Move key_id from header into TLV

Remove the key_id field from the image header.  There are two problems
with this field.  First, it is only an integer offset, and so causes an
unnecessarily tight coupling between the particular keys built into the
bootloader, and the key that is used to sign.  Second, it makes the
key_id part of the image header, which is included in the signature.
This makes it impossible to later sign the image with a different
signature.

Instead of the key-id, add a TLV KEYHASH entry.  This will hold the
SHA256 of the public key that the signature is against.  Each signature
placed in the TLV should be preceeded by this entry to indicate the
public key used.

The signature check will check each signature, and if the KEYHASH is
known and the signature type is supported, it will be checked.  As long
as at least one signature is considered valid, the image will be
considered signed.  This also allows the image to be signed with
multiple signatures to support having different devices with possibly
different keys compiled into the bootloaders.

Based on work by Marko Kiiskila <marko@runtime.io>

Signed-off-by: Marko Kiiskila <marko@runtime.io>
Signed-off-by: David Brown <david.brown@linaro.org>
8 files changed
tree: 251da6db04ada15828068dc98650b5067319097d
  1. boot/
  2. doc/
  3. samples/
  4. scripts/
  5. sim/
  6. testplan/
  7. .gitignore
  8. .gitmodules
  9. .travis.yml
  10. build_boot.sh
  11. Makefile
  12. project.yml
  13. README-mynewt.rst
  14. README-RIOT.rst
  15. README-zephyr.rst
  16. README.md
  17. release-notes.rst
  18. repository.yml
  19. root-ec-p256.pem
  20. root-rsa-2048.pem
  21. sign.sh
README.md

mcuboot

This is mcuboot, version 0.9.0

Overview

MCUBoot is a secure bootloader for 32-bit MCUs. The goal of MCUBoot is to define a common infrastructure for the bootloader, system flash layout on microcontroller systems, and to provide a secure bootloader that enables easy software upgrade.

MCUboot is operating system and hardware independent, and relies on hardware porting layers from the operating system it works with. Currently mcuboot works with both the Apache Mynewt, and Zephyr operating systems, but more ports are planned in the future. RIOT is currently supported as a boot target with a complete port planned.

Roadmap

The issues being planned and worked on are tracked on Jira. To participate please visit:

https://runtimeco.atlassian.net/projects/MCUB/summary

Browsing

Information and documentation on the bootloader is stored within the source, and on confluence:

https://runtimeco.atlassian.net/wiki/discover/all-updates

For more information in the source, here are some pointers:

  • boot/bootutil: The core of the bootloader itself.
  • boot/boot_serial: Support for serial upgrade within the bootloader itself.
  • boot/zephyr: Port of the bootloader to Zephyr
  • boot/mynewt: Mynewt bootloader app
  • imgtool: A tool to securely sign firmware images for booting by mcuboot.
  • sim: A bootloader simulator for testing and regression

Joining

Developers welcome!