Code signing...

[pbreed]

The next 3.3.3 release will support code signing.
It supports signing with an RSA private key.
Once code signing is enabled the board will not load unsigned code.
(Jumper based Alt monitor recovery still works)

We made it about as simple as possible.
Once you have a Public key loaded on the system.
(I chose compiled public key in for the demo,
you could also be stored in flash, or file system))

So once you have the public key accessible (either PEM or DER format)
A single call:
RegisterAppSigningPublicKey(ptr_to_publickey_blob);

Turns on code signing.
Now if the signature is not correct or included then it gives a code authentication error and does not update.
This applies to code loaded via the webpage, serial loads from the 3.0 serial interface, or any user created function that uses streamupdate. (ftp or http post examples use streamupdate)


So how do you sign the code?
There is a new netburer utility nbsign its written in GO and source is provided.

nbsign usage is

nbsign -k <path to private key> -in <binaryapp iamge> -o <where to put the signed copy>

for the command line tool users:

set NB_SIGN_KEY to point to the private key...

IE:

NB_SIGN_KEY=c:\nburn\key\signkey.key

then you can do
make sign
and
make loadsign

Signing will not make it into this release of eclipse, but its coming.

If the private key is pass phrase protected nbsign will prompt for the pass phrase, or you can include it on the command line with a -p option.


I've looked at what it would take to do code signing under 2.9.x
and it would require a complete rewrite of the code saving stuff, not using autoupdate.
It could be done to the http file post update and the tcpupdate examples, but its not going to happen with autopdate.

[RebootExpert]

Does nbsign have an option to input a hash algorithm for signing? Is it possible sign with a ecc key?

[pbreed]

Signing involves a Hash, it currently hashes with SHA1 or SHA256
sha1 by default, passing -sha256 to nbsign uses sha256

functionally an RSA signature of a blob is hash the blob, then encode the hash result with the private key, this result is the signature. (some padding and other minor details omitted)
verification is hash the blob, decode the signature with the public key, then verify the decode and hash match.


Yes its possible to do add an ecc version, but right now the new tools/examples do RSA only.

As an aside, I clearly understand RSA (I've written an RSA implementation from scratch in the past)
eccdsa is more of a black box to me and I understand it has issues with signing and private key leakage if the random source used for signing is not really random. So how good is the random source in a crosplatform standalone go app???

Do you have a customer requirement to do ecc signing?

[RebootExpert]

No it's just a question popped into my head when I saw it supports RSA , but leaves ECC out.

[RebootExpert]

Just test out the signing feature in 3.3.4. Can you automate the signing when build with Eclipse IDE?

[pbreed]

Yes it can be automated...in eclipse
Submit a support request...

[Forrest]

Just test out the signing feature in 3.3.4. Can you automate the signing when build with Eclipse IDE?

After NBEclipse has built your project:

1. Create an External Tool Configuration with Run->External Tools->External Tools Configurations
2. In the new external tool configuration, specify the following:
Name: Sign
Location: ${env_var:NNDK_ROOT}\pcbin\nbsign.exe
Working Directory: Browse Workspace and select your project
Arguments: -k <full path to private key.pem> -in Release\${project_name}.bin -o Release\${project_name}.signed.bin

Then, if you run the external tool, it should build and sign.