cancel
Showing results for 
Search instead for 
Did you mean: 

uClinux STM32F2: Secure communications to the target

vlad239955
Associate II
Posted on January 19, 2012 at 17:08

I'd like to show in this thread how to establish a secure connection to an STM32F2 MCU using the 'dropbear' SSH daemon running on the STM32F2 target under uClinux.

Ability to connect to an embedded device via a secure channel in an unsecure network, such as TCP/IP over Ethernet, is becoming a standard requirement for today's embedded applications. With uClinux, this can be done using the Secure Shell (SSH) protocol. SSH defines secure data communications, remote shell services or command execution and other secure network services for two networked computers communicating in an unsecure network.

The best-known application of this protocol is for access to shell accounts on Unix-like operating systems. With embedded Linux, SSH is often realized using the 'dropbear' daemon, which provides a low-memory / low-resource implementation of the SSH server for UNIX. On the client side, any terminal application that implements the SSH client role can be used to connect to a 'drobear' server; example implementations include: PuTTY, SecureCRT and many others.

Here is a sample uClinux session running on the STMF32F that shows a secure connection to the target using 'dropbear'. This session was run on STmicro's STM322G-EVAL board with Emcraft's STM-MEM add-on card (refer to 

http://www.emcraft.com/index.php/products/89

for further information on that platform).

After reset, U-boot comes up on the board:

 

U-Boot 2010.03-dirty (Jan 19 2012 - 19:08:27)

 

 

CPU  : STM32 F2 series (Cortex-M3)

 

Freqs: SYSCLK=120MHz,HCLK=120MHz,PCLK1=30MHz,PCLK2=60MHz

 

Board: STM3240G-EVAL board + STM-MEM add-on,Rev 2.A

 

DRAM:  32 MB

 

Flash:  8 MB

 

In:    serial

 

Out:   serial

 

Err:   serial

 

Net:   STM32_MAC

 

Hit any key to stop autoboot:  0

U-Boot proceeds to load a bootable Linux image from

external Flash to RAM and run it:

 

♯♯ Booting kernel from Legacy Image at 60020000 ...

 

   Image Name:   Linux-2.6.33-arm1

 

   Image Type:   ARM Linux Kernel Image (uncompressed)

 

   Data Size:    2084544 Bytes =  2 MB

 

   Load Address: 64008000

 

   Entry Point:  64008001

 

   Verifying Checksum ... OK

 

   Loading Kernel Image ... OK

 

OK

 

 

Starting kernel ...

Linux comes on the board showing the following messages relevant to networking and TCP/IP initialization:

 

Linux version 2.6.33-arm1 (psl@ocean.emcraft.com) (gcc version 4.4.1 (Sourcery G++ Lite 2010q1-188) ) &sharp1 Tue Dec 13 19:42:04 MSK 2011

 

CPU: ARMv7-M Processor [412fc230] revision 0 (ARMv7M)

 

CPU: NO data cache, NO instruction cache

 

Machine: STMicro STM32

 

...

 

stm32-eth: found STM32 MAC at 0x40028000, irq 61

 

stm32_mii_bus: probed

 

found PHY id 0x20005c90 addr 1

 

eth0: using MII interface

 

eth0: attached PHY driver [Generic PHY] (mii_bus:phy_addr=00:01, irq=-1)

 

TCP cubic registered

 

NET: Registered protocol family 17

 

PHY: 00:01 - Link is Up - 100/Full

 

IP-Config: Guessing netmask 255.255.0.0

 

IP-Config: Complete:

 

     device=eth0, addr=172.17.3.176, mask=255.255.0.0, gw=255.255.255.255,

 

     host=stm3220g-eval, domain=, nis-domain=(none),

 

     bootserver=172.17.0.1, rootserver=172.17.0.1, rootpath=

 

Freeing init memory: 932K

 

init started: BusyBox v1.17.0 (2011-12-13 19:40:43 MSK)

 

~ ♯

Once at the shell, I just type 'dropbear' to start the SSH daemon (of course it can be started from an init script too):

 

~ ♯ dropbear

 

~ ♯

Now, I can establish a secure connection to the STMF32F board from any machine connected to the same network and then run various Linux commands from the shell on the target. For instance, here is how I establish a secure connection from my Linux machine:

-bash-3.2$ ssh root@172.17.3.176

 

root@172.17.3.176's password:

 

~ ♯ ls

 

bin    dev    etc    httpd  mnt    proc   root   sys    usr    var

 

~ ♯ cat /proc/cmdline

 

stm32_platform=stm3220g-eval console=ttyS2,115200 panic=10 mem=16M ip=172.17.3.176:172.17.0.1:::stm3220g-eval:eth0:off ethaddr=C0:B1:33:88:88:81

 

~ ♯

#uclinux-stm32
0 REPLIES 0