Support codesigning in the firmware updater

This commit provides a method to verify that firmware has been signed with a private key given its public key. The implementation uses ed25519-dalek as the signature verifier. An "ed25519" feature is required to enable the functionality. When disabled (the default), calling the firmware updater's verify method will return a failure.

examples/boot/application/nrf/Cargo.toml

@@ -9,6 +9,7 @@ embassy-sync = { version = "0.1.0", path = "../../../../embassy-sync" }
 embassy-executor = { version = "0.1.0", path = "../../../../embassy-executor", features = ["nightly", "integrated-timers"] }
 embassy-time = { version = "0.1.0", path = "../../../../embassy-time", features = ["nightly"] }
 embassy-nrf = { version = "0.1.0", path = "../../../../embassy-nrf", features = ["time-driver-rtc1", "gpiote", "nightly"] }
+embassy-boot = { version = "0.1.0", path = "../../../../embassy-boot/boot" }
 embassy-boot-nrf = { version = "0.1.0", path = "../../../../embassy-boot/nrf" }
 embassy-embedded-hal = { version = "0.1.0", path = "../../../../embassy-embedded-hal" }
 
@@ -19,3 +20,7 @@ embedded-hal = { version = "0.2.6" }
 
 cortex-m = { version = "0.7.6", features = ["critical-section-single-core"] }
 cortex-m-rt = "0.7.0"
+
+[features]
+ed25519-dalek = ["embassy-boot/ed25519-dalek"]
+ed25519-salty = ["embassy-boot/ed25519-salty"]

examples/boot/application/nrf/README.md

@@ -22,7 +22,7 @@ cp memory-bl.x ../../bootloader/nrf/memory.x
 # Flash bootloader
 cargo flash --manifest-path ../../bootloader/nrf/Cargo.toml --features embassy-nrf/nrf52840 --target thumbv7em-none-eabi --release --chip nRF52840_xxAA
 # Build 'b'
-cargo build --release --bin b
+cargo build --release --bin b --features embassy-nrf/nrf52840
 # Generate binary for 'b'
 cargo objcopy --release --bin b --features embassy-nrf/nrf52840 --target thumbv7em-none-eabi -- -O binary b.bin
 ```