| 
									
										
										
										
											2021-11-06 17:21:57 +08:00
										 |  |  | /*
 | 
					
						
							| 
									
										
										
										
											2022-01-18 10:32:56 +08:00
										 |  |  |  * SPDX-FileCopyrightText: 2020-2022 Espressif Systems (Shanghai) CO LTD | 
					
						
							| 
									
										
										
										
											2021-11-06 17:21:57 +08:00
										 |  |  |  * | 
					
						
							|  |  |  |  * SPDX-License-Identifier: Apache-2.0 | 
					
						
							|  |  |  |  */ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2021-11-26 21:04:23 +09:00
										 |  |  | #pragma once
 | 
					
						
							| 
									
										
										
										
											2021-11-06 17:21:57 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | #include <stdint.h>
 | 
					
						
							|  |  |  | #include <stdbool.h>
 | 
					
						
							|  |  |  | #include "ets_sys.h"
 | 
					
						
							| 
									
										
										
										
											2022-03-10 10:53:15 +05:30
										 |  |  | #include "ecdsa.h"
 | 
					
						
							| 
									
										
										
										
											2022-10-13 12:01:27 +08:00
										 |  |  | #include "esp_assert.h"
 | 
					
						
							| 
									
										
										
										
											2021-11-06 17:21:57 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | #ifdef __cplusplus
 | 
					
						
							|  |  |  | extern "C" { | 
					
						
							|  |  |  | #endif
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | typedef struct ets_secure_boot_sig_block ets_secure_boot_sig_block_t; | 
					
						
							|  |  |  | typedef struct ets_secure_boot_signature ets_secure_boot_signature_t; | 
					
						
							|  |  |  | typedef struct ets_secure_boot_key_digests ets_secure_boot_key_digests_t; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /* Anti-FI measure: use full words for success/fail, instead of
 | 
					
						
							|  |  |  |    0/non-zero | 
					
						
							|  |  |  | */ | 
					
						
							|  |  |  | typedef enum { | 
					
						
							|  |  |  |     SB_SUCCESS = 0x3A5A5AA5, | 
					
						
							|  |  |  |     SB_FAILED = 0x7533885E, | 
					
						
							|  |  |  | } ets_secure_boot_status_t; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /* Verify bootloader image (reconfigures cache to map),
 | 
					
						
							|  |  |  |    with key digests provided as parameters.) | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |    Can be used to verify secure boot status before enabling | 
					
						
							|  |  |  |    secure boot permanently. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |    If stage_load parameter is true, bootloader is copied into staging | 
					
						
							|  |  |  |    buffer in RAM at the same time. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |    If result is SB_SUCCESS, the "simple hash" of the bootloader is | 
					
						
							|  |  |  |    copied into verified_hash. | 
					
						
							|  |  |  | */ | 
					
						
							|  |  |  | ets_secure_boot_status_t ets_secure_boot_verify_bootloader_with_keys(uint8_t *verified_hash, const ets_secure_boot_key_digests_t *trusted_keys, bool stage_load); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /* Read key digests from efuse. Any revoked/missing digests will be
 | 
					
						
							|  |  |  |    marked as NULL | 
					
						
							|  |  |  | */ | 
					
						
							|  |  |  | ETS_STATUS ets_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /* Verify supplied signature against supplied digest, using
 | 
					
						
							|  |  |  |    supplied trusted key digests. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |    Doesn't reconfigure cache or any other hardware access except for RSA peripheral. | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |    If result is SB_SUCCESS, the image_digest value is copied into verified_digest. | 
					
						
							|  |  |  | */ | 
					
						
							|  |  |  | ets_secure_boot_status_t ets_secure_boot_verify_signature(const ets_secure_boot_signature_t *sig, const uint8_t *image_digest, const ets_secure_boot_key_digests_t *trusted_keys, uint8_t *verified_digest); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #define CRC_SIGN_BLOCK_LEN 1196
 | 
					
						
							|  |  |  | #define SIG_BLOCK_PADDING 4096
 | 
					
						
							|  |  |  | #define ETS_SECURE_BOOT_V2_SIGNATURE_MAGIC 0xE7
 | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-03-10 10:53:15 +05:30
										 |  |  | /* Secure Boot V2 signature block (extended to support ECDSA)
 | 
					
						
							| 
									
										
										
										
											2021-11-06 17:21:57 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  |    (Up to 3 in a signature sector are appended to the image) | 
					
						
							|  |  |  |  */ | 
					
						
							| 
									
										
										
										
											2022-03-10 10:53:15 +05:30
										 |  |  | struct __attribute((packed)) ets_secure_boot_sig_block { | 
					
						
							| 
									
										
										
										
											2021-11-06 17:21:57 +08:00
										 |  |  |     uint8_t magic_byte; | 
					
						
							|  |  |  |     uint8_t version; | 
					
						
							|  |  |  |     uint8_t _reserved1; | 
					
						
							|  |  |  |     uint8_t _reserved2; | 
					
						
							|  |  |  |     uint8_t image_digest[32]; | 
					
						
							| 
									
										
										
										
											2022-03-10 10:53:15 +05:30
										 |  |  |     struct { | 
					
						
							|  |  |  |         struct { | 
					
						
							|  |  |  |             uint8_t curve_id; /* ETS_ECDSA_CURVE_P192 / ETS_ECDSA_CURVE_P256 */ | 
					
						
							|  |  |  |             uint8_t point[64]; /* X followed by Y (both little-endian), plus zero bytes if P192 */ | 
					
						
							|  |  |  |         } key; | 
					
						
							|  |  |  |         uint8_t signature[64]; /* r followed by s (both little-endian) */ | 
					
						
							|  |  |  |         uint8_t padding[1031]; | 
					
						
							|  |  |  |     } ecdsa; | 
					
						
							|  |  |  |     uint32_t block_crc; /* note: crc covers all bytes in the structure before it, regardless of version field */ | 
					
						
							| 
									
										
										
										
											2021-11-06 17:21:57 +08:00
										 |  |  |     uint8_t _padding[16]; | 
					
						
							|  |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-10-13 12:01:27 +08:00
										 |  |  | ESP_STATIC_ASSERT(sizeof(ets_secure_boot_sig_block_t) == 1216, "invalid sig block size"); | 
					
						
							| 
									
										
										
										
											2021-11-06 17:21:57 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | #define SECURE_BOOT_NUM_BLOCKS 1
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | /* V2 Secure boot signature sector (up to 3 blocks) */ | 
					
						
							|  |  |  | struct ets_secure_boot_signature { | 
					
						
							|  |  |  |     ets_secure_boot_sig_block_t block[SECURE_BOOT_NUM_BLOCKS]; | 
					
						
							|  |  |  |     uint8_t _padding[4096 - (sizeof(ets_secure_boot_sig_block_t) * SECURE_BOOT_NUM_BLOCKS)]; | 
					
						
							|  |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2022-10-13 12:01:27 +08:00
										 |  |  | ESP_STATIC_ASSERT(sizeof(ets_secure_boot_signature_t) == 4096, "invalid sig sector size"); | 
					
						
							| 
									
										
										
										
											2021-11-06 17:21:57 +08:00
										 |  |  | 
 | 
					
						
							|  |  |  | #define MAX_KEY_DIGESTS 1
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | struct ets_secure_boot_key_digests { | 
					
						
							|  |  |  |     const void *key_digests[MAX_KEY_DIGESTS]; | 
					
						
							|  |  |  |     bool allow_key_revoke; | 
					
						
							|  |  |  | }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | #ifdef __cplusplus
 | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | #endif
 |