2021-04-16 07:03 AM
I am trying to implement a firmware integrity check using the Cryptographic Library (X-CUBE-CRYPTOLIB) for this I have to calculate the SHA256 checksum and then determine the padding and include it in the binary that I will upload to the board.
I've been watching STM's mooc Security part 4
https://www.youtube.com/watch?v=RahlfYJ1gDs&list=PLnMKNibPkDnF0wt-ZI74SflnsBV4yKzkO&index=7
And in the lab they do the verification for a stm32g0. The problem is that I do not know how to determine the size of the firmware, in the laboratory they use the page size but on my board the flash memory has blocks of different sizes:
I also have an external memory to which I also want to make the SHA256 calculation. This memory consists of 256 blocks of 64k (These are all the same size).
Another difficulty I have is that the hex file covers two sectors (internal and external flash) so I don't know whether to put the internal and external hashes separately (just after the FW zone hit).
2021-05-04 11:11 AM
Hello,
You must find a way to compute your firmware size. Either in one part or 2 parts.
There is no padding needed to compute a hash, and no relation with sector size.
Now, if you want to be sure no code will be injected in spare parts of the flash, you can compute the hash on the whole memory, but this will take much longer to check at boot time.
Best regards
Jocelyn