Implementing secure boot with SEGGER emSecure and the SignAndVerify application establishes a cryptographic “Root of Trust” to guarantee that only original, untampered firmware executes on an embedded device.
SEGGER emSecure utilizes asymmetric cryptography (typically RSA or ECDSA), where a private key is kept safe on a build server to sign firmware, and a matching public key is embedded inside the device’s bootloader to verify it. Step 1: Generate the Cryptographic Keys
Before signing or verifying anything, a unique cryptographic key pair must be established.
Generate Keys: Use the command-line utility emKeyGenRSA (or the ECDSA variant) included with emSecure.
Secure the Private Key: This tool outputs a private key (emSecure.prv) and a public key (emSecure.pub). Keep the private key private—isolate it on a dedicated, non-networked build machine or secure signature server.
Export for Code: Use the key export utility to convert the emSecure.pub public key into a C-code array format so it can be hardcoded directly into the bootloader source files.
Step 2: Integrate the Verification Engine into the Bootloader
The device’s internal bootloader needs to acts as the gatekeeper before running the main firmware.
Add Public Key: Flash the exported public key C-array into a protected, read-only section of the microcontroller’s flash memory.
Embed emSecure Libraries: Include the lightweight emSecure verification source code into the bootloader project.
Write the Boot Verification Routine: Program the bootloader to read the firmware binary from its designated memory sector, hash it, and check it against the signature using the built-in emSecure functions:
// Conceptual emSecure API workflow SECURE_RSA_HASH_Init(&Context); SECURE_RSA_HASH_Add(&Context, FirmwareAddress, FirmwareSize); if (SECURE_RSA_HASH_Verify(&Context, SignatureAddress, PublicKey) == VERIFY_SUCCESS) { JumpToApplication(); // Boot safely } else { HandleBootFailure(); // Halt, loop, or enter recovery mode } Use code with caution. Step 3: Use “SignAndVerify” During Production & Development
The SignAndVerify tool is the graphical PC desktop application provided by SEGGER to easily execute operations on digital assets. To Sign Firmware (for Distribution):
Ensure your emSecure.prv private key sits in the exact same desktop directory as the SignAndVerify executable. The application UI status bar will read “Ready to sign”.
Drag and drop the compiled firmware production file (e.g., application.bin) directly onto the emSecure application logo.
The tool automatically generates a cryptographic hash and encrypts it with your private key to yield a corresponding file named application.signature. The app will flash blue on success. To Verify Firmware (for QA / Testing):
Put your emSecure.pub public key in the SignAndVerify directory. The app status bar will change to “Ready to verify”.
Ensure the .signature file is placed in the same folder as the firmware file you want to test. Drag and drop the firmware file onto the emSecure logo.
The application will flash green if the firmware is genuine and unchanged, or flash red if the file has been altered or corrupted. Step 4: Final Device Provisioning
Lock the Bootloader: To make the secure boot robust, activate hardware write-protection and read-protection on the flash sectors containing the bootloader and the public key. This prevents malicious updates from bypassing or altering the public verification anchor.
Package Distribution: Combine your compiled firmware and the generated .signature into your production deployment process so they are written to the target microcontrollers side-by-side. If you want to customize this workflow, tell me: emSecure-RSA User Guide & Reference Manual
Leave a Reply