1.4 Secure MCC Melody MDFU Client Library – ECDSA Verification Operation Example

This document explains how the Secure MDFU Client authenticates and verifies the incoming application image from the MDFU Host.

The Secure MDFU Client uses the Crypto Authentication Library (CAL) APIs to perform verification on the application either by using the public key stored in bootloader Flash or in a valid key slot of a provisioned secure element. The bootloader verify logic authenticates the image by reading a footer (metadata) from memory, calculating a SHA-256 hash over the specified verification region, and then verifying a digital signature using the secure element and the public key.

Figure 1-14. ECDSA Verification
Step-by-Step Breakdown:
  • Initialization
    1. The result of the operation bl_result_t is set to FAILED by default.
    2. The result of the footer read operation bl_mem_result_t is set to FAILED by default.
    3. The application footer structure bl_footer_data_t to hold the footer data is declared.
    4. A 32-byte sha256Result array for holding the calculated SHA-256 is declared.
    5. The ATCA_STATUS Status flag and isVerified flags which are used for signature verification are declared and initialized to false.
  • Read Application Footer: The BL_ApplicationFooterRead(&applicationFooter) is called to read the footer data from memory. If the read is successful, the verification operation proceeds; otherwise, it sets result to BL_FAIL and returns.
  • Check Footer Validity: Checks if the verificationStartAddress or verificationEndAddress in the footer are not empty. If either of them is empty, the result is set to BL_ERROR_INVALID_ARGUMENTS.
  • Calculate SHA-256 Hash: Calls SHA256(applicationFooter.verificationStartAddress, applicationFooter.verificationEndAddress, sha256Result) to compute the hash of the image region
  • Verify Signature: If the secure element is provisioned with the public key is, the atcab_verify_stored CAL API is called to verify the signature using the key stored in a secure element. Otherwise, the atcab_verify_extern CAL API is called to verify the signature using the public key stored in bootloader Flash. Both functions set isVerified flag to TRUE if the signature is valid.
  • Set Result Based on Verification: If signature verification is successful, the ATCA_STATUS status is set to ATCA_SUCCESS and isVerified is TRUE, which sets the bootloader verification result bl_result_t to BL_PASS. Otherwise, the bootloader verification operation result bl_result_t is set to BL_ERROR_VERIFICATION_FAIL.
  • Return Result: Returns the final result indicating pass, fail or error
Return Values:
  • BL_PASS: Image verification succeeded
  • BL_ERROR_VERIFICATION_FAIL: Verification failed (default/fallback)
  • BL_ERROR_INVALID_ARGUMENTS: Footer addresses are invalid
  • BL_FAIL: Footer could not be read

Summary Table:

Table 1-1. Verification Steps Summary
StepAction
Read footerBL_ApplicationFooterRead
Check addressesEnsure start or end addresses are valid
Calculate hashSHA256 over specified region
Verify signatureUse secure element or external public key
Return resultPass, fail or error based on verification outcome