5 лет назад · 0ea6d39686
--- a/components/bootloader_support/src/esp32/secure_boot_signatures.c
+++ b/components/bootloader_support/src/esp32/secure_boot_signatures.c
@@ -137,13 +137,13 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
 
				 
			
 
				 esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest)
			
 
				 {
			
 
				+    secure_boot_v2_status_t r;
			
 
				     uint8_t efuse_trusted_digest[DIGEST_LEN] = {0}, sig_block_trusted_digest[DIGEST_LEN] = {0};
			
 
				 
			
 
				-    secure_boot_v2_status_t r;
			
 
				     memcpy(efuse_trusted_digest, (uint8_t *)EFUSE_BLK2_RDATA0_REG, DIGEST_LEN); /* EFUSE_BLK2_RDATA0_REG - Stores the Secure Boot Public Key Digest */
			
 
				 
			
 
				     if (!ets_use_secure_boot_v2()) {
			
 
				-        ESP_LOGI(TAG, "Secure Boot EFuse bit(ABS_DONE_1) not yet programmed.");
			
 
				+        ESP_LOGI(TAG, "Secure Boot eFuse bit(ABS_DONE_1) not yet programmed.");
			
 
				 
			
 
				         /* Generating the SHA of the public key components in the signature block */
			
 
				         bootloader_sha256_handle_t sig_block_sha;
			
@@ -151,10 +151,25 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
 
				         bootloader_sha256_data(sig_block_sha, &sig_block->block[0].key, sizeof(sig_block->block[0].key));
			
 
				         bootloader_sha256_finish(sig_block_sha, (unsigned char *)sig_block_trusted_digest);
			
 
				 
			
 
				+#if CONFIG_SECURE_BOOT_V2_ENABLED
			
 
				         if (memcmp(efuse_trusted_digest, sig_block_trusted_digest, DIGEST_LEN) != 0) {
			
 
				-            ESP_LOGW(TAG, "Public key digest in eFuse BLK2 and the signature block don't match.");
			
 
				+            /* Most likely explanation for this is that BLK2 is empty, and we're going to burn it
			
 
				+               after we verify that the signature is valid. However, if BLK2 is not empty then we need to
			
 
				+               fail here.
			
 
				+            */
			
 
				+            bool all_zeroes = true;
			
 
				+            for (int i = 0; i < DIGEST_LEN; i++) {
			
 
				+                all_zeroes = all_zeroes && (efuse_trusted_digest[i] == 0);
			
 
				+            }
			
 
				+            if (!all_zeroes) {
			
 
				+                ESP_LOGE(TAG, "Different public key digest burned to eFuse BLK2");
			
 
				+                return ESP_ERR_INVALID_STATE;
			
 
				+            }
			
 
				         }
			
 
				 
			
 
				+        ESP_FAULT_ASSERT(!ets_use_secure_boot_v2());
			
 
				+#endif
			
 
				+
			
 
				         memcpy(efuse_trusted_digest, sig_block_trusted_digest, DIGEST_LEN);
			
 
				     }
			
 
				 
			
--- a/components/bootloader_support/src/idf/secure_boot_signatures.c
+++ b/components/bootloader_support/src/idf/secure_boot_signatures.c
@@ -173,7 +173,10 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
 
				 
			
 
				 esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest)
			
 
				 {
			
 
				-    uint8_t i = 0, efuse_trusted_digest[DIGEST_LEN] = {0}, sig_block_trusted_digest[DIGEST_LEN] = {0};
			
 
				+    int i = 0;
			
 
				+
			
 
				+#if CONFIG_SECURE_BOOT_V2_ENABLED /* Verify key against efuse block */
			
 
				+    uint8_t efuse_trusted_digest[DIGEST_LEN] = {0}, sig_block_trusted_digest[DIGEST_LEN] = {0};
			
 
				     memcpy(efuse_trusted_digest, (uint8_t *) EFUSE_BLK2_RDATA0_REG, sizeof(efuse_trusted_digest));
			
 
				 
			
 
				     /* Note: in IDF verification we don't add any fault injection resistance, as we don't expect this to be called
			
@@ -187,13 +190,17 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
 
				     bootloader_sha256_finish(sig_block_sha, (unsigned char *)sig_block_trusted_digest);
			
 
				 
			
 
				     if (memcmp(efuse_trusted_digest, sig_block_trusted_digest, DIGEST_LEN) != 0) {
			
 
				-        if (esp_secure_boot_enabled()) {
			
 
				+        const uint8_t zeroes[DIGEST_LEN] = {0};
			
 
				+        /* Can't continue if secure boot is enabled, OR if a different digest is already written in efuse BLK2
			
 
				+
			
 
				+           (If BLK2 is empty and Secure Boot is disabled then we assume that it will be enabled later.)
			
 
				+         */
			
 
				+        if (esp_secure_boot_enabled() || memcmp(efuse_trusted_digest, zeroes, DIGEST_LEN) != 0) {
			
 
				             ESP_LOGE(TAG, "Public key digest in eFuse BLK2 and the signature block don't match.");
			
 
				             return ESP_FAIL;
			
 
				-        } else {
			
 
				-            ESP_LOGW(TAG, "Public key digest in eFuse BLK2 and the signature block don't match.");
			
 
				         }
			
 
				     }
			
 
				+#endif
			
 
				 
			
 
				     ESP_LOGI(TAG, "Verifying with RSA-PSS...");
			
 
				     int ret = 0;