We use cookies and similar technologies (also from third parties) to collect your device and browser information for a better understanding on how you use our online offerings. This enables us to optimize and personalize your experience with Infineon and to provide you with additional services and information based on your individual profile. Details are available in our privacy policy.
Privacy Policyand Imprint
View and change cookie settings
Accept
Reject

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

PSoC™ 6 Signing Your Code

MarkH_61
Employee
Employee
50 replies posted 25 replies posted 10 replies posted
‎Jan 11, 2023 03:48 AM
‎Jan 11, 2023 03:48 AM

PSoC™ 6 Signing Your Code

Signing code provides a method to both verify that your code has not been altered or corrupted as well as authenticating the code is from a known source.  In the past is was common to use a CRC or simple checksum, but these methods at most will only check for code corruption. 

A cryptographic hash is a mathematical function that takes a file of any size and returns a unique fixed length string, which is commonly referred as the hash value or digest.  The hash function replaces the checksum or CRC to verify the code.  The 256-bit SHA-2 (Secure Hash Algorithm-2) or SHA-256, is used to generate the digest from the application bundle.  The application bundle includes a header, a CM0+ project binary, and optionally a CM4 project binary depending on the application. The digital signature is then added to the end of the application bundle.  Modus Toolbox takes care of calculating the digest, creating the digital signature and appending it to the application bundle.  It is important to note that only the digest is encrypted not the code binary itself.

MarkH_61_0-1673437462734.png

The RSA keys used to encrypt the digest is what is known as an asymmetric key.  This means that the key has two parts, a public key and a private key.  The private key is used to encrypt the digest and should be stored as securely as possible.  If anyone were to see the private key, then they could sign code for your product as well and the device would not know the difference.

The other half of the asymmetric key is known as the “Public Key”.  This public key can be exposed to the public without harm.  The only issue is that the public key must be either authenticated, or ensured that it hasn’t changed.  When the PSoC™ 6 was moved to the Secure lifecycle stage, a hash was created that included the OEM public key and placed into immutable eFuse. 

When the PSoC™ 6 boots in the Secure lifecycle stage, it calculates the digest of the application bundle, not including the digital signature, just as the build process did using the SHA-256 function.  The digital signature is then decrypted using the OEM public key.  The calculated digest and decrypted digest are then compared to authenticate the OEM application code.  If the digests match, the application code is executed.  If the digests don’t match, the PSoC™ 6 enters the Dead protection state.   See the diagram below for the code authentication flow.

MarkH_61_1-1673437462739.png

This flow is only valid for the first OEM code that is executed.  In many applications, the first code is a bootloader supplied by the OEM.  It is recommended to have this bootloader to authenticated the code it boots with a similar system just discussed.  Infineon supplies a common open source bootloader called MCUBoot.  It supports code authentication, but uses ECC asymmetric keys to authenticate.  This process is almost identical to the way the PSoC™ 6 boot process works.  Since the ECC public key is part of the MCUBoot bootloader, the key has already been validated and therefor the chain of trust is complete from the PSoC™ 6 ROM code to the OEM application code.

0 Likes
25 Views

Use of cookies

We use cookies and similar technologies (also from third parties) to collect your device and browser information for a better understanding on how you use our online offerings. This enables us to optimize and personalize your experience with Infineon and to provide you with additional services and information based on your individual profile. Details are available in our privacy policy where you can also change your preferences on cookies at any time.

Privacy Policy and  Imprint

View and change cookie settings

Manage Cookie Preferences

By technically required cookies we mean cookies without those the technical provision of the online service cannot be ensured. These include e.g. cookies supporting essential services like a smooth reproduction of video or audio footage. So called ‘functional cookies’ are also assigned belonging to this category. Functional cookies store information in order to provide you comfortable use of our online services (e.g. language selection). The legal basis for the processing of personal data by means of cookies of this category is Infineon’s legitimate interest. This includes, among other things, the interest in having a professional external presentation as well as an optimal balancing of the loads on the server due to technical reasons.

More details

By performance and marketing cookies we mean cookies which are technically not required. We use performance and marketing cookies only if you have given us your prior consent. With such cookies, we collect information about how users interact with our website and which pages have been visited. This helps us to understand user activity on our website on an aggregated as well as on a personal level to provide you relevant content and services.

More details