Method and apparatus for creating, parsing and manipulating GBL firmware update files.
GBL files are used to implement Over-the-Air (OTA) updates for some microcontrollers. GBL is a container format wrapping the actual flash image. GBL container files can optionally be encrypted and signed.
In addition to that, the crate also contains utilities for reading and
signing raw application images created by the firmware build process, which
can be used to enable secure boot. Refer to the
AppImage type and the
below example for details.
Demonstrates signing an app image for secure boot, then building, signing and encrypting a GBL file containing it:
let image_bytes = include_bytes!("../test-data/empty/empty.bin"); let signing_key = P256KeyPair::from_pem(include_str!("../test-data/signing-key"))?; let encrypt_key = include_str!("../test-data/aes-key-tokens"); let image = AppImage::parse(image_bytes.as_ref())?; let signed_image = image.sign(&signing_key)?; let gbl = Gbl::from_app_image(signed_image); // Use `gbl.push_data_section` here to add more data to the container let encrypted = gbl.encrypt(AesKey::from_token_file(encrypt_key)?); let signed = encrypted.sign(&signing_key)?;
Attempting many kinds of invalid operations (here, encrypting a GBL after signing it), will fail to compile due to invalid typestate:
let gbl = Gbl::from_app_image(image); let signed = gbl.sign(signing_key)?; let encrypted = signed.encrypt(aes_key);
error[E0599]: no method named `encrypt` found for type `gbl::Gbl<gbl::marker::NotEncrypted<'_>, gbl::marker::Signed<'_>>` in the current scope --> src/lib.rs:57:24 | 17 | let encrypted = signed.encrypt(aes_key); | ^^^^^^^
The correct order of operations would be to encrypt before signing the GBL, which compiles fine:
let gbl = Gbl::from_app_image(image); let encrypted = gbl.encrypt(aes_key); let signed = encrypted.sign(signing_key)?;
Contains marker types used to implement type state for encrypted and signed GBLs.
A symmetric AES-128 encryption/decryption key.
A flash image containing application data.
An application info structure.
The error type used by this library.
In-memory representation of a GBL file.
An elliptic curve key pair (on P-256 / secp256r1 / prime256v1).
A public P-256 key (aka secp256r1 / prime256v1).
A chunk of program data to be programmed to a specified flash address.
The different kinds of errors that can occur.