10 files changed, 121 insertions, 29 deletions

diff --git a/examples/boot/bootloader/nrf/Cargo.toml b/examples/boot/bootloader/nrf/Cargo.toml
index 9d5d51a13..897890ca4 100644
--- a/examples/boot/bootloader/nrf/Cargo.toml
+++ b/examples/boot/bootloader/nrf/Cargo.toml
@@ -6,13 +6,13 @@ description = "Bootloader for nRF chips"
 license = "MIT OR Apache-2.0"
 
 [dependencies]
-defmt = { version = "0.3", optional = true }
-defmt-rtt = { version = "0.4", optional = true }
+defmt = { version = "1.0.1", optional = true }
+defmt-rtt = { version = "1.0.0", optional = true }
 
 embassy-nrf = { path = "../../../../embassy-nrf", features = [] }
 embassy-boot-nrf = { path = "../../../../embassy-boot-nrf" }
 cortex-m = { version = "0.7.6", features = ["inline-asm", "critical-section-single-core"] }
-embassy-sync = { version = "0.6.0", path = "../../../../embassy-sync" }
+embassy-sync = { version = "0.7.0", path = "../../../../embassy-sync" }
 cortex-m-rt = { version = "0.7" }
 cfg-if = "1.0.0"
 
diff --git a/examples/boot/bootloader/nrf/src/main.rs b/examples/boot/bootloader/nrf/src/main.rs
index 67c700437..b849a0df3 100644
--- a/examples/boot/bootloader/nrf/src/main.rs
+++ b/examples/boot/bootloader/nrf/src/main.rs
@@ -8,7 +8,7 @@ use cortex_m_rt::{entry, exception};
 use defmt_rtt as _;
 use embassy_boot_nrf::*;
 use embassy_nrf::nvmc::Nvmc;
-use embassy_nrf::wdt;
+use embassy_nrf::wdt::{self, HaltConfig, SleepConfig};
 use embassy_sync::blocking_mutex::Mutex;
 
 #[entry]
@@ -25,8 +25,8 @@ fn main() -> ! {
 
     let mut wdt_config = wdt::Config::default();
     wdt_config.timeout_ticks = 32768 * 5; // timeout seconds
-    wdt_config.run_during_sleep = true;
-    wdt_config.run_during_debug_halt = false;
+    wdt_config.action_during_sleep = SleepConfig::RUN;
+    wdt_config.action_during_debug_halt = HaltConfig::PAUSE;
 
     let flash = WatchdogFlash::start(Nvmc::new(p.NVMC), p.WDT, wdt_config);
     let flash = Mutex::new(RefCell::new(flash));
diff --git a/examples/boot/bootloader/rp/Cargo.toml b/examples/boot/bootloader/rp/Cargo.toml
index 9df396e5e..090a581d4 100644
--- a/examples/boot/bootloader/rp/Cargo.toml
+++ b/examples/boot/bootloader/rp/Cargo.toml
@@ -6,12 +6,12 @@ description = "Example bootloader for RP2040 chips"
 license = "MIT OR Apache-2.0"
 
 [dependencies]
-defmt = { version = "0.3", optional = true }
-defmt-rtt = { version = "0.4", optional = true }
+defmt = { version = "1.0.1", optional = true }
+defmt-rtt = { version = "1.0.0", optional = true }
 
 embassy-rp = { path = "../../../../embassy-rp", features = ["rp2040"] }
 embassy-boot-rp = { path = "../../../../embassy-boot-rp" }
-embassy-sync = { version = "0.6.0", path = "../../../../embassy-sync" }
+embassy-sync = { version = "0.7.0", path = "../../../../embassy-sync" }
 embassy-time = { path = "../../../../embassy-time", features = [] }
 
 cortex-m = { version = "0.7.6", features = ["inline-asm", "critical-section-single-core"] }
diff --git a/examples/boot/bootloader/stm32-dual-bank/Cargo.toml b/examples/boot/bootloader/stm32-dual-bank/Cargo.toml
index b91b05412..67edc6a6c 100644
--- a/examples/boot/bootloader/stm32-dual-bank/Cargo.toml
+++ b/examples/boot/bootloader/stm32-dual-bank/Cargo.toml
@@ -6,8 +6,8 @@ description = "Example bootloader for dual-bank flash STM32 chips"
 license = "MIT OR Apache-2.0"
 
