M2 Bootloader Rust

Overview

This repository provides a Rust-based bootloader and an example IoT application for microcontrollers (STM32F4 series as a reference).
The bootloader is designed to enable:

• Secure firmware updates (UART, USB, or OTA-ready)
• Firmware integrity verification using CRC or SHA256
• Fallback mechanism for invalid firmware
• Minimal dependency on external runtime (#![no_std])

This project serves as a starting template for embedded developers looking to build robust IoT bootloaders in Rust.

---

Features

• Bare-metal Rust bootloader (#![no_std])
• Hardware initialization module (init.rs)
• Flash read/write routines (flash.rs)
• Firmware verification (verify.rs)
• Update handling (updater.rs)
• Example IoT application (app/)
• Cross-platform scripts for flashing and verification
• Ready-to-use GitHub Actions CI for building bootloader and app

---

Repository Structure

iot-bootloader-rust/
│
├─ Cargo.toml                   # Workspace manifest
├─ rust-toolchain.toml          # Rust version pinning
├─ README.md
├─ .gitignore
├─ .github/workflows/build.yml  # CI/CD workflow
│
├─ bootloader/                  # Bootloader crate
│   ├─ Cargo.toml
│   └─ src/
│       ├─ main.rs
│       ├─ init.rs
│       ├─ flash.rs
│       ├─ updater.rs
│       └─ verify.rs
│
├─ app/                         # IoT Application crate
│   ├─ Cargo.toml
│   └─ src/
│       ├─ main.rs
│       └─ peripherals.rs
│
├─ scripts/                     # Flashing and verification scripts
│   ├─ flash.sh
│   └─ check_firmware.sh
│
├─ examples/                    # Example applications for testing
│   └─ blinky.rs
│
└─ docs/
    └─ memory_map.md            # MCU flash layout and memory map

---

Getting Started

Prerequisites

• Rust toolchain (stable recommended)
• cargo and rustup
• Embedded development tools:
  • probe-rs CLI for flashing
  • STM32 USB/UART programmer
• Optional: VSCode + Rust Analyzer for development

Build Bootloader

cd bootloader
cargo build --release --target thumbv7em-none-eabihf

Build Application

cd app
cargo build --release --target thumbv7em-none-eabihf

Flash Firmware

./scripts/flash.sh

Verify Firmware

./scripts/check_firmware.sh

---

Bootloader Workflow

+----------------+
| MCU Reset       |
+----------------+
        |
        v
+----------------+
| Bootloader      |
| init hardware   |
+----------------+
        |
        v
+----------------+
| Verify firmware |
+----------------+
        |
        v
+-------------------------+
| Check for update        |
| (UART/USB/OTA)         |
+-------------------------+
        |
        v
+-------------------------+
| Apply update if present |
+-------------------------+
        |
        v
+-------------------------+
| Jump to application     |
+-------------------------+
        |
        v
+-------------------------+
| Fallback if failure     |
+-------------------------+

---

Memory Layout

Bootloader: 0x08000000 - 0x08003FFF
Application: 0x08004000 - 0x080FFFFF
Backup: 0x08100000 - 0x08103FFF

---

Example Snippets

Bootloader Main

#![no_std]
#![no_main]

use cortex_m_rt::entry;

mod init;
mod flash;
mod updater;
mod verify;

#[entry]
fn main() -> ! {
    init::init_hardware();

    if verify::firmware_valid() {
        updater::check_for_update();
        jump_to_app();
    } else {
        loop {}
    }
}

fn jump_to_app() -> ! {
    const APP_START_ADDRESS: u32 = 0x0800_4000;
    let app: extern "C" fn() = unsafe { core::mem::transmute(APP_START_ADDRESS) };
    app();
}

Application Main

#![no_std]
#![no_main]

use cortex_m_rt::entry;
mod peripherals;

#[entry]
fn main() -> ! {
    peripherals::init_led();

    loop {
        peripherals::toggle_led();
    }
}

Peripheral Example

pub fn init_led() {}
pub fn toggle_led() {}

---

Future Development

• Add OTA over Wi-Fi or BLE
• Secure boot with digital signature verification
• Dual-bank firmware for rollback support
• Support additional MCUs (ESP32, nRF52)
• Add unit tests and CI/CD for embedded targets

License

This project is dual-licensed:

• Open-Source / Personal Use: Apache 2.0
• Commercial / Closed-Source Use: Proprietary license required

For commercial licensing inquiries or enterprise use, please contact: mahbub.aaman.app@gmail.com

Author

Md Mahbubur Rahman GitHub | Website

---

Contributing

We welcome contributions!

• Fork the repo and submit pull requests
• Follow Rust coding guidelines and safety best practices
• Report issues or suggest features via GitHub Issues

---

Further Reading / References

1. Developing a Cryptographically Secure Bootloader for RISC-V in Rust
2. Low-Power Secure Booting for IoT Edge Devices
3. Secure Boot and Root-of-Trust in Heterogeneous SoCs
4. Design and Implementation of a Secure Bootloader Using Public Key Cryptography
5. Rust for Embedded Systems: Current State and Open Problems
6. Rust for Security and Correctness in the Embedded World
7. Building Safe and Secure Software with Rust on Arm
8. Building a Secure Operating System (Redox OS) with Rust
9. Rust vs C: Language Choices in Embedded Systems and Cryptography
10. Twine: An Embedded Trusted Runtime for WebAssembly
11. Ferrocene: Rust Toolchain for Safety-Critical Applications
12. Embedded Rust Book
13. Rust Embedded Working Group
14. Rust Embedded HAL
15. probe-rs: Debug Probe Library for Rust