Autoplay
Autocomplete
Previous Lesson
Complete and Continue
Secure Boot From Ground Up™
Introduction
Welcome(Same as Promo) (2:13)
Course Requirements
Orientation and Outcomes
Why this Course Exists (1:44)
What You Will Be Able to Design, Implement and Ship (1:34)
What this Course is NOT and Some Prerequisites (2:48)
Why Secure Boot Exists
The Real-World Problem: Who Can Run Code on Your Device? (1:52)
Attack Surfaces that Change the Code on a Device (2:02)
Authenticity, Integrity and Confidentiality in Practise (3:00)
Secure Boot as a Control System (2:45)
Business Impact: IP Protection, Device Cloning Warranty, Fraud Safety and Liability (1:15)
Security vs. Usability: Why Production Constraints Shape the Architecture (1:20)
From Bootloaders to Secure Boot
Jump-to-Application Mechanics Refresher (1:11)
Verification and Secure Boot Decision Outcomes (1:24)
Root of Trust in Software-Rooted Systems (2:57)
Chain of Trust: The Staged Verification Model (2:02)
Key Misconceptions About Secure Boot (2:45)
Threat Models and Engineering Decisions
Overview of Attacker Classes You Must Consider (1:29)
The Attackers: Physical, Remote, Supply Chain and Insider (2:44)
Threat Model for Typical STM32F4 F7 L4 Class MCUs (1:37)
Mapping Capabilities to Controls (1:06)
Security Properties We Can Guarantee with SBSFU-Style Designs (1:42)
Why Deterministic Failure Behavior Matters (1:25)
The Key Problem With Encryption On Constrained Devices (1:30)
Decision Framework for Sign-Only vs. Sign Plus Encrypt (2:31)
SBSFU Architecture Overview
The Three Main Components of SBSFU (1:32)
The Responsibilities of Secure Boot, Secure Engine and User Application (2:03)
Trust Boundaries and Responsibilities (2:39)
The Image Concept: Header, Metadata, Payload and Policies (1:56)
Why Signing is Important (2:12)
The Three Paths: Accept, Reject and Recover (1:12)
The Update Lifecycle: Download, Validate, Install and Confirm (1:40)
Setting Up
Downloading CubeIDE (2:34)
Installing CubeIDE (2:38)
Getting the required documentation (7:41)
Getting the required package for bare-metal development (21:19)
Testing the project setup (15:54)
Flash Write Protection and Boot Immutability (hardware-enforced)
Programming: Updating the Workspace (3:56)
Programming: Analyzing the Low-Level Flash Driver (10:35)
Programming: Analyzing the Low-Level Flash Protection Driver (9:43)
Programming: Testing the Flash Read/Write and Protection Mechanism (28:19)
Integrating the STM32 Cryptographic Library
Programming: Cleaning Up the Workspace (4:45)
Programming: Integrating the STM32 Crytographic Library into Project (8:35)
Firmware Integrity using SHA-256 Hashes
Programming: Creating the Hash Integrity Module Files (2:51)
Programming: Sector Size Declaration and Linker Symbols for Locating Flash Image (6:18)
Programming: Getting the Firmware Image End and Next Sector Boundary (5:11)
Programming: Computing the Padded Firmware Size (3:23)
Programming: Computing the Absolute Flash Address for the Hash (2:37)
Programming: Computing the SHA256 Digest (6:41)
Programming: The Firmware Hash Verify Function(Pt.1) (7:12)
Programming: The Firmware Hash Verify Function(Pt.2) (4:04)
Developing the Host-Side SHA-256 Image Generator
Programming: Overview of the Host-Side SHA-256 Image Generator (4:44)
Programming: Declaring the Sector Sizes and Getting Sector Boundary (5:34)
Programming: Creating the Paths and File Names (6:13)
Programming: Computing the Required Padding and Appending it to the Firmware (4:23)
Programming: Creating the Hasher and Hashing the Firmware Binary (4:10)
Programming: Reporting the Relevant Information from the Hashing Process (2:26)
Programming: Testing the System by Flashing and Verifying the Firmware Image (9:47)
