Securing iMx RT 1020 with HAB

Renugadevi P
27. November 2019 · Write a comment · Categories: Internet of Things, Miscellaneous, Technology

As discussed in the earlier blog, it is becoming very important, in an embedded system, to ensure authenticity of the firmware before running it. Also, the system has to be made tamper proof against further hacking, especially for remotely managed internet connected IoT applications.

To prevent breach of security, the software can be strengthened with various techniques based on the underlying MCU and peripheral set. This blog discusses in particular how it can be done for iMx RT1020 based devices using the High Assurance Boot (HAB) mechanism as recommended by NXP.

Secure Boot Concepts

NXP’s HAB uses the mechanism of asymmetric encryption to protect its firmware. To give a quick introduction to asymmetric encryption, it is essentially creating a pair of keys in a way that one of the keys can encrypt the message and other can decrypt the message (and vice versa). It is mathematically impossible to use the same key used for encryption to decrypt the message. Also, with increased key sizes, it will be highly resource consuming to decrypt a message without the other pair.

Thus, with asymmetric encryption, it is enough to protect one of the keys (private key) and other can be shared (public key). The message encrypted by the private key can only be decrypted by the public key. Further if the public key (or at least its hash) is stored in a location that can not be modified such as On Time Programmable Flash, it will be impossible for any one to compromise the system. An attempt to modify the public key will be nullified because of the check with the OTP memory.

The high level of the above sequence can be capture in the below sequence diagram.

During the device provisioning process, the public and private key pairs are generated and private key is secured in the provisioning system. Hash for the public key is generated and stored in the device OTP area, which prevents further modification.

In the code signing sequence, the firmware image is hashed and encrypted using the private key. The final image generated is comprised of the firmware image, its encrypted image along with the public key and the same is programmed on to the boot memory.

During the bootup sequence, the HAB logic extracts the individual components of the signed image and validates to authenticity of the public key by comparing the computed hash and that stored in the OTP fuses. It is impossible to create public key such that the hash is same there by preventing any attempt of overriding the public key by external parties. Then it proceeds to calculate the hash of the firmware. It is compared with a hash generated by decrypting the encrypted hash using the public key. If it is a match, it proceeds to boot. If it fails in any of the place, the boot is aborted.

Code Signing for i.Mx RT1020

NXP provides all the tools necessary for generating public-private key pairs, code signing and blowing boot flashes such as MfgTool, elftosb, cst etc.

The device can be programmed using two methods: Device Boot and Secure Boot. The Device boot mode can be used during development purposes and secure boot for final programming. If the device is once programmed in Secure boot mode, it is not possible to revert back to Dev Boot mode and all further firmware has to be signed properly. The programming process is carried out by Flashloader tools such as- elftosb tool for boot image creation, Mfg tool for boot image programming.

Dev Boot Mode

To program the device, use the Mfgtool.

Create unsigned boot_image.sb using elftosb tool from SREC format of the application image (app.s19 file).
Make sure the file inside the Mfg tool is available in the name – cfg.ini
The content inside the file should be in the following format : chip → MXRT102X, name → MXRT102X-DevBoot
Import the boot_image.sb file to …/Tools/mfgtools-rel/Profiles/MXRT102X/OS Firmware from …/Tools/elftosb/linux/amd64/
After generating the boot_image.sb and placing it in the following directory …/Tools/mfgtools-rel/Profiles/MXRT102X/OS Firmware

Change the device’s boot mode into serial downloader mode and connect it to the host PC
Run the MfgTool and press the start button to program the target.
To exit MfgTool, click “Stop” and “Exit” in turn

Secure Boot Mode

To program the OTP flash once with hash of the public key, use the Mfgtool as follows

Check whether the device is in serial downloader mode
Generate the private/public keys using CST tool and create fuse.bin and fuse.table files.
Make sure the file inside the Mfg tool is available in the name – cfg.ini
The content inside the file should be in the following format : chip → MXRT102X, name → MXRT102X-Burnfuse
Create and import the enable_hab.sb file to the following directory …/Tools/mfgtools-rel/Profiles/MXRT102X/OS Firmware from the directory …/Flashloader_RT1020_1.0_GA/Tools/elftosb/linux/amd64/
After programming the above mentioned enable_hab.sb file successfully, the device will be ready for secure boot.

