Posts Tagged ‘EmbeddedSystems’
[DefCon32] Nano Enigma: Uncovering the Secrets in eFuse Memories
Michal Grygarek and Martin Petr, embedded systems security experts at Accenture in Prague, reveal the vulnerabilities of eFuse-based memories used to store sensitive data like encryption keys. Their presentation explores the process of extracting confidential information from these chips using accessible tools, challenging the assumption that eFuse memories are inherently secure. Michal and Martin’s work underscores the need for enhanced protection mechanisms in embedded systems.
Decoding eFuse Vulnerabilities
Martin opens by explaining the role of eFuse memories in securing encryption keys and debugging interfaces. Traditionally considered robust, these memories are susceptible to physical attacks due to their readable properties. Martin details their journey, starting with chip decapsulation using household items like a wet stone, demonstrating that determined attackers can bypass protections without advanced equipment.
Reverse-Engineering Techniques
Michal delves into their methodology, which involved delayering chips to access eFuse data. Using a Scanning Electron Microscope (SEM) rented from a local university, they read encryption keys, breaking the confidentiality of encrypted flash memory. Their approach, supported by Accenture, highlights the ease of extracting sensitive data, as the physical destruction of the chip was not a barrier to recovering firmware.
Implications for Embedded Security
The duo emphasizes the broader implications, noting that eFuse vulnerabilities threaten devices relying on these memories for security. Martin addresses the misconception that delayering is prohibitively complex, showing that basic tools and minimal resources suffice. Their findings, including a giveaway of decapsulated ESP32 chips, encourage hands-on experimentation to understand these risks.
Strengthening Protection Mechanisms
Concluding, Michal advocates for advanced obfuscation techniques and alternative storage solutions to secure sensitive data. Their work, presented at DEF CON 32, calls for vendors to reassess eFuse reliance and implement robust safeguards. By sharing their techniques, Michal and Martin inspire the cybersecurity community to address these overlooked vulnerabilities in embedded systems.
Links:
[OxidizeConf2024] Leveling Up Hardware Production with Rust
Revolutionizing Hardware Manufacturing
The landscape of hardware manufacturing has long been constrained by proprietary tools provided by chip vendors, often treated as opaque systems that limit developer control. Ryan Summers from Forged.dev delivered an engaging presentation at OxidizeConf2024, showcasing how Rust and the Probe.rs library are transforming hardware production processes. With a background in safety-critical embedded systems, including medical devices like neurostimulators, Ryan illustrated how Rust’s modern tooling empowers developers to achieve precise control over device programming, moving beyond the limitations of traditional black-box solutions.
Ryan’s talk focused on the production process for a hypothetical Bluetooth-enabled pacemaker, highlighting the need for meticulous device provisioning and testing. In traditional manufacturing, tasks like assigning serial numbers, calibrating sensors, and programming firmware rely on vendor-supplied binaries with limited customization options. Probe.rs, an open-source Rust library, changes this paradigm by offering fine-grained memory control, enabling developers to tailor device configurations and integrate them into automated production workflows. This approach ensures higher quality and reliability, particularly for safety-critical applications where failures are not an option.
The Power of Probe.rs
Central to Ryan’s presentation was the Probe.rs library, which redefines how developers interact with microcontrollers during production. Unlike vendor-supplied tools that restrict operations to basic flashing and erasing, Probe.rs provides a programmatic interface for memory manipulation and direct communication with devices. Ryan demonstrated how this enables tasks like assigning unique Bluetooth addresses and storing calibration data in external memory chips, streamlining the provisioning process. The library’s flexibility allows manufacturers to integrate these tasks into automated systems, reducing errors and improving efficiency.
Moreover, Probe.rs extends beyond manufacturing to support advanced use cases like embedded testing and performance profiling. Ryan highlighted the emerging embedded-test feature, which allows unit tests to run directly on hardware, a boon for validating safety-critical systems. By leveraging Rust’s type safety and memory guarantees, Probe.rs minimizes the risk of errors during programming, ensuring that devices meet stringent quality standards. This capability is particularly valuable in medical and automotive industries, where precision is paramount.
