Skip to content

Portenta H7 tutorial: Secure Boot [PC-894] #129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
May 5, 2022
Merged

Portenta H7 tutorial: Secure Boot [PC-894] #129

merged 14 commits into from
May 5, 2022

Conversation

umbynos
Copy link
Contributor

@umbynos umbynos commented Mar 31, 2022
edited
Loading

What This PR Changes

  • Add an "how to" guide about secure boot for the Portenta H7. With a focus on how to generate custom security keys.

What Needs To Be Reviewed

How To Give Feedback

Please leave your feedback as a Github review.
You can add comments to specific lines of content / code and ideally use Github's suggestion feature. 🙏

ubidefeo
ubidefeo requested changes Mar 31, 2022
View reviewed changes
ubidefeo
ubidefeo approved these changes Mar 31, 2022
View reviewed changes
Copy link
Contributor

@ubidefeo ubidefeo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jhansson-ard jhansson-ard requested a review from karlsoderby April 4, 2022 10:27
@jhansson-ard jhansson-ard added community Bugs and fixes suggested by the community how-to article New How To article labels Apr 4, 2022
@jhansson-ard
Copy link
Contributor

@pennam you need to change your review to an approve one for us to move forward with the approval of the article.

@karlsoderby please review from a content perspective! Thanks!

@umbynos umbynos requested a review from pennam April 4, 2022 13:16
@marqdevx marqdevx self-requested a review April 5, 2022 14:21
@marqdevx marqdevx added arduino Bugs and fixes added by the Arduino Team new Tutorial and removed community Bugs and fixes suggested by the community how-to article New How To article labels Apr 5, 2022
marqdevx
marqdevx requested changes Apr 5, 2022
View reviewed changes
Copy link
Member

@marqdevx marqdevx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Content LGTM, just fixed some typos or formatting issues.
Thank you!

I will add some screenshot to show the new selector on the dropdown for using the keys.

@marqdevx marqdevx self-assigned this Apr 5, 2022
@marqdevx marqdevx changed the title add secure boot for portenta H7 Portenta H7 tutorial: Secure Boot [PC-894] Apr 5, 2022
@umbynos @marqdevx
Apply suggestions from code review
c0da15d 
Co-authored-by: Pablo Marquínez Ferrándiz <pablomarqfer@gmail.com>
@marqdevx
Copy link
Member

marqdevx commented Apr 5, 2022

@umbynos Is it compatible with the lite and lite-connected? (i guess it isnt as they dont have the crypto chip, if im not wrong 🤔)

@marqdevx
Copy link
Member

marqdevx commented Apr 5, 2022

Also this link is dead right now
https://arduino.github.io/arduino-cli/latest/guides/secure-boot/

@umbynos
Copy link
Contributor Author

umbynos commented Apr 5, 2022

Also this link is dead right now
https://arduino.github.io/arduino-cli/latest/guides/secure-boot/

You are right, the link will be working when the new release of the arduino-cli that include the secure boot will be made. As of now, you can find the content of the link here https://arduino.github.io/arduino-cli/dev/guides/secure-boot/, but it's not recommended to point to the development version of the page.

@pennam
Copy link
Contributor

pennam commented Apr 5, 2022

@marqdevx yes, they will be supported because by default MCUboot does not rely on any hw crypto. There is the possibility to implement signature verification and encryption key unwrapping using a crypto but this is not done yet, all the crypto magic is done by software with mbedtls.

@marqdevx
Copy link
Member

marqdevx commented Apr 6, 2022

Perfect! Thanks for the aclaration.

Just made this tutorial available on lite and lite-connected aswell at 49c15cf

For the link should we wait to have the published one before merging this tutorial? If you want to merge it now, we just need to hide it until the link works :)

@marqdevx marqdevx self-requested a review April 6, 2022 09:47
sebromero
sebromero requested changes Apr 6, 2022
View reviewed changes
Copy link
Contributor

@sebromero sebromero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good stuff @umbynos ! Please have a look at my suggestions and questions.
Also, I think it would be very beneficial to add a paragraph in the Introduction section explaining the use case for secure boot. Why would anyone want to use it? Intellectual property protection? Tamper proof? ...

@umbynos @sebromero
Apply suggestions from code review
af3d86d 
Co-authored-by: Sebastian Romero <s.romero.zh@gmail.com>
@umbynos umbynos mentioned this pull request Apr 11, 2022
Closed
5 tasks
@marqdevx
Copy link
Member

@umbynos Let me know if you need anything to continue with this merge :D

@umbynos umbynos requested a review from sebromero April 13, 2022 13:46
@umbynos
Copy link
Contributor Author

umbynos commented Apr 13, 2022
edited
Loading

@umbynos Let me know if you need anything to continue with this merge :D

@marqdevx I think with a final review by @sebromero we are good to go.
As you suggested regarding the link, maybe we should wait to have the published one before merging this

@sebromero @pennam
Swap keys
559cb89 
Co-authored-by: Mattia Pennasilico <m.pennasilico@arduino.cc>
sebromero
sebromero requested changes May 3, 2022
View reviewed changes
Copy link
Contributor

@sebromero sebromero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's change this and we're good to go.

sebromero
sebromero approved these changes May 3, 2022
View reviewed changes
Copy link
Contributor

@sebromero sebromero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sebromero sebromero requested a review from pennam May 3, 2022 12:51
@sebromero
Copy link
Contributor

@pennam Please have a final look. If you're good with it, we can merge it.

@marqdevx marqdevx added the pro label May 4, 2022
pennam
pennam approved these changes May 5, 2022
View reviewed changes
Copy link
Contributor

@pennam pennam left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@umbynos @sebromero 👍

@sebromero sebromero merged commit 3fdb6e2 into arduino:main May 5, 2022
@umbynos umbynos deleted the umbynos/secure-boot branch May 5, 2022 13:17
Serjlee pushed a commit that referenced this pull request May 10, 2022
@aliphys
Merge pull request #129 from arduino/aliphys/removeJ19USBMaxCarrier
f1dab5d 
[TC-257] Remove mention of J19 in DS and assets for Max Carrier
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ubidefeo ubidefeo ubidefeo approved these changes

@per1234 per1234 per1234 left review comments

@sebromero sebromero sebromero approved these changes

@marqdevx marqdevx marqdevx approved these changes

@pennam pennam pennam approved these changes

@karlsoderby karlsoderby Awaiting requested review from karlsoderby

Assignees

@marqdevx marqdevx

Labels
arduino Bugs and fixes added by the Arduino Team new pro Tutorial
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@umbynos @jhansson-ard @marqdevx @pennam @sebromero @ubidefeo @per1234