b0c8c688c7
1147: Support codesigning in the firmware updater r=lulf a=huntc This PR provides a method to verify that firmware has been SHA-512 hashed and signed with a private key given its public key. The implementation provides both [`ed25519-dalek`](https://github.com/dalek-cryptography/ed25519-dalek/blob/main/Cargo.toml) and [`salty`](https://github.com/ycrypto/salty) as the signature verifiers. Either of the `ed25519-dalek` and `ed25519-salty` features is required to enable the functionality from `embassy-boot`. The `verify_and_mark_updated` method is used in place of `mark_updated` when signing is used via its feature. This avoids the accidental omission of validation where it has been declared as required at compile time. It also keeps the parity of calls at the same number to the previous situation. The PR permits other types of signature verifiers in the future on the proviso that the [Signature trait](https://github.com/RustCrypto/traits/tree/master/signature) is supported. Finally, I've updated the CI to include testing `embassy-boot`, which it was doing before. In addition, I've included a unit test for verification based on a `ed25519-dalek` documentation example. This tests both the `dalek` and `salty` implementations. In terms of code size comparisons, `dalek` adds about 68KiB and `salty` adds about 20KiB. I'm using `salty` myself. I've also tested this out by signing my code with the OpenBSD `signify` utility and then verify it during firmware upload using `salty`. Co-authored-by: huntc <huntchr@gmail.com> |
||
---|---|---|
.. | ||
boot | ||
nrf-rtos-trace | ||
nrf5340 | ||
nrf52840 | ||
rp | ||
std | ||
stm32f0 | ||
stm32f1 | ||
stm32f2 | ||
stm32f3 | ||
stm32f4 | ||
stm32f7 | ||
stm32g0 | ||
stm32g4 | ||
stm32h7 | ||
stm32l0 | ||
stm32l1 | ||
stm32l4 | ||
stm32l5 | ||
stm32u5 | ||
stm32wb | ||
stm32wl | ||
wasm |