Bootloader working with AES encryption and SHA-256 checking.

app/inc/blat.h

@@ -0,0 +1,27 @@
+//
+// Created by Clyde Stubbs on 4/4/17.
+//
+
+#ifndef BGBOOTLOAD_BLAT_H
+#define BGBOOTLOAD_BLAT_H
+
+// this structure is included at the beginning of each user application. It is similar in intent, but different
+// in format, to the Silabs AAT.
+
+#define APP_BOOT_ADDRESS_TYPE          (0xFFFFFFA7)     // this value set in the file
+#define APP_APP_ADDRESS_TYPE          (0xF765FFA7)      // this value written after successful download
+
+typedef struct {
+    uint32_t *topOfStack;           // Stack initialization pointer
+    void     (*resetVector)(void);  // Reset vector
+    void     (*nmiHandler)(void);   // NMI Handler
+    void     (*hardFaultHandler)(void); // Hardfault handler
+    uint32_t type;                  // 0x0AA7 for Application Address Table, 0x0BA7 for Bootloader Address Table, 0x0EA7 for RAMEXE
+    uint32_t *vectorTable;          // Pointer to the real Cortex-M vector table
+    uint32_t timeStamp;             // Unix epoch time for EBL generation
+    uint32_t appVersion;            // Customer defined version number.
+    uint8_t  aatSize;               // Size of the AAT in bytes.
+    uint8_t  unused[3];             // Reserved for bootloader expansion
+
+} blat_t;
+#endif //BGBOOTLOAD_BLAT_H

app/src/aat.c

@@ -1,27 +1,25 @@
 #include <stdint.h>
-#include "aat_def.h"
+#include <blat.h>
 
 
 //AAT
 extern void NMI_Handler(void);
+
 extern void HardFault_Handler(void);
+
 extern void Reset_Handler(void);
 
 extern uint32_t __StackTop;
 extern uint32_t __Vectors;
-const aat_t app_ATT
-__attribute__ ((section (".AAT")))
-=
-{
-    .topOfStack=&__StackTop,    //.topOfStack=(uint32_t*)&CSTACK$$Limit,
-    .resetVector=Reset_Handler,           // main program for the app
-    .nmiHandler=NMI_Handler,             /*  2 - NMI */
-    .hardFaultHandler=HardFault_Handler,       /*  3 - HardFault */
-    .type=APP_ADDRESS_TABLE_TYPE,     //uint16_t type;
-    .version=AAT_MAJOR_VERSION,          //uint16_t version;
-    .vectorTable=(void*)&__Vectors,              //const HalVectorTableType *vectorTable;
-    .aatSize=sizeof(AppAddressTable),    
-    .simeeBottom=(void*)0xFFFFFFFF,
-    .imageCrc=IMAGE_CRC_MAGIC,
-    .timeStamp=IMAGE_TIMESTAMP_MAGIC
-};
+const blat_t app_ATT
+        __attribute__ ((section (".AAT")))
+        =
+        {
+                .topOfStack=&__StackTop,    //.topOfStack=(uint32_t*)&CSTACK$$Limit,
+                .resetVector=Reset_Handler,           // main program for the app
+                .nmiHandler=NMI_Handler,             /*  2 - NMI */
+                .hardFaultHandler=HardFault_Handler,       /*  3 - HardFault */
+                .type=APP_BOOT_ADDRESS_TYPE,                       // type;    The bootloader will overwrite this once it's happy
+                .vectorTable=(void *) &__Vectors,              //const HalVectorTableType *vectorTable;
+                .aatSize=sizeof(blat_t),
+        };

app/src/main.c

@@ -3,17 +3,18 @@
 #include <gatt_db.h>
 #include <SEGGER_RTT.h>
 #include <native_gecko.h>
-#include "io.h"
+#include <io.h>
 #include <em_device.h>
 #include <bg_types.h>
-#include <aat_def.h>
 #include <em_dbg.h>
-#include <core_cm4.h>
 #include "gecko_configuration.h"
 #include "native_gecko.h"
 
 #define MAX_CONNECTIONS 1
 #define RESET_REQUEST   0x05FA0004      // value to request system reset
+typedef void( Func )(void);
+#define enterDfu    ((Func **)28)
+
 
 uint8_t bluetooth_stack_heap[DEFAULT_BLUETOOTH_HEAP(MAX_CONNECTIONS)];
 bool doReboot;
@@ -50,6 +51,7 @@ static void user_write(struct gecko_cmd_packet *evt) {
             if(writeStatus->value.len == 4 && memcmp(writeStatus->value.data, DFU_TRIGGER, 4) == 0) {
                 response = 1;
                 doReboot = true;
+                (*enterDfu)();
             }
             gecko_cmd_gatt_server_send_user_write_response(writeStatus->connection, writeStatus->characteristic, response);
             break;

bootload/CMakeLists.txt

@@ -15,12 +15,16 @@ include_directories(platform/CMSIS/Include)
 
 # find the bgbuild command used to translate xml into C
 find_program(BGBUILD_CMD bin/bgbuild
-        $ENV{HOME}/dev/tools/ble/v2.1.1.0/protocol/bluetooth_2.1)
+        /Applications/Simplicity Studio.app/Contents/Eclipse/developer/stacks/ble/v2.1.1.0
+        $ENV{HOME}/dev/tools/ble/v2.1.1.0/protocol/bluetooth_2.1
+        )
 
 set(GATT_DB gatt_db)
 set(GATT_DIR ${CMAKE_SOURCE_DIR}/gatt)
 set(LOCALDIR ${CMAKE_SOURCE_DIR}/localdefs)
 set(OTA_SERVICE_UUID_FILE ${LOCALDIR}/ota_service.txt)
+set(OTA_KEY_FILE ${LOCALDIR}/ota_key.txt)
+set(OTA_KEY_C ota_key.c)
 set(BLE_STACK_DIR ${CMAKE_SOURCE_DIR}/libs/ble.v2.1.1.0)
 set(GATT_SRC ${GATT_DIR}/gatt.bgproj)
 set(GATT_XML ${GATT_DIR}/gatt.xml)
@@ -31,6 +35,7 @@ set(BIN_FILE ${CMAKE_BINARY_DIR}/${PROJECT_NAME}.bin)
 file(GLOB_RECURSE USER_SOURCES "src/*.c")
 file(GLOB_RECURSE USER_HEADERS "inc/*.h")
 file(STRINGS ${OTA_SERVICE_UUID_FILE} OTA_SERVICE)
+file(STRINGS ${OTA_KEY_FILE} OTA_KEY LIMIT_INPUT 64)
 
 IF (CMAKE_BUILD_TYPE MATCHES Debug)
     file(GLOB_RECURSE RTT_LIBS "libs/SEGGER_RTT_V612j/RTT/*.c")
@@ -56,7 +61,16 @@ add_custom_command(
         COMMAND ${BGBUILD_CMD} -gn ${GATT_SRC})
 set_source_files_properties(${GATT_OUTPUTS} PROPERTIES GENERATED TRUE)
 
-add_executable(${PROJECT_NAME}.elf ${USER_SOURCES} ${USER_HEADERS} ${LINKER_SCRIPT} gatt/${GATT_DB}.c ${RTT_LIBS})
+add_custom_command(
+        OUTPUT ${OTA_KEY_C}
+        DEPENDS ${OTA_KEY_FILE}
+        COMMAND echo 'const unsigned char ota_key[] = {' >${OTA_KEY_C}
+        COMMAND head -1 ${OTA_KEY_FILE} | sed 's/[a-z0-9A-Z][A-Za-z0-9]/0x&,/g' >> ${OTA_KEY_C}
+        COMMAND echo "'};'" >>${OTA_KEY_C}
+
+)
+
+add_executable(${PROJECT_NAME}.elf ${USER_SOURCES} ${USER_HEADERS} ${LINKER_SCRIPT} gatt/${GATT_DB}.c ${RTT_LIBS} ${OTA_KEY_C})
 target_link_libraries(${PROJECT_NAME}.elf ${LIBRARIES})
 set_target_properties(${PROJECT_NAME}.elf PROPERTIES LINK_DEPENDS ${LINKER_SCRIPT})
 

bootload/bgbootload.ld

@@ -12,6 +12,7 @@ MEMORY
 {
   FLASH (rx) : ORIGIN = 0x00000000, LENGTH = 0x40000
   RAM (rwx)  : ORIGIN = 0x20003000, LENGTH = 0x4C00-4
+  BLERAM (rwx)  : ORIGIN = 0x20002FF0, LENGTH = 0x10
 }
 
