Best Approach to Access an Array from MCUboot Space into Zephyr Application via Linker Symbol

[PragatiGarg-eaton]

Hello Zephyr Community,

I am currently working on a project where I need to access a certificate (an array) from the MCUboot space within my Zephyr application. I have implemented the following steps so far:

Implementation Steps:

New Memory Section Definition: Introduced a new memory section in the main linker file to reserve a specific memory space for the certificate.
Ex:

Memory Allocation: Allocated the certificate to the newly defined memory region (CERT) using the linker script. The section ensures proper alignment and defines start (_cert_start) and end (_cert_end) symbols for the certificate.
Ex:

Integration with Build System: Conditionally included the certificate.ld file in the build process via the CMakeLists.txt file when the CONFIG_CERT configurations are enabled.

Verification: Verified the certificate's memory address in both the MCUboot and application map files, confirming that it resides at the expected memory location.

Access in Application: Successfully accessed the certificate in the application space using the _cert_start and _cert_end symbols, ensuring proper integration and functionality.

Discussion Points:

While this approach has worked for me, I am looking for feedback and suggestions on the best practices for accessing arrays from MCUboot space into Zephyr applications. Specifically, I am interested in:

Alternative Methods:

1. Other method could be defining a reserved memory region in the device tree overlay file and access it in the custom linker file via label. But this is leading to the duplicate allocations of sections. Am I doing something wrong here?

Ex:

2. Are there other methods or techniques that might be more efficient or reliable for accessing data from MCUboot space?
3. Security Considerations: What security implications should I be aware of when accessing data from MCUboot space? How can I ensure the integrity and confidentiality of the data?
4. Performance Optimization: Are there any performance optimization tips for accessing data from MCUboot space? How can I minimize latency and maximize throughput?
5. Error Handling: What are the best practices for error handling when accessing data from MCUboot space? How can I ensure robust and fault-tolerant access?

I appreciate any insights or experiences you can share on this topic. Thank you!

cc: @nashif @d3zd3z @erwango @jukkar @kartben

[erwango]

@de-nordic, @nordicjm

[nordicjm]

For a secure system, hardware should be used to make the bootloader unreadable, and if not that, at least unwriteable and uneraseable. Reading a certificate from the bootloader is frankly a bad idea. If you really wanted to do that, you should use bindesc https://docs.zephyrproject.org/latest/services/binary_descriptors/index.html instead so that applications images can parse it from the bootloader image instead of the things here. The proper solution would be to have a static partition defined somewhere outside of all application space which holds the certificate instead, ideally this should be in a secure enclave system which protects the certificate itself and only allows it to be used without revealing the certificate itself