Secure Image for PSoC 63

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
strac_4136351
Level 1
Level 1

Hello,

I'm trying to compile and run the Cypress Secure Image template application, included in the PDL 3.1.0 in the security/secure_image folder.

There are multiple errors when I try to compile the template application either with make, ModusToolbox or PSoC creator:

In ModusToolbox, importing the Secure Image works, but when I try to import the user application, it fails with the following error:

Error from make

- Message: /Applications/ModusToolbox_1.1/libraries/psoc6sw-1.1/makefiles/platforms/PSoC6_cm4_dual/mainapp_cm4.mk:275: /Applications/ModusToolbox_1.1/libraries/psoc6sw-1.1/components/psoc6pdl/drivers/library/crypto_softfp/module.mk: No such file or directory

make: *** No rule to make target `/Applications/ModusToolbox_1.1/libraries/psoc6sw-1.1/components/psoc6pdl/drivers/library/crypto_softfp/module.mk'.  Stop.

- Exit code: 2

- File: /var/folders/dp/s4n4wph97llgp1rb067lr7j40000gn/T/tmp5748939051556344581.mk

- You may be missing a required SDK.

The crypto_softfp library is referenced in the modus.mk file:

#

# Software components needed by CM0+

#

CY_MAINAPP_CM0P_SWCOMP_USED = \

$(CY_PSOC_LIB_COMP_BASE)/security/secure_image/source\

$(CY_PSOC_LIB_COMP_BASE)/security/secure_image/include\

$(CY_PSOC_LIB_COMP_BASE)/security/secure_image/source/linker/psoc6_si_cm0plus\

$(CY_PSOC_LIB_COMP_BASE)/drivers/library/crypto_softfp

The referenced library directory does not exist. How can I install the crypto_softfp library for ModusToolbox?

Running make from the command line gives a comparable error:

Initializing make targets UserApp0 Debug PSoC6_cm4_dual  GCC

    Generating 'mainapp' make targets

/Applications/ModusToolbox_1.1/libraries/psoc6sw-1.1/makefiles/platforms/PSoC6_cm4_dual/mainapp_cm4.mk:275: /Applications/ModusToolbox_1.1/libraries/psoc6sw-1.1/components/psoc6pdl/drivers/library/crypto_softfp/module.mk: No such file or directory

    Generating 'config' make targets

    Target generation complete

Building application

make: *** No rule to make target `/Applications/ModusToolbox_1.1/libraries/psoc6sw-1.1/components/psoc6pdl/drivers/library/crypto_softfp/module.mk'.  Stop.

When running the example in PSoC Creator (after installing openssl), this specific error is not returned, but PSoC creator tries to sign the secure image, but fails:

Found section .cy_app_signature, attempting to sign application

openssl dgst -sha256 -binary -out ".\CortexM4\ARM_GCC_541\Debug\user_app0.elf.tmp.raw.hash" ".\CortexM4\ARM_GCC_541\Debug\user_app0.elf.tmp.raw"

.\CortexM4\ARM_GCC_541\Debug\user_app0.elf.tmp: openssl error:

The exact error is not specified.

I have tried to run the signing command manually. I have built successfully using make after removing the crypto_softfp reference in modus.mk.

This is the command that I have used to sign the application:

/Applications/ModusToolbox_1.1/tools/cymcuelftool-1.0/bin/cymcuelftool --sign SecureImage_mainapp.elf SHA256 --encrypt RSASSA-PKCS --key rsa_private.txt --output SecureImage_mainapp_signed.elf

it gives the following error message:

ERROR: A digital signature request was made, but the . ELF section does not exist

It doesn't matter which .elf file generated by make I try it on (mainapp_signed.elf, mainapp_final.elf, mainapp.elf), they all fail.

This brings me to another question: the make command itself already outputs the following files: SecureImage_mainapp.elf, SecureImage_mainapp_final.elf and SecureImage_mainapp_signed.elf. This confuses me, because if a signed elf file is already generated with make, why sign the application again in the post-build script?

Please help me, no matter what I try, I can not get the Secure Image application to compile and load successfully.

As an additional question, is there an Android or iPhone example app available with which to perform secure firmware updates?

0 Likes
1 Solution

Yeah sorry, the app note must be updated. The secure_image_postbuild.bat script requires three parameters from PSoC Creator:

:: %1 = ${Platform}

:: %2 = ${OutputDir}

:: %3 = ${ProjectShortName}

So the post-build command "secure_image_postbuild.bat ${Platform} ${OutputDir} ${ProjectShortName}" should be used.

Open command prompt and type:

openssl version

See if it returns the version you have installed. If not, this is because even though you have installed a newer version if the environment variables aren't set correctly, Openssl will default to an older version which might be causing the problem. Add the path to the Openssl bin directory as shown below:

opensslk.png

Let me know your observations.

Regards,

Dheeraj

View solution in original post

0 Likes
7 Replies
DheerajK_81
Moderator
Moderator
Moderator
First comment on KBA First comment on blog 5 questions asked

ModusToolbox 1.1 does not support the Cortex M0+ core present in PSoC 6 devices and hence the crypto-softfp library which comes along with the CM0+ is not available. You need to redesign the application to wholly run on CM4 core.

Please refer to the following examples:

If you would like to implement on PSoC Creator, then please refer to this guide: https://www.cypress.com/file/447981/download

We support over-the-air (OTA) firmware update for BLE peripheral devices that implement the bootloader custom profile in PSoC 6 devices in our Cysmart app which can be downloaded here: https://www.cypress.com/documentation/software-and-drivers/cysmart-mobile-app

Regards,

Dheeraj

OK, and what about the openssl error?

0 Likes

What exactly have you specified in the post-build command in Creator? What are these two files: user_app0.elf.tmp.raw.hash and user_app0.elf.tmp.raw? Might have something to do with OpenSSL version too maybe. Which version of OpenSSL have you installed?

Regards,

Dheeraj

0 Likes
strac_4136351
Level 1
Level 1

I have installed OpenSSL 1.0.2q.

I don't know what these files are, it is just the output of the secure example from PSoC Creator when it tries to sign files.

The openssl command is probably indirectly called from the post-build script, secure_image_postbuild.bash, by the cymcuelftool.

So maybe there is an error in the script?

0 Likes

In the Build Settings, change the Post Build command to just "secure_image_postbuild.bat" under User Commands of CM0 Core. Make sure you have this bat file in the same project directory and then build the project, the error should go away.

Regards,

Dheeraj

0 Likes

Hi Dheeraj,

Unfortunately, that does not work, I now get the following error:

../../../script/secure_image_postbuild.bat

C:\...\secure_image.cydsn>set COMPILER_VERSION=

=COMPILER_VERSION was unexpected at this time.

...

The command '../../../script/secure_image_postbuild.bat' failed with exit

code '255'.

It seems that now the script is missing some parameters?

On Fri, Apr 26, 2019 at 11:44 AM DheerajK_81 <community-manager@cypress.com>

0 Likes

Yeah sorry, the app note must be updated. The secure_image_postbuild.bat script requires three parameters from PSoC Creator:

:: %1 = ${Platform}

:: %2 = ${OutputDir}

:: %3 = ${ProjectShortName}

So the post-build command "secure_image_postbuild.bat ${Platform} ${OutputDir} ${ProjectShortName}" should be used.

Open command prompt and type:

openssl version

See if it returns the version you have installed. If not, this is because even though you have installed a newer version if the environment variables aren't set correctly, Openssl will default to an older version which might be causing the problem. Add the path to the Openssl bin directory as shown below:

opensslk.png

Let me know your observations.

Regards,

Dheeraj

0 Likes