Hi,
could someone of you tell me if it is possible to add a specific magic number to a bin file created by keil uvision?
Under "target for options" -> User-tab I added the following line to the (Run user programs after build /rebuild.
fromelf --bin ".\test.axf" --output ".\test.bin"
best regards Jens
Then you need to sign it. Compute a cryptographically strong hash based on the contents of the binary file and some secret you know about.
The loader computes the same and compares the result. Obviously, the big problem is if someone tries to extract that common secret from the boot loader.
Are you afraid that someone will buy your hardware and write own software - to use the hardware for a different task?
Or are you afraid that someone will host a fake web site and fool your customers to download fake binaries?
Or exactly why do you worry that someone have manipulated the binary? Most companies just settle for a CRC-32, Adler-32, MD5 or similar to check that the file haven't been damanged when copied.
Both points are important:
a) that a user is not able to download a wrong binary file to the processor
b) that I'm able to see if the binary file is correct or damaged.
Do you know any good freeware software generating a simple CRC-32 or MD5 message? Or is it much easier to develop my own code?
I actually attended a course of lectures on cryptography. One thing that I learned is that it is very easy to make a stupid mistake when designing a cryptographic system (which is what you are trying to do, apparently.) Digital signature is not a very complex cryptographic system, but still you need to have at least a basic understanding of it if you want to make it work properly.
Lots of free code available that computes CRC-32 or MD5.
But remember that you need to run the same code in the boot loader. MD5 might represent a too high protection level - which costs in code size and computation time.
If you want to make sure they are not able to download the wrong binary, it will be enough with a magic product ID in the file. You have to reason to care about any problems a customer may have if they patch the file and changes the product ID just to be able to get the boot loader to accept the file.
Use a 16-bit or 32-bit product ID and a CRC-32 to catch transfer errors. Combine with application version and expected size of file, so you can give good error messages.
www.barrgroup.com/.../CRC-Calculation-C-Code