The above process of programming the fuse has to be executed only once. Further mode to program the device with signed image, use the Mfgtool as follows

Create signed boot_image.sb using elftosb tool from SREC format of the application image (app.s19 file).
Check whether the file inside the Mfg tool is available in the name – cfg.ini
The content inside the file should be in the following format : chip → MXRT102X, name → MXRT102X-SecureBoot
Import the signed boot_image.sb file to the following directory …/Tools/mfgtools-rel/Profiles/MXRT102X/OS Firmware from the directory …/Flashloader_RT1020_1.0_GA/Tools/elftosb/linux/amd64/

The details of the process can be obtained from NXP i.Mx1020 product page. Once secured, it will be impossible to run unauthorized software.

Same concepts can be extended to OTA updates so that the new firmware can be authenticated even before programming.

About Embien :

Embien has been actively developing IoT devices that form important part of a larger network with huge ramifications on security. We have been using advanced tools and techniques to prevent unauthorized access and tampering of the device. Get in touch with us to get your design unprecedented security.

Introduction to LoRa Technology

Arun Kumar V
27. February 2019 · Write a comment · Categories: General, Internet of Things, Miscellaneous, Technology

With deployment of IoT is spreading across various domains and applications, the requirements of the underlying communication mechanism varies. There is no one-size-fill-all solution as the needs are different in case of throughput, range, power consumption etc. There are many wireless communication technologies, such as Short-range wireless, Cellular, LPWAN etc.

LPWAN stands for Low Power Wide Area Network, designed for sending small data packages over long distances. While short range technologies like Bluetooth, Wi-Fi, Zigbee are cheap, it is limited by distance, cellular technologies like 3G, 4G and 5G have more transmission rate and range but are more costly and high power consuming. LPWAN has overcome the cons of existing wireless technology by compromising on the data rate and featuring the long-range data transmission, low power consumption and being economical. Some of the technologies that comes under LPWAN includes Narrowband IoT (NB-IoT), Sigfox, LoRa and others.

Heterogeneous Wireless communication Technologies

Of these LPWAN, LoRa has a significant market share and finds application across use cases.

Following are key features of LoRa Technology,

It has very wide coverage range about 5 km in urban areas and 15 km in suburban areas
Battery lifetime up to 15 years
One LoRa gateway takes care of thousands of nodes.
Easy to deploy and low cost.
Enhanced the secure data transmission by embedded end-to-end AES128 encryption

In this blog, we will cover the underlying technology behind LoRa and its network topology.

LoRa Technology

LoRa is a long range, low power, inexpensive technology for Internet of Things (IoT) developed by a company called Cycleo, France in 2009, later acquired by Semtech in 2012. The LoRa radio and modulation part is patented and its source is closed. Semtech has licensed its LoRa intellectual property to other chip manufacturers. The LoRa Alliance, an open, non-profit association has been formed to promote the adoption of this technology and has grown to more than 500 members since its inception in March 2015.

The most important aspect of the LoRa is that it uses license-free sub-gigahertz radio frequency ISM bands in the deployed region such as 868 MHz in Europe and 915MHz in North America. Thus, there is no need for a separate licensing for using LoRa in any country.

Usually in digital communication, there are three types of basic modulation techniques such as

Amplitude Shift Keying, Frequency Shift Keying and Phase Shift Keying, in which either amplitude or frequency or phase of the carrier varies according to the digital signal changes. The short coming with these approaches is that since the bandwidth is quiet limited the signal is quiet prone to interference and could be easily jammed. To over come this, spread spectrum techniques are being used where by the signal is modulated such that it is spread across the entire bandwidth. There are many spread spectrum techniques such as DSSS, FHSS, THSS, CSS etc.

Chirp Spread Spectrum

LoRa is a proprietary spread spectrum modulation scheme that is based on Chirp Spread Spectrum modulation (CSS). Chirp Spread Spectrum is a spread spectrum technique that uses wideband linear frequency modulated chirp pulses to encode information. A chirp is a sinusoidal signal whose frequency increases(up chirp) or decreases(down chirp) over time across the entire bandwidth. This signal is used as the carrier and is modulated according to the data to be transmitted.

LoRa uses three bandwidths: 125kHz, 250kHz and 500kHz. The chirp uses the entire bandwidth and the spreading factors are – in short – the duration of the chirp. LoRa operates with spread factors from 7 to 12. This delivers orthogonal transmissions at different data rates. Moreover it provides processing gain and hence transmitter output power can be reduced with same RF link budget and will increase battery life.

