Test LPC bootloader signed update and secure boot

[conorpp]

It would be great to evaluate the bootloader + signed updates using LPC55's ROM.

A good overview is given in AN12283.

I image successful (green) and failed (red) signed updates would follow these paths.

And the application can have the ability to jump to the ISP/bootloader-rom to start the update process. The answer to this forum post makes it look pretty simple.

There are a few not-so-trivial things to configure.

• The public key chain loaded into the bootloader ROM.
• Other bits in CMPA + CFPA pages.

To access the latest "elftosb" and "elftosb-gui" tools, you need to download an MCUXpresso kit and make sure you have mcu-boot option enabled.

I have some not-easy-to-find documents giving good documentation + examples of configuring LPC55 with elftosb. Message me on Keybase (conor1) and I will send to you.

It would be great to be able to:

• Create an example Rust program that can boot to bootloader ROM after receiving some event (like a USB command).
• Create a demo that configures that configures the bootloader ROM.
• Update the ROM with a signed update.
• Update the ROM with an unsigned update (fail).
• Maybe try revocation of a certificate?

Open to feedback!

(cc @jolo1581).

[nickray]

Long-term it would be nice to have something self-contained, extending https://github.com/probe-rs.

[jolo1581]

I will do some Tests with the boot ROM after my hardware runs. I just compiled the sources, but I haven't test the Hardware with some examples.

[jolo1581]

Hi,
I haven't much time at the moment for testing. Also I have to learn rust language, because I have no experience with rust. I thought I would be quite simple to learn, but it isn't.
Hope I can contribute soon, but first I have to learn more about rust. :-/