nRF52-secure-firmware is an entry point for Nordic development nRF52 BLE platforms and a part of a larger project for best practice recommended for BLE security.
It focuses on maintaining different security parts of the nrf52 BLE firmware to foster good practice and awareness of security weaknesses and point to components that needfurther hardening.
All developments have been conducted on an nRF52 Nordic development kit platform:
- The currently supported Nordic board is: nRF52840
- The currently supported hardware chip: PCA10056 ARM Cortex-M4F CPU
- The currently supported SDK version is: 14.2.0
- The currently supported Softdevice version is: s140_5.0.0
The project may need modifications to work with other versions or other boards.
This current version of the firmware supports the following features :
- Support both LE Secure Connections and LE Legacy paring modes.
- Support micro-ecc and cc310 cryptographic library backends.
- Implementing Numeric Comparaison and Passkey association model.
- Changing MAC Address vendor with specific or random bytes generator.
- Protecting read & write characteristics.
- AES-128-ECB&CBC encryption and decryption of BLE data communication.
- Real-time counter to measure elapsed time between tasks.
- implement hash functions.
- Securing secure Device Firware Update (DFU) mode.
- encryption layer for DFU mode.
Installing Plug-in :
-
GNU toolchain for ARM: (gcc-arm-none-eabi-7-2017-q4-major) : run the script "arm-gcc-install.sh" in "tools/arm-gcc/"
-
JLink (for debugging in eclipse) : LINK BELOW
https://www.segger.com/downloads/jlink/#J-LinkSoftwareAndDocumentationPack
-
nrfjprog : LINK BELOW
http://www.nordicsemi.com/eng/Products/Bluetooth-low-energy/nRF52832
in Download tab selectnRF5x-Command-Line-Tools-XXX
depends on your OS.
Help > Eclipse Marketplace.
Search ARM
and select GNU MCU Eclipse
from the results. The required packages to install are:
GNU MCU C/C++ ARM Cross Compiler
GNU MCU C/C++ J-Link Debugging
GNU MCU C/C++ Packs
First we run the script nordic_setup_sdk.sh
for downloading the SDK. The script is located in the main repository: (by default the SDK will be located in ./libs/
)
In eclipse :
File > New Project > Makefile Project with Existing code
Fill the Project Name with the name of your choose.
For the Exiting Code Location browse into ./nrf52-secure-firmware/
.
For Toolchain choose ARM cross GCC
Now, we should see in Project Explorer the new project containing the Makefile, the linker file, the main file located in "source/", libs folder.
Configuration of eclipse:
Go to menu window > preferences > MCU > Global ARM toolchain Path > set the arm tool chain folder.
Go to menu window > preferences > MCU > Global SEGGER J-Link Path > set Executable to JLinkGDBServer ; set Folder "/usr/local/bin"
In project properties window : Configure default C/C++ build command to make VERBOSE=1
.
One step left to build project successfully :
To use the SDK we first need to set the toolchain path in makefile.windows
or makefile.posix
depending on platform you are using. That is, the .posix should be edited if your are working on either Linux or OS X. These files are located in ./libs/nRF5_SDK/nRF5_SDK_14.2.0_17b948a/components/toolchain/gcc/
Change makefile.posix
into :
GNU_INSTALL_ROOT := «PATH to gcc-arm-none-eabi-4_9-2015q3 bins»
GNU_VERSION := «Version of gcc-arm-eabi»
GNU_PREFIX := arm-none-eabi
For example in my case:
GNU_INSTALL_ROOT := /Users/ridaidil/Desktop/Stage-RTONE/nrf_dev/gcc-arm-none-eabi-7-2017-q4-major/bin/
GNU_VERSION := 7.2.1
GNU_PREFIX := arm-none-eabi
After that we run the script build_all.sh
located in ./libs/nRF5_SDK/nRF5_SDK_14.2.0_17b948a/external/micro-ecc/
to obtain the library Micro_ecc_lib_nrf52.a
which used by the secure bootloader.
PS: in order to run the script build_all.sh
without problems, run this command line
$ sed -i 's/\r//g' build_all.sh
The Project now is ready to be built.
Right click in project menu > Build target > Create.
Fill Target name
with flash
Make sure to add the PATH of nrfjprog
program into PATH system variables
In project properties window > build
Right click in project menu > Debug As > Debug Configuration.
Make sure to choose GDB SEGGER J-Link Debugging
debugger type.
Fill in the blanks with same values in the picture below.
You are welcome to contribute and suggest any improvements. If you want to point to an issue, Please file an issue.
If you have questions or need further guidance on using the tool, Please file an issue.
Fork the repository, file a pull request and You are good to go ;)
This project is licensed under The MIT License terms.
Copyright (c) 2019 Rtone IoT Security