Startseite Erkunden Hilfe
Anmelden
RT-Thread-packages
/
esp-idf
Mirror von https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Fork 0
Dateien Issues 0 Wiki
Struktur: 1f3aec2e67
Branches Tags
esp-idf
/
components
/
bootloader_support
/
private_include
/
bootloader_signature.h

bootloader_signature.h 2.4 KB
Verlauf Originalformat

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758 
  1. /*
    2. 

  2.  * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
    3. 

  3.  *
    4. 

  4.  * SPDX-License-Identifier: Apache-2.0
    5. 

  5.  */
    6. 

  6. #pragma once
    7. 

  7. 

  8. #include "sdkconfig.h"
    9. 

  9. #include <esp_err.h>
    10. 

  10. #include <stdint.h>
    11. 

  11. 

  12. #if CONFIG_IDF_TARGET_ESP32
    13. 

  13. #include "esp32/rom/secure_boot.h"
    14. 

  14. #elif CONFIG_IDF_TARGET_ESP32S2
    15. 

  15. #include "esp32s2/rom/secure_boot.h"
    16. 

  16. #elif CONFIG_IDF_TARGET_ESP32C3
    17. 

  17. #include "esp32c3/rom/secure_boot.h"
    18. 

  18. #elif CONFIG_IDF_TARGET_ESP32S3
    19. 

  19. #include "esp32s3/rom/secure_boot.h"
    20. 

  20. #elif CONFIG_IDF_TARGET_ESP32C2
    21. 

  21. #include "esp32c2/rom/secure_boot.h"
    22. 

  22. #elif CONFIG_IDF_TARGET_ESP32C6
    23. 

  23. #include "esp32c6/rom/secure_boot.h"
    24. 

  24. #elif CONFIG_IDF_TARGET_ESP32H2
    25. 

  25. #include "esp32h2/rom/secure_boot.h"
    26. 

  26. #endif
    27. 

  27. 

  28. #if !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_FULL >= 300
    29. 

  29. 

  30. #if CONFIG_SECURE_BOOT_V2_ENABLED || CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT
    31. 

  31. 

  32. /** @brief Verify the secure boot signature block for Secure Boot V2.
    33. 

  33.  *
    34. 

  34.  *  Performs RSA-PSS or ECDSA verification of the SHA-256 image based on the public key
    35. 

  35.  *  in the signature block, compared against the public key digest stored in efuse.
    36. 

  36.  *
    37. 

  37.  * Similar to esp_secure_boot_verify_signature(), but can be used when the digest is precalculated.
    38. 

  38.  * @param sig_block Pointer to signature block data
    39. 

  39.  * @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
    40. 

  40.  * @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
    41. 

  41.  *
    42. 

  42.  */
    43. 

  43. esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
    44. 

  44. 

  45. /** @brief Legacy function to verify RSA secure boot signature block for Secure Boot V2.
    46. 

  46.  *
    47. 

  47.  * @note This is kept for backward compatibility. It internally calls esp_secure_boot_verify_sbv2_signature_block.
    48. 

  48.  *
    49. 

  49.  * @param sig_block Pointer to RSA signature block data
    50. 

  50.  * @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
    51. 

  51.  * @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
    52. 

  52.  *
    53. 

  53.  */
    54. 

  54. esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
    55. 

  55. 

  56. #endif /* CONFIG_SECURE_BOOT_V2_ENABLED || CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT */
    57. 

  57. 

  58. #endif
    59.