User Tools

Site Tools


manual:security

This is an old revision of the document!


Security

The OpenBLT bootloader is an open source project, allowing everyone to access the sources. One downside of this is that if someone knows the OpenBLT bootloader is used in your product, it is relatively easy for them to figure out how to update the firmware in your product. Although this could be a feature of your product, in most cases it is not desirable.

For this reason the bootloader contains a seed/key security module. If this security module is enabled in the bootloader's configuration, updates can only be made by users that have the correct seed/key DLL on their PC. If not, then firmware updates are not allowed and the following message appears if it is attempted:

Configuration

The demo programs are prepared to use the seed/key security module. All that has to be done to enable it, is to set the configuration macro BOOT_XCP_SEED_KEY_ENABLE to a value of 1 in “blt_conf.h”. Once changed the bootloader should be rebuild an programmed into the flash memory of your microcontroller.

#define BOOT_XCP_SEED_KEY_ENABLE        (1)

The next step is to configure the location of the seed/key DLL in Microboot. The demo programs are preconfigured to work with the one called “FeaserKey.dll”. This file is located in the same directory as Microboot. Follow these steps:

  • Start Microboot by double-clicking “\Host\MicroBoot.exe”.
  • Click the “Settings”-button and, on the newly appeared dialog, click the “Options”-button.
  • On the “XCP Protection”-tab Click the “Browse”-button and select the file “FeaserKey.dll”.
  • Click “OK” twice to save the settings.

If you now perform a firmware update, everything will work as usual. The moment you remove the “FeaserKey.dll”-file or if it contains an invalid security unlock algorithm, firmware updates will be rejected by the bootloader.

Customization

Once the security feature is configured and working, you will want to change the security algorithm. The way is works is that to unsecure the bootloader, the Microboot tool obtains a so-called seed from the bootloader. This seed is typically a sequence of up to 6 bytes. Microboot then passes this seed to the function XCP_ComputeKeyFromSeed() in the seed/key DLL to run your security algorithm, resulting in a so-called key. This key is typically a sequence of up to 6 bytes. Next, Microboot sends this key back to the bootloader. The bootloader runs the same security algorithm to verify the key. If okay, memory operations on memory will be allowed, otherwise rejected.

Bootloader

The bootloader calls two hook-functions during the security unlock procedure: one for obtaining the seed (XcpGetSeedHook()) and one for verifying the key (XcpVerifyKeyHook()). The default example implementation in the demo programs is very simply. The seed is always just one byte with the hexadecimal value of 55h. The security algorithm is such that the value of the key is the value of the seed, minus 1:

blt_int8u XcpGetSeedHook(blt_int8u resource, blt_int8u *seed)

{

  /* set the seed */

  seed[0] = 0x55;



  /* return seed length */

  return 1;

}





blt_int8u XcpVerifyKeyHook(blt_int8u resource, blt_int8u *key, blt_int8u len)

{

  /* the example key algorithm in "FeaserKey.dll" works as follows:

   *  - programming resource will be unlocked if key = seed - 1

   */



  /* check key for unlocking ProGraMming resource */

  if (key[0] == (0x55-1))

  {

    /* correct key received for unlocking PGM resource */

    return 1;

  }



  /* still here so key incorrect */

  return 0;

}

To customize, change the code in these two functions and use your creativity to change the seed generation and the key verification algorithm. One good approach is to use a seed that changes, such as the value of a free running counter of the timer system. Don't forget to rebuild the bootloader and program it into the flash memory of your microcontroller after making changes.

Seed/Key DLL

A Microsoft Visual C++ project is included in the OpenBLT download package for building the example “FeaserKey.dll”. If is located in the \Host\Source\MicroBoot\seedkey\ directory. Open the project in Microsoft Visual C++ (2013 or newer) by double-clicking the “SeedNKey.sln”-file. Next, open the “SeedNKey.cpp” file, which contains the XCP_ComputeKeyFromSeed() function. The example implementation matches the security algorithm from the bootloader, where the key is computed by subtracting the value 1 from every byte in the seed:

DWORD XCP_DLL_EXPORT XCP_ComputeKeyFromSeed( BYTE  resource, BYTE  seedLen, BYTE *seedPtr, 

                                             BYTE *keyLenPtr, BYTE *keyPtr)

{

  BYTE i;

  

  /* Feaser XCP driver example key algorithm for PGM simply

   * decrements the value of each seed by 1

   */

  if ( resource == kXcpResPGM )

  {

    /* compute the key */

    for ( i=0; i<seedLen; i++)

    {

      keyPtr[i] = seedPtr[i] - 1;

    }



    /* set the key length */

    *keyLenPtr = seedLen;

  

    /* done */

    return 0;

  }



  /* still here, so the resource was unsupported */

  return 1;

}

Customize the key generation algorithm to match the one you implemented in XcpVerifyKeyHook(). Once done, generate the new seed/key DLL by selecting Build→Rebuild Solution from the Visual C++ menu. This will create a new “FeaserKey.dll” file.

In the Visual C++ project linker settings you can change the name of the seed/key DLL file, if you desire. Just make sure to update this as well in the Microboot settings.

manual/security.1476282075.txt.gz · Last modified: 2019/09/24 22:09 (external edit)