manual:security
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
manual:security [2018/07/03 15:52] voorburg [Security] |
manual:security [2018/07/04 14:47] voorburg [Bootloader] |
||
|---|---|---|---|
| Line 2: | Line 2: | ||
| The OpenBLT bootloader is an open source project, allowing everyone to access the sources. One downside of this is that if someone knows the OpenBLT bootloader is used in your product, it is relatively easy for them to figure out how to update the firmware in your product. Although this could be a feature of your product, in most cases it is not desirable. | The OpenBLT bootloader is an open source project, allowing everyone to access the sources. One downside of this is that if someone knows the OpenBLT bootloader is used in your product, it is relatively easy for them to figure out how to update the firmware in your product. Although this could be a feature of your product, in most cases it is not desirable. | ||
| - | For this reason the bootloader contains a seed/key security module. If this security module is enabled in the bootloader's configuration, updates can only be made by users that have the seed/key shared library (*.dll, *.so) with the correct security algorithm on their PC. If not, then firmware updates are not allowed and the bootloader will simply not allow a connection to be established: | + | For this reason the bootloader contains a seed/key security module. If this security module is enabled in the bootloader's configuration, updates can only be made by users that have the seed/key shared library (*.dll, *.so) with the correct security algorithm on their PC. If not, then firmware updates are not allowed and the bootloader will simply not allow a connection to be established, regardless of how many times the microcontroller is reset: |
| {{:manual:microboot_seedkey_security_noconnection.png?|}} | {{:manual:microboot_seedkey_security_noconnection.png?|}} | ||
| Line 17: | Line 17: | ||
| The next step is to configure the location of the seed/key shared library in Microboot. The demo programs are preconfigured to work with the one called "libseednkey.dll". This file is located in the same directory as Microboot. Follow these steps: | The next step is to configure the location of the seed/key shared library in Microboot. The demo programs are preconfigured to work with the one called "libseednkey.dll". This file is located in the same directory as Microboot. Follow these steps: | ||
| - | * Start Microboot by double-clicking "\Host\**MicroBoot.exe**". | + | * Start Microboot by double-clicking "\Host\**MicroBoot.exe**" (on Linux it is "\Host\**MicroBoot**"). |
| - | * Click the "**Settings**"-button and, on the newly appeared dialog, click the "**Options**"-button. | + | * Click the "**Settings**"-button and, on the newly appeared dialog, go to the "Session Protocol"-tab. |
| - | * On the "XCP Protection"-tab Click the "**Browse**"-button and select the file "libseednkey.dll". | + | * Click the "**Browse**"-button and select the file "libseednkey.dll". |
| - | * Click "**OK**" twice to save the settings. | + | * Click "**OK**" to save the settings. |
| - | {{:manual:microboot_xcp_protection.png?nolink|}} | + | {{:manual:microboot_xcp_seedkey_protection.png?|}} |
| If you now perform a firmware update, everything will work as usual. The moment you remove the "libseednkey.dll"-file or if it contains an invalid security unlock algorithm, firmware updates will be rejected by the bootloader. | If you now perform a firmware update, everything will work as usual. The moment you remove the "libseednkey.dll"-file or if it contains an invalid security unlock algorithm, firmware updates will be rejected by the bootloader. | ||
| Line 58: | Line 58: | ||
| blt_int8u XcpVerifyKeyHook(blt_int8u resource, blt_int8u *key, blt_int8u len) | blt_int8u XcpVerifyKeyHook(blt_int8u resource, blt_int8u *key, blt_int8u len) | ||
| { | { | ||
| - | /* the example key algorithm in "FeaserKey.dll" works as follows: | + | /* the example key algorithm in "libopenblt.dll" works as follows: |
| * - programming resource will be unlocked if key = seed - 1 | * - programming resource will be unlocked if key = seed - 1 | ||
| */ | */ | ||
manual/security.txt · Last modified: 2022/02/10 19:10 by voorburg
Page Tools
