espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-02 12:14:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'feature/secure_boot_dev_approach' into 'master'

Browse Source 
feat(bootloader_support): Support SB-on app can do OTA on SB-off chip

Closes IDFGH-12079

See merge request espressif/esp-idf!29027
This commit is contained in:
Konstantin Kondrashov
2024-02-14 15:11:52 +08:00
parent 4d90eedb6e 9b0eefee73
commit 07980dba2f
1 changed files with 19 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c
View File

@@ -1,5 +1,5 @@
/* /*
* SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
* *
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
@@ -143,27 +143,27 @@ esp_err_t esp_secure_boot_get_signature_blocks_for_running_app(bool digest_publi
static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t *public_key_digests) static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t *public_key_digests)
{ {
#ifdef CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT if (!esp_secure_boot_enabled()) { // CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
// Gets key digests from running app // Gets key digests from running app
ESP_LOGI(TAG, "Take trusted digest key(s) from running app"); ESP_LOGI(TAG, "Take trusted digest key(s) from running app");
return esp_secure_boot_get_signature_blocks_for_running_app(true, public_key_digests); return esp_secure_boot_get_signature_blocks_for_running_app(true, public_key_digests);
#elif CONFIG_SECURE_BOOT_V2_ENABLED } else { // CONFIG_SECURE_BOOT_V2_ENABLED
ESP_LOGI(TAG, "Take trusted digest key(s) from eFuse block(s)"); ESP_LOGI(TAG, "Take trusted digest key(s) from eFuse block(s)");
// Read key digests from efuse // Read key digests from efuse
esp_secure_boot_key_digests_t efuse_trusted; esp_secure_boot_key_digests_t efuse_trusted;
if (esp_secure_boot_read_key_digests(&efuse_trusted) == ESP_OK) { if (esp_secure_boot_read_key_digests(&efuse_trusted) == ESP_OK) {
for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) { for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
if (efuse_trusted.key_digests[i] != NULL) { if (efuse_trusted.key_digests[i] != NULL) {
memcpy(public_key_digests->key_digests[i], (uint8_t *)efuse_trusted.key_digests[i], ESP_SECURE_BOOT_KEY_DIGEST_LEN); memcpy(public_key_digests->key_digests[i], (uint8_t *)efuse_trusted.key_digests[i], ESP_SECURE_BOOT_KEY_DIGEST_LEN);
public_key_digests->num_digests++; public_key_digests->num_digests++;
}
} }
} }
} if (public_key_digests->num_digests > 0) {
if (public_key_digests->num_digests > 0) { return ESP_OK;
return ESP_OK; }
} }
return ESP_ERR_NOT_FOUND; return ESP_ERR_NOT_FOUND;
#endif // CONFIG_SECURE_BOOT_V2_ENABLED
} }
esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length) esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)