2023-05-15 01:07 AM
Hello,
We have an STM32 project with SBSFU bootloader used for firmware updates. We have a pipeline that is triggered from GitLab that will compile and sign the firmware and update pakcage. Before taking production private keys into use, we are considering strategies for secure storage of the keys while still trying to keep things as simple and automated as possible.
One option would be to add a manual step to the pipeline where update packages are signed and encrypted in an offline computer. Other option would be to store private keys only in RAM of the machine running the pipeline which would minimize risk of leaking the keys. This would have the benefit of keeping everything automated. The problem is that I haven't figured out a way of supplying the key to the prepareimage.py script from a variable stored in RAM, it seems to require a file. Is there any way of achieving this?
Is there a way of integrating a HSM (hardware security model) to the SBSFU process?
Thanks!
Solved! Go to Solution.
2023-05-22 06:30 AM
" The problem is that I haven't figured out a way of supplying the key to the prepareimage.py"
The key could be stored in a secure area on the machine running the pipeline using something like HashiCorp Vault. You pull the production key out of the vault, and use a script to replace the key in ECCKEY1.txt with your production key. After the build is finished you can delete the ECCKEY1.txt file, or if the pipeline is run in a docker, then the key will be destroyed when the docker is torn down.
Brent
2023-05-22 06:30 AM
" The problem is that I haven't figured out a way of supplying the key to the prepareimage.py"
The key could be stored in a secure area on the machine running the pipeline using something like HashiCorp Vault. You pull the production key out of the vault, and use a script to replace the key in ECCKEY1.txt with your production key. After the build is finished you can delete the ECCKEY1.txt file, or if the pipeline is run in a docker, then the key will be destroyed when the docker is torn down.
Brent
2023-05-22 11:54 PM
The "prepareimage.py" is a "basic tool" we provide with our package but there is no guarantee that it is production level quality software.
The signing pipeline must be studied carefully.
You can find an example of HSM integration in the process with the Secure Firmware Installation offer:
STM32Trust - STMicroelectronics
But this is not SBSFU and this is not integrated with GitLab.