We have built signed ArduPilot firmware with the use of custom keypair for the OrangeCube.
We are able to build, upload the firmware to OrangeCube and secure for avoiding any unauthorised firmware upgrade. Basically it is for tamper proofing the firmware.
On top of the secure firmware, we would like to lock some of the parameters those shouldn’t be modified at later stage.
I have gone through the APJ Tools option, but it doesn’t seem to be working as expected.
Found that the parameters are loaded to SecureFirmwareFile.apj by using “python apj_tool.py --show SecureFirmwareFile.apj”
Upgraded the firmware of OranceCube using “MissionPlanner” → Load Custom Firmware.
Result observed->
The Cube is unable to boot-up, it is getting stuck at bootloader showing “OrangeCube-Secure-BL”
If we upgrade the secure firmware (without updating the default parameter settings) to the Cube, the Cube is booting-up fine.
Expected behavior →
We expect the Cube to boot up nornally with the secure firmware + paramters as per the set param-defaults.parm. All the @READONLY parameters shouldn’t be allowed to be modified from MissionPlanner.
Could anyone which has done this help me with the details of what we are missing here ?
Hey there I hope you don’t mind me asking a question here. I’m also building my tamper-proof software, I keep running into this error when building my firmware.
→ task in ‘objs/AP_GPS’ failed (exit status 1):
{task 140331614375824: cxx AP_GPS_NMEA.cpp → AP_GPS_NMEA.cpp.0.o}
Hi,
I remember running into similar issue.
It was resolved by changing the “strncpy” to “memcpy” in the “/libraries/AP_GPS/AP_GPS_NMEA.cpp”.
Let me know if you need any further info.
I would welcome if you have any thoughts/suggestions on my original post as well, since you are also trying to achieve the same outcome.
Hi GNB,
I have not reached that part of the process yet, although I eventually plan on making most of the params read-only. I will make sure to get back to you when I do that. One question though, I have now successfully built secure firmware and the bootloader. I could not find clear documentation on the next part of the process though. If I upload through the ‘custom firmware’ option on Mission Planner, is that all I have to do? Once the secure firmware is installed, how do I check and if I try uploading other firmware will it outright reject it or just stay stuck in the booting up process?
Hello @gbharath and @Aryan_Ghadge, like you, I am also trying to develop a secure firmware and bootloader for my Cubeorange Copter. At present, I am using openssl rsa public/private keys (.pem) files to add a layer of security, but I’m unsure how to proceed. Would it be possible for you to provide some assistance or guidance by sharing your experience or instructions? Thank you.
@gbharath
Can you share secured firmware building steps , because i am getting below error.
libraries/AP_HAL_ChibiOS/Util.cpp:288:10: error: ‘AP_CheckFirmware’ has not been declared
288 | if (!AP_CheckFirmware::check_signed_bootloader(fw, fw_size)) {
| ^~~~~~~~~~~~~~~~
compilation terminated due to -Wfatal-errors.
I tried many times to clean-build but still getting same.
I believe by this time you might have resolved the issue you were facing.
We are facing issue with making the parameter readonly. Can you suggest any way for it.
@Casca_Developer
You have to change code to set parameters readonly, read code and search parameter you want to set readonly then use AP_GROUPINFO_FLAGS() group and AP_PARAM_FLAG_INTERNAL_USE_ONLY flag to set parameter in readonly mode.
for eg.
Were you able to find a solution? Looks like I am stuck at the same place. After creating a signed firmware, use the APJ tool to embed default params and then again sign the same .apj file the bootloader does not let this new firmware run on the autopilot.