Programming: Running the Test and Analyzing Results (8:33)
Firmware Authenticity Using ECDSA Signatures
Programming: Creating the Module Files for Signature Verification (2:27)
Programming: Overview of the Signature Generation and Integration Process (10:55)
Programming: Implementing the Sign-Check Header File (1:11)
Programming: Creating the Public Key Header File (8:02)
Programming: Defining the NIST P-256 Curve Parameters (3:40)
Programming: Declaring Computation Contexts and Components (4:42)
Programming: Initializing the Elliptic Curve with the Curve Parameters (2:31)
Programming: Implementing the Signature Verification Steps (8:48)
Programming: Computing the Addresses and Sizes of the Final Image Content (4:41)
Programming: Verifying the Stored Public Key and Calling the Signature-Verify Function (4:45)
Developing the Host-Side ECC Public Key Generator
Programming: Testing OpenSSL by Generating a Private Key (2:29)
Programming: Writing the Script for Generating Private Keys with OpenSSL (9:31)
Programming: Overview of ECC Public Key Generator Host-Side Script (3:01)
Programming: Sanitizing Macros and Finding OpenSSL Programmatically (4:05)
Programming: Function for Running OpenSSL and Capturing the Output (2:42)
Programming: Extracting the Public Key Bytes(Pt.1) (3:31)
Programming: Extracting the Public Key Bytes(Pt.2) (3:22)
Other Resources: Developing Required Generic Drivers
Important information about this section
Programming : Enabling the Floating Point Unit (FPU) (18:00)
Programming : Developing a UART Driver - Analyzing the Documentation (11:35)
Programming : Developing a UART Driver - Listing out the steps (4:00)
Programming : Developing a UART Driver - Implementing the Init. function (22:13)
Programming : Developing a UART Driver - Implementing the Write function (5:39)
Programming : Developing a UART Driver - Testing the Driver (6:39)
Programming : Developing the System Timebase - Analyzing the Documentation (8:28)
Programming : Developing the System Timebase - Implementing the Init. function (9:52)
Programming : Developing the System Timebase - The rest of the functions (12:15)
Programming : Developing the System Timebase - Testing the Timebase (5:34)
Programming : BSP : Listing the out the Required Functions (7:55)
Programming : Writing the LED Driver (5:01)
Programming : Writing the PushButton Driver (4:00)
Programming : Testing the Board Support Package (3:35)
Programming : Analyzing the Documentation (5:21)
Programming : Listing out the steps for developing the ADC Driver (5:27)
Programming : Writing the ADC Initialization function (13:21)
Programming : Writing the ADC Read function (14:05)
Other Resources: Flash Memory Protection with Option Bytes
Overview of the Flash Memory Option Bytes (3:50)
Understanding the Read Protection (RDP) Option Bytes (16:37)
Programming : Experimenting with the Flash Memory Storage Driver (10:16)
Programming : Implementing the Flash Protection Interface file (6:45)
Programming : Analyzing the Relevant Registers (19:40)
Programming : Deriving the Addresses of the Option Bytes (6:01)
Programming : Getting the Current Option Bytes Settings (8:54)
Programming : Locking and Unlocking the Option Bytes (4:40)
Programming : Implementing the Sect WRP Mask Enumerator (6:14)
Programming : Implementing the Write Protection function (14:11)
Programming : Disabling Write Protection for all Sectors (2:03)
Programming : Implementing the set RDP Level functions (2:20)
Programming : Returning the Current Option Bytes Settings (7:09)
Programming : Testing the Flash Protection Driver (16:13)
Programming : Further Testing and Troubleshooting (18:45)
Programming: Cleaning Up the Workspace
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock