forked from embsec/insecure-example-2023
-
Notifications
You must be signed in to change notification settings - Fork 1
Home
Eleanor edited this page Jul 31, 2023
·
4 revisions
This wiki will detail the security measures that we (Team Brugh) are implementing.
Confidentiality: This is guaranteed by the use of AES encryption, specifically AES-GCM encryption, which implements AES-CTR.
Integrity: The GHASH should prevent tampering of data.
Authenticity: The use of keys known only by the 'factory' and bootloader should provide authenticity.
- Run "make" in the firmware folder. The following commands will be run in the tools folder.
- Generate keys and build bootloader:
python3 ./bl_build.py - Encrypt firmware:
python3 ./fw_protect.py --infile ../firmware/gcc/main.bin --outfile ../firmware/gcc/protected.bin --version 0 --message lolz --secret ../bootloader/secret_build_output.txt- In-file: the firmware that is to be encrypted
- Out-file: the destination for the encrypted firmware
- Version: the firmware version
- Message: the firmware release message
- Secret: where the encryption keys are stored
- Launch the Stellaris emulator:
python3 ./bl_emulate.py --debug- Debug: for launching a GDB debug server. Optional.
- Run an update:
python3 ./fw_update.py --firmware "../firmware/gcc/protected.bin" --debug- Firmware: the encrypted firmware that will be uploaded to the emulated Stellaris. This should be the out-file for fw_protect.py.
- Debug: prints out debug messages on factory side. Optional.
The Python cryptography library we will be using is PyCryptodome.
The C cryptography library we will be using is BearSSL.