Skip to content

FIRM-LOCK: A hardware-anchored, offline-first remote attestation platform that cryptographically proves IoT device integrity using LoRa and Secure Elements.

License

Notifications You must be signed in to change notification settings

TeamMavericKX/firmlockv01

Repository files navigation

๐Ÿ”’ FIRM-LOCK: Full-Stack Attestation System

Working demo of military-grade firmware integrity for edge IoT


๐ŸŽฏ What This Is

This is a complete, working implementation of the FIRM-LOCK attestation system:

  • โœ… Backend: FastAPI with WebSocket for real-time updates
  • โœ… Frontend: React dashboard with professional UI
  • โœ… Hardware Interface: Python module for STM32 + ATECC608A communication
  • โœ… Simulation Mode: Works without hardware for demos

๐Ÿ—๏ธ Architecture

โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”
โ”‚                         FIRM-LOCK SYSTEM                                โ”‚
โ”œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ค
โ”‚                                                                         โ”‚
โ”‚  โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”      WebSocket       โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”  โ”‚
โ”‚  โ”‚   React      โ”‚โ—€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ–ถโ”‚      FastAPI Backend        โ”‚  โ”‚
โ”‚  โ”‚  Dashboard   โ”‚      HTTP API        โ”‚                             โ”‚  โ”‚
โ”‚  โ”‚              โ”‚                      โ”‚  โ€ข Attestation Engine       โ”‚  โ”‚
โ”‚  โ”‚  โ€ข Real-time โ”‚                      โ”‚  โ€ข Device Registry          โ”‚  โ”‚
โ”‚  โ”‚  โ€ข PCR viz   โ”‚                      โ”‚  โ€ข Challenge/Response       โ”‚  โ”‚
โ”‚  โ”‚  โ€ข Controls  โ”‚                      โ”‚  โ€ข WebSocket Manager        โ”‚  โ”‚
โ”‚  โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜                      โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”ฌโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜  โ”‚
โ”‚                                                       โ”‚                 โ”‚
โ”‚                                                       โ”‚ Serial/USB      โ”‚
โ”‚                                                       โ–ผ                 โ”‚
โ”‚                                         โ”Œโ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ” โ”‚
โ”‚                                         โ”‚   Hardware Interface        โ”‚ โ”‚
โ”‚                                         โ”‚                             โ”‚ โ”‚
โ”‚                                         โ”‚  โ€ข STM32 (Cortex-M33)       โ”‚ โ”‚
โ”‚                                         โ”‚  โ€ข ATECC608A Secure Element โ”‚ โ”‚
โ”‚                                         โ”‚  โ€ข LoRa/BLE/USB Comms       โ”‚ โ”‚
โ”‚                                         โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜ โ”‚
โ”‚                                                                         โ”‚
โ””โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”˜

๐Ÿš€ Quick Start

Prerequisites

  • Python 3.9+
  • Node.js 18+
  • (Optional) STM32 Nucleo board + ATECC608A for hardware mode

1. Clone and Setup

# Clone the repository
git clone https://github.com/TeamMavericKX/firmlockv01.git
cd firm-lock

# Setup backend
cd backend
python -m venv venv
source venv/bin/activate  # Windows: venv\Scripts\activate
pip install -r requirements.txt

# Setup frontend (in another terminal)
cd ../
npm install

2. Start the Backend

cd backend
source venv/bin/activate
python main.py

Backend will start at http://localhost:8000

3. Start the Frontend

# In project root
npm run dev

Frontend will start at http://localhost:5173

4. Open Dashboard

Navigate to http://localhost:5173 in your browser.


๐ŸŽฎ Demo Flow

Without Hardware (Simulation Mode)

  1. Open Dashboard โ†’ See device status as "HEALTHY"
  2. Click "Trigger Attestation" โ†’ Watch real-time verification
  3. Click "Simulate Attack" โ†’ See PCR mismatch detection
  4. Click "Trigger Recovery" โ†’ Watch automatic restoration

With Hardware (Real Device)

  1. Connect STM32 via USB
  2. Backend auto-detects device
  3. Dashboard shows "Hardware" badge
  4. All operations communicate with real device

