Author Topic: Teensy 3_5 Encrypted SerialBootLoader with wolfSSL usage  (Read 3056 times)

Offline RichardV

  • Newbie
  • *
  • Posts: 7
    • View Profile
Teensy 3_5 Encrypted SerialBootLoader with wolfSSL usage
« on: November 10, 2020, 03:53:57 PM »
I'm very new uTasker Serial Bootloader. I've been working with Teensy products for some time though. I would like to be able to take advantage of the wolfSSL encryption libraries and did notice that they are part of the uTasker project. Is there a chance I could get some guidance on the setting up the Serial Bootloader for Teensy3_5 to provide only the following:

1. Serial Bootloader with SD CARD and USB Thumbdrive loader support
2. AES encryption w/ wolfSSL integration.

Offline mark

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3234
    • View Profile
    • uTasker
Re: Teensy 3_5 Encrypted SerialBootLoader with wolfSSL usage
« Reply #1 on: November 10, 2020, 04:46:56 PM »
Hi

In order to configure the serial loader for SD card or Memory stick loading you can follow the details in the serial loader user's guide at https://www.utasker.com/docs/uTasker/uTaskerSerialLoader.pdf
whereby essentially the defines
#define SDCARD_SUPPORT                                           // use SD card loading method

and
#define USB_INTERFACE                                                // enable USB driver interface
#define USB_MSD_HOST_LOADER                                 // USB-MSD host mode (the board operates as host and can read new code from a memory stick)

need to be enabled.

I don't know whether the two options work together at the same time though since they both use effectively the same underlying method.


The open source version of the project doesn't include AES256 secured loading support; this is included only in the professional version. In this case
#define SDCARD_SECURE_LOADER can be enabled (valid also for memory sticks)
and one can choose from openSSL, WolfSSL or mbedTLS library components, whereby mbedTLS is usually used since it has proven to give smallest and fastest code - see https://www.utasker.com/docs/uTasker/uTasker_Cryptography.pdf
Devices like the K66 have HW acceleration engines built in for AES256 and so can use these when
#define NATIVE_AES_CAU                                           // use uTasker mmCAU (LTC) - only possible when the device has mmCAU (LTC) - simulation requires a SW library to be enabled for alternate use
is enabled, which makes them independent of the security libraries that are otherwise needed.

Regards

Mark



Offline RichardV

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Teensy 3_5 Encrypted SerialBootLoader with wolfSSL usage
« Reply #2 on: November 10, 2020, 09:57:19 PM »
Mark,
So if I have the education/hobby non-commercial license AES256 is not included?

Offline RichardV

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Teensy 3_5 Encrypted SerialBootLoader with wolfSSL usage
« Reply #3 on: November 10, 2020, 10:00:26 PM »
....and reasoning for wolfSSL is that government likes to see FIPS-140 compliance and wolfSSL stays current with those qualifications

Offline mark

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 3234
    • View Profile
    • uTasker
Re: Teensy 3_5 Encrypted SerialBootLoader with wolfSSL usage
« Reply #4 on: November 11, 2020, 01:09:22 AM »
Richard

Presently encryption is not included in the open source version since loader security is usually for professional work and so reserved for the companies that support the project so that they retain an advantage (otherwise the project may die due to lack of funding if all features were made available and the backers then have no competitive advantage).

FIPS-140 compliance is a good reason to choose a particular library that ensures this when it is needed. I don't know whether the AES256 accelerator in the K66 is FIPS-140 compliant of not but there is a good chance that it is - you would however need to contact NXP directly since they only give full details of such things on request and probably with NDA. If only AES256 is used (no private keys and no tamper detection needed) it is probably fairly easy to comply.

Regards

Mark

Offline RichardV

  • Newbie
  • *
  • Posts: 7
    • View Profile
Re: Teensy 3_5 Encrypted SerialBootLoader with wolfSSL usage
« Reply #5 on: November 20, 2020, 02:31:04 PM »
Then for now I think I'll just stick with trying to build the SerialLoader with USB drop and drag from PC and SD Card loading. I tried this the other day but looks like it didn't take so going to have to revisit what I did wrong.