Home
Softono
rustBoot

rustBoot

Open source MIT Rust
GitHub
294
Stars
29
Forks
13
Issues
9
Watchers
1 year
Last Commit
Firmware & RTOS Security

About rustBoot

rustBoot is a standalone bootloader written entirely in Rust, designed to run on microcontrollers, systems on chip, and similar embedded targets. It can boot into bare-metal firmware or Linux. rustBoot is operating system and micro-architecture agnostic, aiming to provide a highly portable, standards-compatible secure bootloader that integrates easily into embedded software projects. Its core differentiator is security, achieved through Rust's memory safety guarantees, safe parsers, and compile-time state-transition checks. Key features include support for ARM Cortex-M and Cortex-A architectures, multi-slot flash partitioning for firmware updates, Aarch64 Linux booting, elliptic curve cryptography for firmware integrity and authenticity verification using RustCrypto crates, a small hardware abstraction layer for flash access, anti-rollback protection via version numbering, power-interruptible firmware updates with fallback availability, and a Rust-based signing utility for bare-metal firmware and fit-images.

Platforms

Web Self-hosted Linux

Languages

Rust

Links

Source Code
n
Published by
nihalpasham
Visit View Profile

README.md

View on GitHub

GitHub ci chat

rustBoot

rustBoot is a standalone bootloader, written entirely in Rust, designed to run on anything from a microcontroller to a system on chip. It can be used to boot into bare-metal firmware or Linux.

rustBoot

Why rustBoot?

rustBoot aims to offer an OS and micro-architecture agnostic (i.e. highly portable) secure bootloader which is standards-compatible and easy to integrate into existing embedded software projects.

What is rustBoot

Features currently supported:

  • [x] support for ARM Cortex-M, Cortex-A micro-architectures
  • [x] support for multi-slot partitioning of microcontroller flash memory. This allows us to implement the boot/update approach for bare-metal firmware updates.
  • [x] support for Aarch64 linux booting
  • [x] elliptic curve cryptography for integrity and authenticity verification using RustCrypto crates
  • [x] a tiny hardware abstraction layer for non-volatile memory (i.e. flash) access.
  • [x] anti-rollback protection via version numbering.
  • [x] a fully memory safe core-bootloader implementation with safe parsers and firmware-update logic.
  • [x] power-interruptible firmware updates along with the assurance of fall-back availability.
  • [x] a signing utility to sign bare-metal firmware and fit-image(s), written in pure rust.

Features planned:

  • [ ] support for external flash devices (ex: SPI flash) and serial/console logging interfaces.
  • [ ] support for ARM TrustZone-M and A and certified secure hardware elements - microchip ATECC608a, NXP SE050, STSAFE-100
  • [ ] support for secure, distributed and efficient firmware transport over ipfs.

Documentation:

You can read the book for free online..

Note: rustBoot and the book are still in development (i.e. a work in progress).

Acknowledgment:

rustBoot exists as we could not find a suitable (open-source) option that meets our security goals. It is the result of an exhaustive evaluation of 'pretty much' the entire embedded-bootloader landscape.

Having said that, it does take inspiration from similar projects (such as u-boot, zephyr, mcuboot, coreboot, wolfBoot etc). However, the key differentiator is security-above-all-else. To that extent, its built entirely in rust, takes full advantage of rust's memory safety guarantees while leveraging safer parsing libraries, compile-time state-transition checks coupled with (safe) community sourced rust-crates (such as boards, HALs drivers etc.)

Support:

For questions, issues, feature requests, and other changes, please file an issue in the github project.

License:

rustBoot is licensed under

Contributing:

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you, as defined in the MIT license, shall be licensed as above, without any additional terms or conditions.