"];
 
+// This is a randomly generated example key.
+//
+// N.B. Please replace with your own!
+#[cfg(feature = "verify")]
+static PUBLIC_SIGNING_KEY: &[u8; 32] = include_bytes!("../secrets/key.pub.short");
+
 #[entry]
 fn main() -> ! {
     let mut config = embassy_stm32::Config::default();
@@ -57,7 +63,13 @@ fn main() -> ! {
         let mut config_descriptor = [0; 256];
         let mut bos_descriptor = [0; 256];
         let mut control_buf = [0; 4096];
+
+        #[cfg(not(feature = "verify"))]
         let mut state = Control::new(updater, DfuAttributes::CAN_DOWNLOAD, ResetImmediate);
+
+        #[cfg(feature = "verify")]
+        let mut state = Control::new(updater, DfuAttributes::CAN_DOWNLOAD, ResetImmediate, PUBLIC_SIGNING_KEY);
+
         let mut builder = Builder::new(
             driver,
             config,