Scaling Production with Rust
Ryan also discussed scaling hardware production with Rust, addressing both small-scale and high-volume manufacturing. For safety-critical devices, such as pacemakers, every unit must undergo rigorous testing to detect defects like cold solder joints or short circuits. Probe.rs facilitates this by enabling automated testing workflows that integrate with production lines, ensuring consistent quality. Ryan noted that while some consumer markets may prioritize speed over quality, safety-critical sectors demand the precision that Rust and Probe.rs deliver.
For large-scale production, Ryan and Probe.rs founder Noah collaborated on Forged.dev Marinas, a tool designed to manage firmware deployment, serial number assignment, and cloud-based data storage. This solution caters to manufacturers needing to comply with regulations like FDA standards, ensuring traceability and accountability. Ryan’s insights underscored Rust’s potential to unify development and production processes, offering a cohesive ecosystem that contrasts with the fragmented tools of traditional manufacturing.
Links:
[OxidizeConf2024] Exploring Slint as a Rust Alternative to QML for GUI Development
The Evolution of GUI Development
In the ever-evolving realm of graphical user interface (GUI) development, the quest for robust, safe, and efficient tools is paramount. David Vincze, a senior software engineer at Felgo, presented a compelling exploration of Slint as a Rust-based alternative to QML at OxidizeConf2024. With a background steeped in C++ and Qt, particularly in automotive instrument clusters, David shared his insights into how Slint offers a fresh perspective for developers accustomed to QML’s declarative approach within the Qt framework. His presentation illuminated the potential of Slint to address the limitations of QML, particularly its reliance on C++ and JavaScript, which can introduce runtime errors that challenge developers in safety-critical environments.
QML, a mature language with over a decade of use, has been a cornerstone for cross-platform GUI development, enabling developers to write a single codebase that runs on embedded, mobile, desktop, and web platforms. Its JSON-like syntax, coupled with reactive property bindings and JavaScript logic, simplifies prototyping and maintenance. However, David highlighted the inherent risks, such as performance bottlenecks due to JavaScript’s runtime interpretation and the dependency on the extensive Qt ecosystem, which can entail licensing costs. Slint, a newer toolkit built with Rust, emerges as a promising alternative, compiling to native code to catch errors at build time, thus enhancing reliability for embedded systems.
Comparing Slint and QML
David’s analysis centered on a practical comparison between Slint and QML, drawing from a demo weather application and home automation UI developed at Felgo. This project, available on Felgo’s GitHub as the Rusty Weather App, reimplemented a QML-based application in Slint, showcasing its multiplatform capabilities on desktop, embedded Raspberry devices, and Android. The comparison revealed striking similarities in their declarative syntax, with both languages using component-based structures to define UI elements. However, Slint’s code is notably more compact, and its components can be exported to native code, offering greater integration flexibility compared to QML’s C++-centric approach.
A key differentiator is Slint’s compilation to native code, which eliminates runtime errors common in QML’s JavaScript logic. This is particularly advantageous for embedded systems, where performance and reliability are critical. David demonstrated how Slint’s lightweight runtime and reactive property bindings mirror QML’s strengths but leverage Rust’s memory safety to prevent common programming errors. However, Slint lacks some of QML’s advanced features, such as multimedia support, 3D rendering, and automated UI testing, which are still in development. Despite these gaps, Slint’s rapid evolution, with frequent releases, signals its potential to rival QML in the future.
Challenges and Opportunities in Transitioning
Transitioning from QML to Slint presents both opportunities and challenges. David emphasized Slint’s benefits, including its integration with Rust’s ecosystem, which offers a robust package manager (Cargo) and seamless cross-compilation. The Slint VS Code extension, with its live preview feature, accelerates development by allowing real-time UI modifications without recompilation. This contrasts with QML’s reliance on tools like Qt Creator, which, while comprehensive, tie developers to the Qt ecosystem. Slint’s open-source nature and multi-language APIs (supporting Rust, C++, JavaScript, and Python) further enhance its appeal for diverse projects.
However, David acknowledged challenges, particularly in areas like internationalization, where Slint’s reliance on the Gettext library complicates translation processes compared to Qt’s well-established framework. Features like multi-window support and internal timers are also underdeveloped in Slint, posing hurdles for developers accustomed to QML’s mature ecosystem. Despite these, David advocated for Slint’s adoption in Rust-centric projects, citing its predictability and performance advantages, especially for embedded development. The community’s active development and planned UI testing support suggest that Slint’s limitations may soon be addressed, making it a compelling choice for forward-thinking developers.
Links:
[OxidizeConf2024] Writing Rust Bindings for ThreadX
Crafting Safe Interfaces for Embedded Systems
In the domain of embedded systems, where reliability and efficiency are paramount, Rust has emerged as a powerful tool for building robust software. At OxidizeConf2024, Sojan James from Acsia Technologies delivered an engaging presentation on creating Rust bindings for ThreadX, a compact real-time operating system (RTOS) tailored for microcontrollers. With nearly two decades of experience in C programming and a passion for Rust since 2018, Sojan shared his journey of developing bindings that bridge ThreadX’s C-based architecture with Rust’s safety guarantees, offering practical strategies for embedded developers.
ThreadX, known for its lightweight footprint and static memory allocation, is widely used in automotive digital cockpits and other resource-constrained environments. Sojan’s goal was to create a safe Rust API over ThreadX’s C interfaces, enabling developers to leverage Rust’s type safety and ownership model. His approach involved generating unsafe bindings, wrapping them in a safe abstraction layer, and building sample applications on an STM32 microcontroller. This process, completed primarily during a week-long Christmas project, demonstrates Rust’s potential to enhance embedded development with minimal overhead.
Strategies for Binding Development
Sojan outlined a systematic approach to developing Rust bindings for ThreadX. The first step was creating unsafe bindings to interface with ThreadX’s C API, using Rust’s foreign function interface (FFI) to call C functions directly. This required careful handling of callbacks and memory management, as ThreadX’s static allocation model aligns well with Rust’s borrow checker. Sojan emphasized the importance of reviewing the generated bindings to identify areas where Rust’s ownership semantics could expose architectural inconsistencies, though he noted ThreadX’s maturity minimized such issues.
To create a safe API, Sojan wrapped the unsafe bindings in Rust structs and enums, introducing a typed channel interface for message passing. For example, he demonstrated a queue of type Event, an enum ensuring type safety at compile time. This approach prevents common errors, such as mixing incompatible data types, enhancing reliability in safety-critical applications like automotive systems. A demo on an STM32 showcased two tasks communicating via a 64-byte queue within a 2KB block pool, highlighting the practical application of these bindings in real-world scenarios.
Future Directions and Community Engagement
While Sojan’s bindings are functional, challenges remain, particularly with ThreadX’s timer callbacks, which lack a context pointer, complicating Rust’s safe abstraction. He plans to address this by exploring alternative callback mechanisms or additional abstractions. The bindings, hosted on GitHub, are open for community contributions, reflecting Sojan’s commitment to collaborative development. At Acsia, Rust is being integrated into automotive platforms, including an R&D project, signaling its growing adoption in the industry.
Sojan’s work underscores Rust’s potential to modernize embedded development, offering memory safety without sacrificing performance. By sharing his code and inviting contributions, he fosters a community-driven approach to refining these bindings. As Rust gains traction in automotive and other embedded domains, Sojan’s strategies provide a blueprint for developers seeking to integrate modern programming paradigms with established RTOS platforms, paving the way for safer, more efficient systems.