๐Ÿ“ Project Structure

firm-lock/
โ”œโ”€โ”€ backend/
โ”‚   โ”œโ”€โ”€ main.py                 # FastAPI application
โ”‚   โ”œโ”€โ”€ requirements.txt        # Python dependencies
โ”‚   โ””โ”€โ”€ hardware/
โ”‚       โ”œโ”€โ”€ __init__.py
โ”‚       โ””โ”€โ”€ device_interface.py # STM32/ATECC608A interface
โ”œโ”€โ”€ src/
โ”‚   โ”œโ”€โ”€ App.tsx                 # Main React application
โ”‚   โ”œโ”€โ”€ App.css                 # Custom styles
โ”‚   โ””โ”€โ”€ ...                     # React components
โ”œโ”€โ”€ index.html                  # HTML entry point
โ”œโ”€โ”€ package.json                # Node dependencies
โ”œโ”€โ”€ vite.config.ts              # Vite configuration
โ””โ”€โ”€ README.md                   # This file

๐Ÿ”Œ Hardware Setup (Optional)

Required Components

Component Part Number Cost
MCU Dev Board STM32 Nucleo-U585 ~$15
Secure Element ATECC608A Breakout ~$8
LoRa Module RFM95W Breakout ~$20

Wiring

STM32 Nucleo-U585         ATECC608A
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
3.3V      โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ VCC
GND       โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ GND
PB7 (I2C) โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ SDA
PB6 (I2C) โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ SCL

STM32 Nucleo-U585         RFM95W
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
3.3V      โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ VCC
GND       โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ GND
PA5 (SPI) โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ SCK
PA6 (SPI) โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ MISO
PA7 (SPI) โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ MOSI
PA4 (GPIO) โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€ NSS

Firmware

The STM32 firmware and entire project deck is in a separate repository: STM32x --beta Docs


๐Ÿ”ง API Endpoints

REST API

Endpoint Method Description
/api/devices GET List all devices
/api/devices/{id} GET Get device details
/api/devices/{id}/challenge POST Create attestation challenge
/api/devices/{id}/evidence POST Submit attestation evidence
/api/devices/{id}/recover POST Trigger recovery
/api/devices/{id}/attack POST Simulate attack (demo)
/api/metrics GET System metrics

WebSocket

Connect to ws://localhost:8000/ws

Client โ†’ Server Messages:

{ "action": "ping" }
{ "action": "get_devices" }
{ "action": "trigger_attestation", "device_id": "FL-2847-AF" }
{ "action": "simulate_attack", "device_id": "FL-2847-AF" }
{ "action": "trigger_recovery", "device_id": "FL-2847-AF" }

Server โ†’ Client Messages:

{ "type": "connected", "hardware_available": true }
{ "type": "attestation_complete", "result": "PASS", "latency_ms": 1.2 }
{ "type": "attack_detected", "device_id": "FL-2847-AF" }
{ "type": "device_recovered", "device_id": "FL-2847-AF" }

๐Ÿงช Testing

Backend Tests

cd backend
pytest

Frontend Tests

npm test

Manual Testing

  1. Start backend and frontend
  2. Open browser DevTools โ†’ Network โ†’ WS
  3. Watch WebSocket messages
  4. Click buttons, verify responses

๐Ÿ“ฆ Building for Production

Build Frontend

npm run build

Output in dist/ folder.

Deploy Backend

cd backend
# Using Docker
docker build -t firmlock-backend .
docker run -p 8000:8000 firmlock-backend

# Or using systemd
systemctl enable firmlock-backend
systemctl start firmlock-backend

๐ŸŽ“ Learning Resources

Understanding the Code

  1. Start with backend/main.py - Core attestation logic
  2. Read hardware/device_interface.py - Hardware communication
  3. Explore src/App.tsx - Dashboard UI

Key Concepts

  • PCR (Platform Configuration Register): Cryptographic hash of firmware
  • Measured Boot: Hashing each boot stage
  • Challenge-Response: Verifier sends nonce, device signs evidence
  • Golden Image: Factory-trusted firmware for recovery

๐Ÿค Contributing

  1. Fork the repository
  2. Create a feature branch
  3. Make your changes
  4. Submit a pull request

๐Ÿ“„ License

MIT License - See LICENSE file


๐Ÿ™ Acknowledgments

  • MCUboot project for secure bootloader
  • Microchip for ATECC608A secure element
  • STMicroelectronics for STM32 platform

๐Ÿ“ง Contact


Trust Your Edge. Verify Every Boot. ๐Ÿ”’

About

FIRM-LOCK: A hardware-anchored, offline-first remote attestation platform that cryptographically proves IoT device integrity using LoRa and Secure Elements.

Topics

Resources

License

Contributing

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •