TrustFLEX for Firmware Validation
Getting Started with TrustFLEX for Firmware Validation
This page shows you how to validate your firmware (Secure Boot) using TrustFLEX. You will use Jupyter Notebook to configure the TrustFLEX device, then use an example project (from the Trust Platform DesignSuite) to verify the firmware.
TrustFLEX is one of three secure element families in the Trust Platform. It's pre-configured and partially pre-provisioned to support many different security use cases. It also comes with an overwritable generic certificate for TLS-based authentication to a cloud platform.
The CryptoAuth Trust Platform development kit includes three secure elements: Trust&GO, TrustFLEX, and TrustCUSTOM. This board comes pre-programmed with firmware allowing it to communicate with the Jupyter Notebook application running on your computer. The Trust Platform Python scripts running on Jupyter Notebook take care of the complex provisioning process allowing you to focus your efforts on your end application.
Table of Contents
Reference Materials
CryptoAuth Trust Platform
Evaluation Kit
Device Customization Process
There are five steps involved in customizing the TrustFLEX device:
- Select a Pre-defined Use Case(s) from the TrustFLEX use case library.
- Generate the development keys and certificates using the Jupyter Notebook resource generator.
- Prototype the Use Case(s) in the Jupyter Notebook.
- Test the Use Case(s) on an embedded platform using the MPLAB X IDE projects provided in the suite.
- Generate the secret exchange for production.
Open Jupyter Notebook
Click the Start Jupyter button to open Jupyter Notebook in your web browser.
This is used to provision a secure element on the CryptoAuth Trust Platform board. See the user guides (in the docs folder) for detailed instructions on running Jupyter Notebook for each use case.
Jupyter Notebook is an open-source web application that allows you to create documents that contain code and narrative text that can be executed in place. It provides Graphical User Interface (GUI) elements, the ability to add images, and gives the interactive look that is absent in normal code files.
The cells of the Jupyter Notebook can be used to write code or text using markdown. The code cells contain executable code and the text cells contain the explanation of the code's functionality.
assets folder:
- CryptoAuth Trust Platform board firmware.
- WINC1500 board firmware.
docs folder:
- Datasheets.
- CryptoAuth Trust Platform board user's guide.
- Detailed use-case guides.
TrustFLEX folder:
- Jupyter Notebook packages
- C-based projects
TrustnGO folder:
- Jupyter Notebook packages
- C-based projects
TrustFLEX Resource Generator:
The Resource Generator Notebook supports the development of Cryptographic Keys, Custom Root, and Signer Keys to issue device certificates and prototype the TrustFLEX devices with development keys and certificates.
TrustFLEX devices come with pre-programmed certificates in slots 10, 11, and 12. Slots zero through four have pre-generated private keys, other than these mentioned slots all the other slots have no data in them.
The Resource Generator Notebook will create development keys and certificates for all slots that can be further customized. Keys and certificate chains are stored in the PC filesystem and not generated in a secure environment.
Setting up the Hardware:
- Plug-in the CryptoAuth Trust Platform to the PC using the USB cable.
- The Design Suite is set up such that it communicates with the TrustFLEX device only.
Using the Trust Platform Suite for TrustFLEX:
- Open Jupyter Notebook, navigate to the TrustFLEX resource generator notebook, and click to open it.
- Trust Platform repository folder: TrustFLEX\00_resource_generation\
- File: TFLXTLS_resource_generator.ipynb
Crypto Resource Generator
- Execute each cell by clicking Cell > Run Cell, and observe the output to ensure each cell is executed successfully.
- If the Notebook has already been executed before, then restart the kernel by selecting Kernel > Restart and Clear Output.
Some cells take a bit of time to execute. The circle in the images below indicates if the kernel is still working on a cell (full circle) or idle (empty circle).
This is a brief guide for the Jupyter interface.
- Once all the cells are executed, you are asked to select the certificate type you need.
- Select MCHP Cert to use the standard Microchip certificate.
- Select Custom Cert to use a custom certificate. If using a custom certificate, you will need to enter the organization name to include in the custom certificates being generated.
- For this example, select Custom Cert.
- A prompt will open asking you to enter the Organization Name. If you don't know the organization name you can make one up but make sure the name does not exceed 24 characters.
- Once the organization name has been entered, certificate data will be outputed and a manifest file to be uploaded into the public cloud of your choice (Google GCP, AWS IoT, and Microsoft® Azure) will be generated.
Use Case Prototyping:
This hands-on lab will show you how to use the TrustFLEX device and asymmetric authentication to validate the firmware on your MCU.
To validate the firmware, you will need to perform the following steps:
- Generate a firmware signing key pair
- Sign the firmware
- Update the firmware to product
- Verify the firmware image
You will need to perform the first 2 steps above in a secure environment. To have firmware validation functionality, once the firmware implementation is completed it should be signed by the OEM firmware signer to make the image authentic. Typically, OEM firmware signer’s public key will be loaded to the secure element and locked permanently.
On the product side, the digest and signature generated in the previous step will be provided to the secure element using the Secure boot command. The Secure boot command will be executed on the secure element with the option to store (Full Copy) on successful validation of the digest and signature.
On the TrustFLEX device, Secure boot configuration is set as “FullDig,” which stores the firmware digest on the device (slot 7 on TrustFLEX). On subsequent boots, the digest is compared without ECC verify operations. While sending the digest to the TrustFLEX device, the digest is encrypted with an IO protection key to avoid man-in-the-middle attacks.
This lab is set up in such a way that firmware sign operation taken care of by notebook, update and verify operations can be done both in Notebook and embedded project. Firmware sign operations are NOT done in embedded project as it’s the role of OEM but not the product.
The resource generation for TrustFLEX device will load:
- A prototyping firmware signing key
- A prototyping IO protection key to Slot6
- Signers public key to Slot15 respectively
The following sections provide detailed steps to execute the Usecase both on Jupyter Notebook and on the embedded project.
Running the firmware validation example using Jupyter Notebook:
- From the launched Jupyter Notebook navigate to TFLXTLS_Use_Cases > notebooks > secureboot
- Execute all the steps until 2.3.3, and once it is successfully executed, the SBoot Update button will appear. Click on the button and it will turn green or red based on the result.
- Continue running the example to the end of the notebook, you will see an SBoot Verify button. Click on the button. If it turns green, it is successful.
- Once all the steps are successfully executed, proceed to the next step (open the example project in the MPLAB X IDE).
Program the CryptoAuth Trust Platform with the Secure Boot example project.
- Launch MPLAB and open the example project by selecting File > Open Project.
- Browse to the folder to which you downloaded the Trust Platform Design Suite. You will find the Secure Boot example project in this folder:TFLXTLS_Use_Cases\c\firmware\
- Select the TFLXTLS_example_SAMD21.X file, then click the Open Project button.
- Double-click on the secureboot_verify.c file to open it and see the code responsible for verifying the firmware.
- Program the CryptoAuth Trust Platform with the Secure Boot example project by right-clicking the project name in the projects window and selecting Make and Program Device.
- The Output window shows the progress of the make and program process. You will know the process is complete when you see the Programming Complete message.
- Once the programming is complete, the firmware will execute the Secure Boot operation. On successful completion of the operation, the Trust Platform status LED will start blinking.
- Secure Boot Successful = LED blinks once every second
- Secure Boot Unsuccessful = LED blinks five times every second