Skip to content
/ Embedded-Bootloader Public

Secure bootloader and firmware update system protecting embedded systems against security threats like rollback attacks and unauthorized access. BWSI | MITRE | MIT 2021

1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Dynosol/Embedded-Bootloader

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
bootloader
bootloader
 
 
firmware
firmware
 
 
tools
tools
 
 
.DS_Store
.DS_Store
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
__init__.py
__init__.py
 
 
flags.txt
flags.txt
 
 

Repository files navigation

Secure Firmware Update System

Project Overview

This project implements a secure bootloader and firmware update system designed to protect embedded systems against various security threats. The system includes mechanisms for firmware protection, secure updates, and bootloader verification. (This is an old project I'm leaving on my github to save for later---the readme is fully generated based on the codebase)

Repository Structure

.
├── bootloader/ # Bootloader implementation
│ ├── src/ # Source code for the bootloader
│ ├── gcc/ # GCC specific configurations
│ └── Makefile # Build configuration for bootloader
├── firmware/ # Firmware implementation
│ ├── firmware/ # Core firmware code
│ ├── lib/ # Supporting libraries
│ └── firmware.ld # Linker script for firmware
└── tools/ # Utility scripts and tools
├── bl_build.py # Bootloader build script
├── bl_emulate.py # Bootloader emulation tool
├── fw_protect.py # Firmware protection utility
└── fw_update.py # Firmware update tool

Key Components

Bootloader

  • Secure boot process implementation
  • Version control and verification
  • Memory protection mechanisms
  • Located in the bootloader/ directory

Firmware

  • Main firmware implementation
  • Custom linker scripts
  • Library dependencies
  • Located in the firmware/ directory

Tools

  • bl_build.py: Script for building the bootloader
  • bl_emulate.py: Emulation environment for testing
  • fw_protect.py: Tool for protecting firmware images
  • fw_update.py: Handles secure firmware update process

Security Features

  • Firmware integrity verification
  • Version control to prevent rollback attacks
  • Memory protection mechanisms
  • Secure update protocol
  • Protection against:
    • Rollback attacks
    • Invalid firmware installation
    • Intellectual property theft
    • Unauthorized memory access

Building and Usage

Prerequisites

  • GCC toolchain
  • Python 3.x
  • Make

Building the Bootloader

cd bootloader
make

Building the Firmware

cd firmware
make

Using the Tools

  1. Protect firmware:
python tools/fw_protect.py [options]
  1. Update firmware:
python tools/fw_update.py [options]
  1. Emulate bootloader:
python tools/bl_emulate.py [options]

Security Considerations

  • Always verify firmware integrity before deployment
  • Implement proper version control checks
  • Protect against buffer overflow attacks
  • Secure the release message handling
  • Validate firmware size and frame order

Contributing

Please ensure all security measures are properly implemented when contributing:

  • Verify firmware integrity
  • Implement version checking
  • Add proper bounds checking
  • Validate all input data
  • Test against known attack vectors

COPYRIGHT © 2021 struct by_lightning{}; ©2021 The MITRE Corporation. ALL RIGHTS RESERVED

Approved for public release. Distribution unlimited PR_21-00407-6.

About

Secure bootloader and firmware update system protecting embedded systems against security threats like rollback attacks and unauthorized access. BWSI | MITRE | MIT 2021

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages