Skip to content

[WIP] Draft RIOT Image Metadata

Emmanuel Baccelli edited this page Jul 19, 2017 · 1 revision

A RIOT image is appended with metadata in the format below:

typedef struct firmware_metadata {
    uint32_t magic_number;              /**< metadata magic_number (always "RIOT")  */
    uint32_t appid;                     /**< Integer representing the application ID*/
    uint32_t version;                   /**< Integer representing firmware version  */
    uint32_t size;                      /**< Size of firmware image                 */
    uint32_t start_addr;                /**< Start address in flash                 */
    uint32_t chksum;                    /**< checksum of metadata                   */
    uint8_t hash[SHA256_DIGEST_LENGTH]; /**< SHA256 Hash of firmware image          */
    uint8_t sig[FIRMWARE_SIG_LEN];      /**< Firmware signature                     */
    uint32_t pad[FIRMWARE_PADDING];     /**< padding to total of FIRMWARE_METADATA_SIZE
                                             bytes */
} firmware_metadata_t;


  • uint32_t magic_number Represents a magic number to identify the metadata, it is always "RIOT".

  • uint32_t appid; An application ID to identify the application type and the platform. It is "unique" for the given application.

  • uint32_t version The version of the application encoded in a 32bit integer. It increases as the application is updated.

  • uint32_t size Size of only the application image, without this metadata.

  • uint32_t start_addr The address where the application should be installed.

  • uint32_t chksum A checksum for the metadata struct (integrity check).

  • uint8_t hash[SHA256_DIGEST_LENGTH] The hash values using SHA-256 algorithm over the whole firmware image.

  • uint8_t sig[FIRMWARE_SIG_LEN] The signature over the hash values. It only supports Ed25519 for now.

The current apporach hashes and signs the whole image, metadata included.

Clone this wiki locally
You can’t perform that action at this time.