MCU Bootloader: Encrypted firmware upload on KV3x?

That's great, mjbcswitzerland

Thanks for the link to the video. This looks to be exactly what we were hoping for!

Since our interface is half-duplex, guessing we'll need to disable the uart receiver while transmitting, but judging from your video, modifying the bootloader looks straightforward... Presumably there will not be too much more involved in porting from the freedom project to our custom board? 

Appreciate the response and also your team's work with the uTasker project - looks very slick

Kind regards,
k

Hi

Porting is no issue - the project is designed to be very easily configurable for custom boards.

The UART for KBOOT mode is configured with

tInterfaceParameters.ucSpeed = SERIAL_BAUD_57600; // fixed baud rate for kboot compatibility
tInterfaceParameters.Config = (CHAR_8 | NO_PARITY | ONE_STOP | CHAR_MODE); // ensure no XON/XOFF mode used since the transfer is binary

There are additional option flags for RS485 or single-wire modes.
In the worst case (if the existing options don't prove to be as needed) the Rx can be disabled each time a transmission is started and re-enabled in the (optional) end of transmission call-back.

eg.
fnWrite(SerialPortID, (unsigned char *)ucAck, sizeof(ucAck)); // acknowledge the reception
becomes
fnDriver(SerialPortID, (RX_OFF), 0); // disable Rx during transmission
fnWrite(SerialPortID, (unsigned char *)ucAck, sizeof(ucAck)); // acknowledge the reception

When opening the UART:
tInterfaceParameters.txFrameCompleteHandler = _enableRx; // enter frame complete callback
SerialPortID = fnOpen(TYPE_TTY, FOR_I_O, &tInterfaceParameters);

static void __callback_interrupt _enableRx(QUEUE_LIMIT channel)
{
    fnDriver(SerialPortID, (RX_ON), 0); // re-enable Rx after frame transmission has completed
}

Devices with mmCAU will default to using this for AES256 decryption, those with LTC will default to using this and parts without HW accelerators will default to using AES256 code from mbedTLS, WolfSSL or OpenSSL (one can decide which one - there are details here https://www.utasker.com/docs/uTasker/uTasker_Cryptography.pdf , whereby I have found mbedTLS to be as good as any). Speed of the decryption is also secondary when loading via UART anyway and is not noticeable either.

Serial Loader guide: https://www.utasker.com/docs/uTasker/uTaskerSerialLoader.pdf

Regards

Mark

You're the man, Mark! 

Looking forward to running this on our boards  

Hey Myke, 

Good question and thank you for the anecdote. The answer is I don't fully know, but it is my understanding that there are tools that would break down a binary into readable formats; also I understand that the binaries are essentially plaintext machine code.

It seems possible that the binaries could be decomposed to see how data moves from the ADCs through the memory and how it is worked on, which could be very telling. It would also show how PWMs and other controls are manipulated. 

It's part of our IP strategy to keep our algorithms and sensor array geometries secret. The electronics are encapsulated to prevent physical access, leaving only some RS485 (uart) lines exposed, and potentially binaries if we have to update in the field (likely since it's a new product line). 

As you say, keeping the source code secret (and backed up!) is also a significant concern too. However, when distributing firmware to other countries, we will be encrypting the images, just to cover our bases.

And from the looks of things, it will be by implementing our own software decryption in a custom bootloader!  

Thank you for the feedback!