LoRa WAN

While LoRa is the underlying physical part, LoRaWAN is the network on which that LoRa operates. It is a media access control (MAC) in the data link layer that is maintained by the LoRa Alliance. LoRaWAN defines a set of rules and software that ensures data arrives with an acknowledgement and does not have duplicate packets. It is a network architecture that is deployed in a star topology and so the communication between the end node and gateway is bidirectional.

LoRaWAN defines role of end points and gateway. End points or End nodes are the remote nodes typically housing the sensors/actuators. Gateways or Concentrators forms the heart of the star topology, to which the end points communicate to.

Lora WAN Network Architecture

When an end node transmits data to the gateway, it is called an uplink. When the gateway transmits data to the end node, it is called a downlink. The gateways forward this packet to the network server. The network server collects the messages from all gateways and filters out the duplicate data and determines the gateway that has the best reception. The network server forwards the packet to the correct application server where the end user can process the sensor data. Optionally the application server can send a response back to the end node. When a response is sent, the network server receives the response and determines which gateway to use to broadcast the response back to the end node.

The LoRaWAN protocol defines the Adaptive Data Rate (ADR) scheme to control the uplink transmission parameters of LoRa devices. Whether the ADR functionality will be used is requested by the end nodes by setting the ADR flag in the uplink message. If the ADR flag is set, the network server can control the end node’s transmission parameters. ADR should only be used in stable Radio Frequency (RF) situations where end nodes do not move. Mobile end nodes which are stationary for longer times can enable ADR during those times.

This blog introduced the basics behind LoRa technology including the underlying communication techniques and network topology. In the next blog, we will cover the communication model in more detail including the classes, bands and also the typical configuration available in a gateway.

About Embien: Embien Technologies is a proven enabler in adoption of IoT. We have been working with different communication technologies such as ZigBee, BLE, SigFox, LoRa, NB-IoT and have designed gateways to inter-operate between them. Our services include end device development, gateways design, cloud application development and analytics.

Controller Area Network (CAN) – In Detail

Saravana Pandian Annamalai
16. November 2018 · Write a comment · Categories: ARM, Embedded Hardware, Embedded Software, Embedded System, Technology

In the last blog, we have covered the basics of CAN communication. Now, we will see about some of the advanced concepts involved such as Bit Stuffing, frame types, error types, Synchronization etc. We will also look into some of the non-standard extensions available in modern CAN controllers.

Generally, all CAN modules support the classical CAN protocol. It can receive and transmit both CAN base and the CAN extended frames. The transmission and reception of CAN FD frames is optional. Classical CAN Implementation do not support 29-bit identifiers. CAN 2.0B passive nodes were compliant with ISO 11898-1:2003, but it used very rarely. In this context, let us explore some of other concepts in detail.

Bit Stuffing

Bit Stuffing is used to ensure the synchronization of all nodes even when transmitting consecutive information with same value either 1 or 0.
During the transmission of message, a maximum of five consecutive bits may have the same polarity. In this case, the transmitter will insert the one additional bit of opposite polarity into the bit stream before transmitting the further bits. This will ensure that there is always some activity in the bus with in 6-bit intervals and hence avoid DC Voltage build up as well as being in sync with the transmitter.

Stuffing and De-stuffing

Stuffing and De-stuffing

On the receiving end, similarly the receiver also checks the number of bits of same polarity and removes the stuffed bits again from the bit stream in a process called de-stuffing.

CAN Frame Types

There are 5 types of frames in CAN protocol;

Data Frame (DF):

Carries Data from transmitting node to receiving node.

Remote Frame (RF):

Some times, a node might want to request some data from another which is made possible by Remote frame.
There are two differences between data and Remote frames.
RTR field of a data frame is dominant and RTR field of remote frame is recessive.
In data frame format data field is present, whereas in Remote frame format data field is absent.

The receiver will understand that transmitter is requesting some date and then prepares and sends the Data frame based on the protocol.

Error Frame (EF):

This type of frame is transmitted by any node to signal error.
The error frame consists of two different fields in CAN.
superposition of ERROR FLAGS (6–12 dominant/recessive bits)
ERROR DELIMITER (8 recessive bits).
There are two types of error flags:

Active Error Flag

When the Transmitting node transmitted six dominant bits, the error will be detected in network and the error sate called active error flag.

Passive Error Flag

When the Transmitting node transmitted six recessive bits, the error will be detected in network and the error sate called passive error flag.

Active and Passive Error Frames

Now let us see, how the CAN manages error states. In every CAN node, there are 2 error counters – Transmit Error Counter (TEC) and Receive Error Counter (REC). When the transmitter detects an error in the transmitted frame, it increments the TEC by 8. A receiver detecting an error will increment its REC by 1. On successful transmission/reception the error counters are reduced by 1.
Based on the error counts, the node behavior varies.

