Home Esplora Aiuto
Accedi
RT-Thread-packages
/
esp-idf
mirror da https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

Merge branch 'bugfix/misc_secure_boot_v4.2' into 'release/v4.2'

Bugfix/misc secure boot v2 (v4.2)

See merge request espressif/esp-idf!11743
Mahavir Jain 5 anni fa
parent
7ceaac64bf 7453507d93
commit
4d1ada8ab5
3 ha cambiato i file con 4 aggiunte e 8 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 1 3
      components/bootloader_support/src/esp32/flash_encrypt.c
  2. 1 3
      components/bootloader_support/src/esp32s2/flash_encrypt.c
  3. 2 2
      components/bootloader_support/src/idf/secure_boot_signatures.c

+ 1 - 3
components/bootloader_support/src/esp32/flash_encrypt.c
Vedi File 

@@ -252,9 +252,7 @@ static esp_err_t encrypt_bootloader(void)
 
         ESP_LOGD(TAG, "bootloader is plaintext. Encrypting...");
 
 
 #if CONFIG_SECURE_BOOT_V2_ENABLED
 
-        // Account for the signature sector after the bootloader
 
-        image_length = (image_length + FLASH_SECTOR_SIZE - 1) & ~(FLASH_SECTOR_SIZE - 1);
 
-        image_length += FLASH_SECTOR_SIZE;
 
+        /* The image length obtained from esp_image_verify_bootloader includes the sector boundary padding and the signature block lengths */
 
         if (ESP_BOOTLOADER_OFFSET + image_length > ESP_PARTITION_TABLE_OFFSET) {
 
             ESP_LOGE(TAG, "Bootloader is too large to fit Secure Boot V2 signature sector and partition table (configured offset 0x%x)", ESP_PARTITION_TABLE_OFFSET);
 
             return ESP_ERR_INVALID_STATE;

+ 1 - 3
components/bootloader_support/src/esp32s2/flash_encrypt.c
Vedi File 

@@ -286,9 +286,7 @@ static esp_err_t encrypt_bootloader(void)
 
         ESP_LOGD(TAG, "bootloader is plaintext. Encrypting...");
 
 
 #if CONFIG_SECURE_BOOT_V2_ENABLED
 
-        // Account for the signature sector after the bootloader
 
-        image_length = (image_length + FLASH_SECTOR_SIZE - 1) & ~(FLASH_SECTOR_SIZE - 1);
 
-        image_length += FLASH_SECTOR_SIZE;
 
+        /* The image length obtained from esp_image_verify_bootloader includes the sector boundary padding and the signature block lengths */
 
         if (ESP_BOOTLOADER_OFFSET + image_length > ESP_PARTITION_TABLE_OFFSET) {
 
             ESP_LOGE(TAG, "Bootloader is too large to fit Secure Boot V2 signature sector and partition table (configured offset 0x%x)", ESP_PARTITION_TABLE_OFFSET);
 
             return ESP_ERR_INVALID_SIZE;

+ 2 - 2
components/bootloader_support/src/idf/secure_boot_signatures.c
Vedi File 

@@ -312,8 +312,8 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
 
             goto exit;
 
         }
 
 
-        ret = mbedtls_rsa_rsassa_pss_verify( &pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, DIGEST_LEN, 
-                                            sig_block->block[i].image_digest, sig_be);
 
+        ret = mbedtls_rsa_rsassa_pss_verify( &pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, DIGEST_LEN,
 
+                                            image_digest, sig_be);
 
         if (ret != 0) {
 
             ESP_LOGE(TAG, "Failed mbedtls_rsa_rsassa_pss_verify, err: %d", ret);
 
         } else {