[embassy-usb-dfu] support ed25519 verification

This commit adds the ability to verify that USB DFU updates are correctly signed using ed25519. This required adding support to embassy-boot for reading from the DFU partition.
author: Gerhard de Clercq <[email protected]> 2025-04-15 20:16:09 +0200
committer: Gerhard de Clercq <[email protected]> 2025-05-23 12:40:19 +0200
commit: 68a45490fc1675f2171131ccbf01f690c4123f01 (patch)
tree: 42606d9fa51bf50e6d7d84623123616600a70cce /embassy-usb-dfu/src
parent: f7405493c184ce453ac3f7ba97f7f2689f978194 (diff)
1 files changed, 30 insertions, 3 deletions
diff --git a/embassy-usb-dfu/src/dfu.rs b/embassy-usb-dfu/src/dfu.rs
index 0f39d906b..9a2f125fb 100644
--- a/embassy-usb-dfu/src/dfu.rs
+++ b/embassy-usb-dfu/src/dfu.rs
@@ -19,11 +19,19 @@ pub struct Control<'d, DFU: NorFlash, STATE: NorFlash, RST: Reset, const BLOCK_S
    offset: usize,
    buf: AlignedBuffer<BLOCK_SIZE>,
    reset: RST,
+    #[cfg(feature = "_verify")]
+    public_key: &'static [u8; 32],
 }
 impl<'d, DFU: NorFlash, STATE: NorFlash, RST: Reset, const BLOCK_SIZE: usize> Control<'d, DFU, STATE, RST, BLOCK_SIZE> {
    /// Create a new DFU instance to handle DFU transfers.
-    pub fn new(updater: BlockingFirmwareUpdater<'d, DFU, STATE>, attrs: DfuAttributes, reset: RST) -> Self {
+    pub fn new(
+        updater: BlockingFirmwareUpdater<'d, DFU, STATE>,
+        attrs: DfuAttributes,
+        reset: RST,
+        #[cfg(feature = "_verify")] public_key: &'static [u8; 32],
+    ) -> Self {
        Self {
            updater,
            attrs,
@@ -32,6 +40,9 @@ impl<'d, DFU: NorFlash, STATE: NorFlash, RST: Reset, const BLOCK_SIZE: usize> Co
            offset: 0,
            buf: AlignedBuffer([0; BLOCK_SIZE]),
            reset,
+            #[cfg(feature = "_verify")]
+            public_key,
        }
    }
@@ -102,7 +113,23 @@ impl<'d, DFU: NorFlash, STATE: NorFlash, RST: Reset, const BLOCK_SIZE: usize> Ha
                if final_transfer {
                    debug!("Receiving final transfer");
-                    match self.updater.mark_updated() {
+                    #[cfg(feature = "_verify")]
+                    let update_res: Result<(), FirmwareUpdaterError> = {
+                        const SIGNATURE_LEN: usize = 64;
+                        let mut signature = [0; SIGNATURE_LEN];
+                        let update_len = (self.offset - SIGNATURE_LEN) as u32;
+                        self.updater.read_dfu(update_len, &mut signature).and_then(|_| {
+                            self.updater
+                                .verify_and_mark_updated(self.public_key, &signature, update_len)
+                        })
+                    };
+                    #[cfg(not(feature = "_verify"))]
+                    let update_res = self.updater.mark_updated();
+                    match update_res {
                        Ok(_) => {
                            self.status = Status::Ok;
                            self.state = State::ManifestSync;
@@ -168,7 +195,7 @@ impl<'d, DFU: NorFlash, STATE: NorFlash, RST: Reset, const BLOCK_SIZE: usize> Ha
                Some(InResponse::Accepted(&buf[0..1]))
            }
            Ok(Request::Upload) if self.attrs.contains(DfuAttributes::CAN_UPLOAD) => {
-                //TODO: FirmwareUpdater does not provide a way of reading the active partition, can't upload.
+                //TODO: FirmwareUpdater provides a way of reading the active partition so we could in theory add functionality to upload firmware.
                Some(InResponse::Rejected)
            }
            _ => None,
author	Gerhard de Clercq <[email protected]>	2025-04-15 20:16:09 +0200
committer	Gerhard de Clercq <[email protected]>	2025-05-23 12:40:19 +0200
commit	68a45490fc1675f2171131ccbf01f690c4123f01 (patch)
tree	42606d9fa51bf50e6d7d84623123616600a70cce /embassy-usb-dfu/src
parent	f7405493c184ce453ac3f7ba97f7f2689f978194 (diff)