Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SFT-3480: Add firmware image signature verification #503

Merged
merged 2 commits into from
Jul 17, 2024
Merged

SFT-3480: Add firmware image signature verification #503

merged 2 commits into from
Jul 17, 2024

Conversation

jeandudey
Copy link
Contributor

This does the same as the bootloader but verifies the image before copying it to check if the user has a corrupt firmware image. The bootloader checked this anyway so this is an extra layer of measure.

@jeandudey jeandudey force-pushed the jeandudey/sft-3480-replicate-checks-from-bootloader-when-upgrading branch 3 times, most recently from 4f79c5d to 3859b88 Compare May 17, 2024 12:45
@jeandudey jeandudey self-assigned this May 20, 2024
@jeandudey jeandudey force-pushed the jeandudey/sft-3480-replicate-checks-from-bootloader-when-upgrading branch 2 times, most recently from a825548 to 13ba9e9 Compare May 21, 2024 15:51
@jeandudey jeandudey marked this pull request as ready for review May 21, 2024 15:51
@jeandudey jeandudey force-pushed the jeandudey/sft-3480-replicate-checks-from-bootloader-when-upgrading branch from 13ba9e9 to 0a630b6 Compare May 23, 2024 16:11
@jeandudey jeandudey changed the base branch from dev-v2.4.0 to dev-v2.3.2 July 15, 2024 10:06
FoundationKen
FoundationKen previously approved these changes Jul 15, 2024
View reviewed changes
jeandudey added 2 commits July 16, 2024 11:32
@jeandudey
SFT-3536: Add foundation-firmware crate.
736b522 
* Cargo.lock: Update lockfile.
* Cargo.toml (dependencies) <foundation-firmware>: New dependency.
@jeandudey
SFT-3536: Validate header with foundation-firmware.
7003eaa 
* extmod/foundation-rust/include/foundation.h: Update bindings.
* extmod/foundation-rust/src/firmware.rs: New module.
* extmod/foundation-rust/src/lib.rs (firmware): Register module.
* ports/stm32/boards/Passport/modpassport-system.h
(mod_passport_System_validate_firmware_header): Remove procedure.
(mod_passport_System_validate_firmware_header_obj): Remove variable.
(mod_passport_System_locals_dict_table): Remove
validate_firmware_header.
* ports/stm32/boards/Passport/modpassport.c
(mod_passport_verify_update_header): New procedure.
(mod_passport_verify_update_header_obj): New variable.
(passport_module_globals_table): Add verify_update_header.
* ports/stm32/boards/Passport/modules/flows/update_firmware_flow.py
(UpdateFirmwareFlow) <show_firmware_details>: Use verify_update_header
instead of validate_firmware_header.
* ports/stm32/boards/Passport/modules/tasks/verify_firmware_signature_task.py:
Add new task.
@jeandudey jeandudey force-pushed the jeandudey/sft-3480-replicate-checks-from-bootloader-when-upgrading branch from 0a630b6 to 7003eaa Compare July 16, 2024 09:33
@jeandudey jeandudey merged commit b77d012 into dev-v2.3.2 Jul 17, 2024
18 checks passed
@jeandudey jeandudey deleted the jeandudey/sft-3480-replicate-checks-from-bootloader-when-upgrading branch July 17, 2024 08:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@FoundationKen FoundationKen FoundationKen approved these changes

@mjg-foundation mjg-foundation Awaiting requested review from mjg-foundation

Assignees

@jeandudey jeandudey

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jeandudey @FoundationKen