By default, the Active Error frame will be transmitted on the bus, when TEC and REC < 128. Thus, it will invalidate the frame globally.
But when 127 < TEC \ REC > 255, the passive Error frame will be transmitted on the bus, without affecting the bus traffic.
Finally, the node enters into the Bus off state, when TEC > 255. If node enters into the bus off state then no frames will be transmitted.

In any case, both transmitter and receiver reject the erroneous frames completely and do not process it any further.

Overload Frame (OF):

Overload frame contains two fields such as Overload flag and Overload Delimiter.
The over load frame will be generated, when the receiving node is overloaded – i.e. it is not able to detect and receive the incoming messages. The format is very similar to Error Frame but without the error counters incrementing. An Overload frame indicates that its transmitter require delay before receiving next data or remote frame and is mostly not used in modern CAN controllers.

Inter Frame Space (IFS):

Data frames and remote frames are separated from preceding frames and succeeding frame by a bit field called interframe space. It consists of three consecutive recessive bits. Following that, if a dominant bit is detected, it will be regarded as the “Start of frame” bit of the next frame.

Frame on CAN Bus

Frame on CAN BUS

Error Types

There are 5 types of error in CAN protocol.

Bit error:

Every node reads back, bit by bit from the bus during transmitting the message and then compares the transmitted bit value with received bit value. If bit received does not match with bit sent, then Bit error is said to be occurred.

Stuff error:

Set when more than five consecutive bits of same polarity are received in receiving node.

CRC error:

A transmitted always transmits the CRC value in the CRC field of CAN frame. The receiving node also calculates the CRC value using same formula and compares with received CRC value. If receiving node detects mismatch between calculated CRC values and received CRC value then it is called CRC error.

ACK error:

Occurs when no acknowledgment is sent by receiving node or no acknowledgment received in transmitting node.

Form error:

Set when fixed format fields in receive frame is violated. No dominant bits are allowed in CRC delimiter, ACK delimiter, EOF and IFS.

Synchronization and Re-synchronization

As there is no separate clock signal on the CAN bus, the node itself need to synchronize on the bus. For that reason, the underlying transmission format is NRZ-5 coding.
When the transmitting node sends CAN frame it consists the first bit of SOF (start of frame). All the receivers align themselves to this falling edge (recessive to dominant) after the period of bus idle. This mechanism is called hard synchronization.
After subsequent falling edges on the CAN frame are used to re-synchronize the nodes on bus and it is called soft synchronization. This resynchronization happens continuously at every falling edge (recessive to dominant transition) to ensure transmitting and receiving nodes stay in sync.

Additional functions

Some CAN protocol implementations offer optional functions that may or may not be a part of CAN specification. These include, for example, the single-shot transmission of data frames. This means that the automatic re-transmission in case of detected errors is disabled. This is useful for TTCAN add-ons and some tool applications.
Another option generally available is the bus-monitoring mode. The node can receive data and remote frames, but doesn’t acknowledge them and also doesn’t send error and overload flags. Nevertheless, these dominant bits are communicated internally in the CAN module.
In another optional restricted operation mode, the CAN module behaves equally, but it acknowledges received data and remote frames. The error counters are not incremented and decremented in this mode. If a node is the TTCAN time master, it must be able to transmit the time-reference message; other frames must not be transmitted.
For some applications, message time stamping is required. ISO 11898-1:2015 specifies that the optional time-stamp function features resolutions of 8-bit, 16-bit, or 32-bit. The time-base value is captured at the reference point of each data frame and it is readable after EOF (end-of-frame). Other (not standardized) optional functions include readable error counters, configurable warning limits, interrupt request generation, and arbitration lost capture.
If the CAN implementation allows changing the configuration of a node by software, the configuration data (e.g. bit-time configuration or operating mode) needs to be locked against changes while CAN communication is ongoing.

Armed with details of CAN communication, we will now attempt to understand general configuration of a CAN node for transmission and reception with examples from a real controller.

About Embien

Embien Technologies is a leading provider of product engineering services for the Automotive, Semi-conductor, Industrial, Consumer and Health Care segments. Working with OEMs in Industrial segments, we have developed numerous gateways, sensory modes on top of CAN network and protocols such as DeviceNet, CANOpen etc. Our Automotive experience enabled us develop Telematic units and In-vehicle Infotainment systems, Instrument clusters with CAN interfaces.