 /* This is the linker script for the bootloader.
@@ -127,6 +128,12 @@ SECTIONS
     __UserStart = .;
   }> FLASH
 
+/* This is where the enter-dfu key gets written */
+  .dfu_key :
+  {
+    KEEP(*(.dfu_key))
+  } > BLERAM
+
 
   .text_app_data : AT (__etext)
   {

bootload/inc/aat_def.h

@@ -44,9 +44,8 @@ typedef struct aat_s
   uint32_t reserved1[5];          // Reserved for bootloader expansion
 } aat_t;
 
-// this is our copy of the AAT.
+// this is our copy of the stack's AAT.
 
-extern const aat_t AppAddressTable;
 extern const aat_t __stack_AAT;
 
 #endif

bootload/inc/blat.h

@@ -0,0 +1,27 @@
+//
+// Created by Clyde Stubbs on 4/4/17.
+//
+
+#ifndef BGBOOTLOAD_BLAT_H
+#define BGBOOTLOAD_BLAT_H
+
+// this structure is included at the beginning of each user application. It is similar in intent, but different
+// in format, to the Silabs AAT.
+
+#define APP_BOOT_ADDRESS_TYPE          (0xFFFFFFA7)     // this value set in the file
+#define APP_APP_ADDRESS_TYPE          (0xF765FFA7)      // this value written after successful download
+
+typedef struct {
+    uint32_t *topOfStack;           // Stack initialization pointer
+    void     (*resetVector)(void);  // Reset vector
+    void     (*nmiHandler)(void);   // NMI Handler
+    void     (*hardFaultHandler)(void); // Hardfault handler
+    uint32_t type;                  // 0x0AA7 for Application Address Table, 0x0BA7 for Bootloader Address Table, 0x0EA7 for RAMEXE
+    uint32_t *vectorTable;          // Pointer to the real Cortex-M vector table
+    uint32_t timeStamp;             // Unix epoch time for EBL generation
+    uint32_t appVersion;            // Customer defined version number.
+    uint8_t  aatSize;               // Size of the AAT in bytes.
+    uint8_t  unused[3];             // Reserved for bootloader expansion
+
+} blat_t;
+#endif //BGBOOTLOAD_BLAT_H

bootload/inc/dfu.h

@@ -6,7 +6,9 @@
 #define BGBOOTLOAD_DFU_H
 
 #include <stdbool.h>
-#include "bg_types.h"
+#include <bg_types.h>
+#include <aat_def.h>
+#include <blat.h>
 // definitions for the DFU protocol
 
 // Control packets
@@ -20,11 +22,25 @@
 
 #define DFU_CMD_RESTART     0x1     // reset DFU system - resets data counts etc.
 #define DFU_CMD_DATA        0x2     // data coming on the data channel
-#define DFU_CMD_CRC         0x3     // total count and CRC of data sent
-#define DFU_CMD_RESET       0x4     // reset device
-
+#define DFU_CMD_IV          0x3     // Initialization vector coming on data channel
+#define DFU_CMD_DONE        0x4     // Download done, send status
+#define DFU_CMD_RESET       0x5     // reset device
+#define DFU_CMD_DIGEST      0x6     // Digest coming
+#define DFU_CMD_PING        0x7     // Check progress
+
+#define IV_LEN              16      // length of initialization vector
+#define KEY_LEN             (256/8) // length of key
+#define DIGEST_LEN          (256/8) // length of SHA256 digest
+
+extern blat_t __UserStart;
+#define USER_BLAT    (&__UserStart)
 extern bool processCtrlPacket(uint8 * packet);      // process a control packet. Return true if accepted
 extern bool processDataPacket(uint8 * packet, uint8 len);    // process a data packet.
 extern bool enterDfu;
+extern bool doReset;
+extern const unsigned char ota_key[KEY_LEN];
+extern unsigned char deKey[KEY_LEN];
+
+#define DFU_ENTRY_VECTOR    7       // index into vector table for EnterDFU_Handler
 
 #endif //BGBOOTLOAD_DFU_H