[][src]Crate gbl

Method and apparatus for creating, parsing and manipulating GBL firmware update files.

GBL files are used to implement Over-the-Air (OTA) updates for some microcontrollers. GBL is a container format wrapping the actual flash image. GBL container files can optionally be encrypted and signed.

Existing GBL files can be loaded using Gbl::from_bytes, an application image can be packed into a GBL file using Gbl::from_app_image.

In addition to that, the crate also contains utilities for reading and signing raw application images created by the firmware build process, which can be used to enable secure boot. Refer to the AppImage type and the below example for details.

Examples

Demonstrates signing an app image for secure boot, then building, signing and encrypting a GBL file containing it:

let image_bytes = include_bytes!("../test-data/empty/empty.bin");
let signing_key = P256KeyPair::from_pem(include_str!("../test-data/signing-key"))?;
let encrypt_key = include_str!("../test-data/aes-key-tokens");

let image = AppImage::parse(image_bytes.as_ref())?;
let signed_image = image.sign(&signing_key)?;

let gbl = Gbl::from_app_image(signed_image);
// Use `gbl.push_data_section` here to add more data to the container
let encrypted = gbl.encrypt(AesKey::from_token_file(encrypt_key)?);
let signed = encrypted.sign(&signing_key)?;

Attempting many kinds of invalid operations (here, encrypting a GBL after signing it), will fail to compile due to invalid typestate:

This example deliberately fails to compile
let gbl = Gbl::from_app_image(image);
let signed = gbl.sign(signing_key)?;
let encrypted = signed.encrypt(aes_key);
error[E0599]: no method named `encrypt` found for type `gbl::Gbl<gbl::marker::NotEncrypted<'_>, gbl::marker::Signed<'_>>` in the current scope
  --> src/lib.rs:57:24
   |
17 | let encrypted = signed.encrypt(aes_key);
   |                        ^^^^^^^

The correct order of operations would be to encrypt before signing the GBL, which compiles fine:

let gbl = Gbl::from_app_image(image);
let encrypted = gbl.encrypt(aes_key);
let signed = encrypted.sign(signing_key)?;

Re-exports

pub extern crate uuid;

Modules

marker

Contains marker types used to implement type state for encrypted and signed GBLs.

Structs

AesKey

A symmetric AES-128 encryption/decryption key.

AppImage

A flash image containing application data.

AppInfo

An application info structure.

Error

The error type used by this library.

Gbl

In-memory representation of a GBL file.

P256KeyPair

An elliptic curve key pair (on P-256 / secp256r1 / prime256v1).

P256PublicKey

A public P-256 key (aka secp256r1 / prime256v1).

ProgramData

A chunk of program data to be programmed to a specified flash address.

Enums

ErrorKind

The different kinds of errors that can occur.