 [dependencies]
-defmt = { version = "0.3", optional = true }
-defmt-rtt = { version = "0.4", optional = true }
+defmt = { version = "1.0.1", optional = true }
+defmt-rtt = { version = "1.0.0", optional = true }
 
 embassy-stm32 = { path = "../../../../embassy-stm32", features = [] }
 embassy-boot-stm32 = { path = "../../../../embassy-boot-stm32" }
@@ -15,7 +15,7 @@ cortex-m = { version = "0.7.6", features = [
   "inline-asm",
   "critical-section-single-core",
 ] }
-embassy-sync = { version = "0.6.0", path = "../../../../embassy-sync" }
+embassy-sync = { version = "0.7.0", path = "../../../../embassy-sync" }
 cortex-m-rt = { version = "0.7" }
 embedded-storage = "0.3.1"
 embedded-storage-async = "0.4.0"
diff --git a/examples/boot/bootloader/stm32/Cargo.toml b/examples/boot/bootloader/stm32/Cargo.toml
index 541186949..fe81b5151 100644
--- a/examples/boot/bootloader/stm32/Cargo.toml
+++ b/examples/boot/bootloader/stm32/Cargo.toml
@@ -6,13 +6,13 @@ description = "Example bootloader for STM32 chips"
 license = "MIT OR Apache-2.0"
 
 [dependencies]
-defmt = { version = "0.3", optional = true }
-defmt-rtt = { version = "0.4", optional = true }
+defmt = { version = "1.0.1", optional = true }
+defmt-rtt = { version = "1.0.0", optional = true }
 
 embassy-stm32 = { path = "../../../../embassy-stm32", features = [] }
 embassy-boot-stm32 = { path = "../../../../embassy-boot-stm32" }
 cortex-m = { version = "0.7.6", features = ["inline-asm", "critical-section-single-core"] }
-embassy-sync = { version = "0.6.0", path = "../../../../embassy-sync" }
+embassy-sync = { version = "0.7.0", path = "../../../../embassy-sync" }
 cortex-m-rt = { version = "0.7" }
 embedded-storage = "0.3.1"
 embedded-storage-async = "0.4.0"
diff --git a/examples/boot/bootloader/stm32wb-dfu/Cargo.toml b/examples/boot/bootloader/stm32wb-dfu/Cargo.toml
index 050b672ce..0bb93b12e 100644
--- a/examples/boot/bootloader/stm32wb-dfu/Cargo.toml
+++ b/examples/boot/bootloader/stm32wb-dfu/Cargo.toml
@@ -6,19 +6,19 @@ description = "Example USB DFUbootloader for the STM32WB series of chips"
 license = "MIT OR Apache-2.0"
 
 [dependencies]
-defmt = { version = "0.3", optional = true }
-defmt-rtt = { version = "0.4", optional = true }
+defmt = { version = "1.0.1", optional = true }
+defmt-rtt = { version = "1.0.0", optional = true }
 
 embassy-stm32 = { path = "../../../../embassy-stm32", features = [] }
 embassy-boot-stm32 = { path = "../../../../embassy-boot-stm32" }
 cortex-m = { version = "0.7.6", features = ["inline-asm", "critical-section-single-core"] }
-embassy-sync = { version = "0.6.0", path = "../../../../embassy-sync" }
+embassy-sync = { version = "0.7.0", path = "../../../../embassy-sync" }
 cortex-m-rt = { version = "0.7" }
 embedded-storage = "0.3.1"
 embedded-storage-async = "0.4.0"
 cfg-if = "1.0.0"
 embassy-usb-dfu = { version = "0.1.0", path = "../../../../embassy-usb-dfu", features = ["dfu", "cortex-m"] }
-embassy-usb = { version = "0.3.0", path = "../../../../embassy-usb", default-features = false }
+embassy-usb = { version = "0.4.0", path = "../../../../embassy-usb", default-features = false }
 embassy-futures = { version = "0.1.1", path = "../../../../embassy-futures" }
 
 [features]
@@ -30,6 +30,7 @@ defmt = [
     "embassy-usb/defmt",
     "embassy-usb-dfu/defmt"
 ]
+verify = ["embassy-usb-dfu/ed25519-salty"]
 
 [profile.dev]
 debug = 2
diff --git a/examples/boot/bootloader/stm32wb-dfu/README.md b/examples/boot/bootloader/stm32wb-dfu/README.md
index d5c6ea57c..99a7002c4 100644
--- a/examples/boot/bootloader/stm32wb-dfu/README.md
+++ b/examples/boot/bootloader/stm32wb-dfu/README.md
@@ -1,11 +1,63 @@
 # Bootloader for STM32
 
-The bootloader uses `embassy-boot` to interact with the flash.
+This bootloader implementation uses `embassy-boot` and `embassy-usb-dfu` to manage firmware updates and interact with the flash memory on STM32WB55 devices.
 
-# Usage
+## Prerequisites
 
-Flash the bootloader
+- Rust toolchain with `cargo` installed
+- `cargo-flash` for flashing the bootloader
+- `dfu-util` for firmware updates
+- `cargo-binutils` for binary generation
+
+## Usage
+
+### 1. Flash the Bootloader
+
+First, flash the bootloader to your device:
 
 ```
 cargo flash --features embassy-stm32/stm32wb55rg --release --chip STM32WB55RGVx
 ```
+
+### 2. Build and Flash Application
+
+Generate your application binary and flash it using DFU:
+
+```
+cargo objcopy --release -- -O binary fw.bin
+dfu-util -d c0de:cafe -w -D fw.bin
+```
+
+### 3. Sign Updates Before Flashing (Optional)
+
+Currently, embassy-usb-dfu only supports a limited implementation of the generic support for ed25519-based update verfication in embassy-boot. This implementation assumes that a signature is simply concatenated to the end of an update binary. For more details, please see https://embassy.dev/book/#_verification and/or refer to the documentation for embassy-boot-dfu.
+
+To sign (and then verify) application updates, you will first need to generate a key pair:
+
+```
+signify-openbsd -G -n -p secrets/key.pub -s secrets/key.sec
+tail -n1 secrets/key.pub | base64 -d -i - | dd ibs=10 skip=1 > secrets/key.pub.short
+```
+
+Then you will need to sign all you binaries with the private key:
+
+```
+cargo objcopy --release -- -O binary fw.bin
+shasum -a 512 -b fw.bin | head -c128 | xxd -p -r > target/fw-hash.txt
+signify-openbsd -S -s secrets/key.sec -m target/fw-hash.txt -x target/fw-hash.sig
+cp fw.bin fw-signed.bin
+tail -n1 target/fw-hash.sig | base64 -d -i - | dd ibs=10 skip=1 >> fw-signed.bin
+dfu-util -d c0de:cafe -w -D fw-signed.bin
+```
+
+Finally, as shown in this example with the `verify` feature flag enabled, you then need to embed the public key into your bootloader so that it can verify update signatures.
+
+N.B. Please note that the exact steps above are NOT a good example of how to manage your keys securely. In a production environment, you should take great care to ensure that (at least the private key) is protected and not leaked into your version control system.
+
+## Troubleshooting
+
+- Make sure your device is in DFU mode before flashing
+- Verify the USB VID:PID matches your device (c0de:cafe)
+- Check USB connections if the device is not detected
+- Make sure the transfer size option of `dfu-util` matches the bootloader configuration. By default, `dfu-util` will use the transfer size reported by the device, but you can override it with the `-t` option if needed.
+- Make sure `control_buf` size is larger than or equal to the `usb_dfu` `BLOCK_SIZE` parameter (in this example, both are set to 4096 bytes).
diff --git a/examples/boot/bootloader/stm32wb-dfu/memory.x b/examples/boot/bootloader/stm32wb-dfu/memory.x
index 858062631..77c4d2ee2 100644
--- a/examples/boot/bootloader/stm32wb-dfu/memory.x
+++ b/examples/boot/bootloader/stm32wb-dfu/memory.x
@@ -1,10 +1,10 @@
 MEMORY
 {
   /* NOTE 1 K = 1 KiBi = 1024 bytes */
-  FLASH                             : ORIGIN = 0x08000000, LENGTH = 24K
-  BOOTLOADER_STATE                  : ORIGIN = 0x08006000, LENGTH = 4K
-  ACTIVE                            : ORIGIN = 0x08008000, LENGTH = 128K
-  DFU                               : ORIGIN = 0x08028000, LENGTH = 132K
+  FLASH                             : ORIGIN = 0x08000000, LENGTH = 48K
+  BOOTLOADER_STATE                  : ORIGIN = 0x0800C000, LENGTH = 4K
+  ACTIVE                            : ORIGIN = 0x0800D000, LENGTH = 120K
+  DFU                               : ORIGIN = 0x0802B000, LENGTH = 120K
   RAM                         (rwx) : ORIGIN = 0x20000000, LENGTH = 16K
 }
 
diff --git a/examples/boot/bootloader/stm32wb-dfu/secrets/key.pub.short b/examples/boot/bootloader/stm32wb-dfu/secrets/key.pub.short
new file mode 100644
index 000000000..7a4de8585
--- /dev/null
+++ b/examples/boot/bootloader/stm32wb-dfu/secrets/key.pub.short
@@ -0,0 +1 @@
+gB��p�M�S��z��Kg��!�F���!4�r
\ No newline at end of file
diff --git a/examples/boot/bootloader/stm32wb-dfu/src/main.rs b/examples/boot/bootloader/stm32wb-dfu/src/main.rs
index 093b39f9d..107f243fd 100644
--- a/examples/boot/bootloader/stm32wb-dfu/src/main.rs
+++ b/examples/boot/bootloader/stm32wb-dfu/src/main.rs
@@ -12,7 +12,7 @@ use embassy_stm32::rcc::WPAN_DEFAULT;
 use embassy_stm32::usb::Driver;
 use embassy_stm32::{bind_interrupts, peripherals, usb};
 use embassy_sync::blocking_mutex::Mutex;
-use embassy_usb::Builder;
+use embassy_usb::{msos, Builder};
 use embassy_usb_dfu::consts::DfuAttributes;
 use embassy_usb_dfu::{usb_dfu, Control, ResetImmediate};
 
@@ -20,6 +20,17 @@ bind_interrupts!(struct Irqs {
     USB_LP => usb::InterruptHandler<peripherals::USB>;
 });
 
+// This is a randomly generated GUID to allow clients on Windows to find your device.
+//
+// N.B. update to a custom GUID for your own device!
+const DEVICE_INTERFACE_GUIDS: &[&str] = &["{EAA9A5DC-30BA-44BC-9232-606CDC875321}"];
+
+// This is a randomly generated example key.
+//
+// N.B. Please replace with your own!
+#[cfg(feature = "verify")]
+static PUBLIC_SIGNING_KEY: &[u8; 32] = include_bytes!("../secrets/key.pub.short");
+
 #[entry]
 fn main() -> ! {
     let mut config = embassy_stm32::Config::default();
@@ -52,7 +63,13 @@ fn main() -> ! {
         let mut config_descriptor = [0; 256];
         let mut bos_descriptor = [0; 256];
         let mut control_buf = [0; 4096];
-        let mut state = Control::new(updater, DfuAttributes::CAN_DOWNLOAD);
+
+        #[cfg(not(feature = "verify"))]
+        let mut state = Control::new(updater, DfuAttributes::CAN_DOWNLOAD, ResetImmediate);
+
+        #[cfg(feature = "verify")]
+        let mut state = Control::new(updater, DfuAttributes::CAN_DOWNLOAD, ResetImmediate, PUBLIC_SIGNING_KEY);
+
         let mut builder = Builder::new(
             driver,
             config,
@@ -62,7 +79,28 @@ fn main() -> ! {
             &mut control_buf,
         );
 
-        usb_dfu::<_, _, _, ResetImmediate, 4096>(&mut builder, &mut state);
+        // We add MSOS headers so that the device automatically gets assigned the WinUSB driver on Windows.
+        // Otherwise users need to do this manually using a tool like Zadig.
+        //
+        // It seems these always need to be at added at the device level for this to work and for
+        // composite devices they also need to be added on the function level (as shown later).
+        //
+        builder.msos_descriptor(msos::windows_version::WIN8_1, 2);
+        builder.msos_feature(msos::CompatibleIdFeatureDescriptor::new("WINUSB", ""));
+        builder.msos_feature(msos::RegistryPropertyFeatureDescriptor::new(
+            "DeviceInterfaceGUIDs",
+            msos::PropertyData::RegMultiSz(DEVICE_INTERFACE_GUIDS),
+        ));
+
+        usb_dfu::<_, _, _, _, 4096>(&mut builder, &mut state, |func| {
+            // You likely don't have to add these function level headers if your USB device is not composite
+            // (i.e. if your device does not expose another interface in addition to DFU)
+            func.msos_feature(msos::CompatibleIdFeatureDescriptor::new("WINUSB", ""));
+            func.msos_feature(msos::RegistryPropertyFeatureDescriptor::new(
+                "DeviceInterfaceGUIDs",
+                msos::PropertyData::RegMultiSz(DEVICE_INTERFACE_GUIDS),
+            ));
+        });
 
         let mut dev = builder.build();
         embassy_futures::block_on(dev.run());