mirror of
https://github.com/espressif/esp-idf.git
synced 2025-07-30 18:57:19 +02:00
Merge branch 'bugfix/secure_ota_no_secure_boot_v5.5' into 'release/v5.5'
fix: secure OTA without secure boot issue for MMU page size configurable SoCs (v5.5) See merge request espressif/esp-idf!39123
This commit is contained in:
Jiang Jiang Jian
@ -796,20 +796,27 @@ static esp_err_t verify_segment_header(int index, const esp_image_segment_header
|
|||||||
bool map_segment = should_map(load_addr);
|
bool map_segment = should_map(load_addr);
|
||||||
|
|
||||||
#if SOC_MMU_PAGE_SIZE_CONFIGURABLE
|
#if SOC_MMU_PAGE_SIZE_CONFIGURABLE
|
||||||
|
esp_err_t err = ESP_FAIL;
|
||||||
|
|
||||||
/* ESP APP descriptor is present in the DROM segment #0 */
|
/* ESP APP descriptor is present in the DROM segment #0 */
|
||||||
if (index == 0 && !is_bootloader(metadata->start_addr)) {
|
if (index == 0 && !is_bootloader(metadata->start_addr)) {
|
||||||
const esp_app_desc_t *app_desc = (const esp_app_desc_t *)bootloader_mmap(segment_data_offs, sizeof(esp_app_desc_t));
|
uint32_t mmu_page_size = 0, magic_word = 0;
|
||||||
if (!app_desc || app_desc->magic_word != ESP_APP_DESC_MAGIC_WORD) {
|
const uint32_t mmu_page_size_offset = segment_data_offs + offsetof(esp_app_desc_t, mmu_page_size);
|
||||||
|
CHECK_ERR(bootloader_flash_read(segment_data_offs, &magic_word, sizeof(uint32_t), true));
|
||||||
|
CHECK_ERR(bootloader_flash_read(mmu_page_size_offset, &mmu_page_size, sizeof(uint32_t), true));
|
||||||
|
// Extract only the lowest byte from mmu_page_size (as per image format)
|
||||||
|
mmu_page_size &= 0xFF;
|
||||||
|
|
||||||
|
if (magic_word != ESP_APP_DESC_MAGIC_WORD) {
|
||||||
ESP_LOGE(TAG, "Failed to fetch app description header!");
|
ESP_LOGE(TAG, "Failed to fetch app description header!");
|
||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Convert from log base 2 number to actual size while handling legacy image case (value 0)
|
// Convert from log base 2 number to actual size while handling legacy image case (value 0)
|
||||||
metadata->mmu_page_size = (app_desc->mmu_page_size > 0) ? (1UL << app_desc->mmu_page_size) : SPI_FLASH_MMU_PAGE_SIZE;
|
metadata->mmu_page_size = (mmu_page_size > 0) ? (1UL << mmu_page_size) : SPI_FLASH_MMU_PAGE_SIZE;
|
||||||
if (metadata->mmu_page_size != SPI_FLASH_MMU_PAGE_SIZE) {
|
if (metadata->mmu_page_size != SPI_FLASH_MMU_PAGE_SIZE) {
|
||||||
ESP_LOGI(TAG, "MMU page size mismatch, configured: 0x%x, found: 0x%"PRIx32, SPI_FLASH_MMU_PAGE_SIZE, metadata->mmu_page_size);
|
ESP_LOGI(TAG, "MMU page size mismatch, configured: 0x%x, found: 0x%"PRIx32, SPI_FLASH_MMU_PAGE_SIZE, metadata->mmu_page_size);
|
||||||
}
|
}
|
||||||
bootloader_munmap(app_desc);
|
|
||||||
} else if (index == 0 && is_bootloader(metadata->start_addr)) {
|
} else if (index == 0 && is_bootloader(metadata->start_addr)) {
|
||||||
// Bootloader always uses the default MMU page size
|
// Bootloader always uses the default MMU page size
|
||||||
metadata->mmu_page_size = SPI_FLASH_MMU_PAGE_SIZE;
|
metadata->mmu_page_size = SPI_FLASH_MMU_PAGE_SIZE;
|
||||||
@ -836,6 +843,10 @@ static esp_err_t verify_segment_header(int index, const esp_image_segment_header
|
|||||||
}
|
}
|
||||||
|
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
|
#if SOC_MMU_PAGE_SIZE_CONFIGURABLE
|
||||||
|
err:
|
||||||
|
return err;
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool should_map(uint32_t load_addr)
|
static bool should_map(uint32_t load_addr)
|
||||||
|
|||||||
@ -1,2 +1,2 @@
|
|||||||
idf_component_register(SRCS "main.c"
|
idf_component_register(SRCS "main.c"
|
||||||
PRIV_REQUIRES unity esp_partition)
|
PRIV_REQUIRES unity esp_partition bootloader_support)
|
||||||
|
|||||||
@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
@ -10,6 +10,7 @@
|
|||||||
|
|
||||||
#include "unity.h"
|
#include "unity.h"
|
||||||
#include "esp_partition.h"
|
#include "esp_partition.h"
|
||||||
|
#include "esp_image_format.h"
|
||||||
|
|
||||||
#define SZ 4096
|
#define SZ 4096
|
||||||
|
|
||||||
@ -37,4 +38,24 @@ void app_main(void)
|
|||||||
esp_partition_munmap(handle1);
|
esp_partition_munmap(handle1);
|
||||||
|
|
||||||
printf("Partition test done\n");
|
printf("Partition test done\n");
|
||||||
|
|
||||||
|
// Get the factory partition
|
||||||
|
partition = esp_partition_find_first(ESP_PARTITION_TYPE_APP, ESP_PARTITION_SUBTYPE_APP_FACTORY, NULL);
|
||||||
|
if (partition == NULL) {
|
||||||
|
printf("Failed to find factory partition\n");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
esp_image_metadata_t data;
|
||||||
|
const esp_partition_pos_t part_pos = {
|
||||||
|
.offset = partition->address,
|
||||||
|
.size = partition->size,
|
||||||
|
};
|
||||||
|
|
||||||
|
if (esp_image_verify(ESP_IMAGE_VERIFY, &part_pos, &data) != ESP_OK) {
|
||||||
|
printf("Failed to verify image\n");
|
||||||
|
} else {
|
||||||
|
printf("Image verified successfully\n");
|
||||||
|
}
|
||||||
|
return;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -28,6 +28,7 @@ def test_app_mmu_page_size_32k_and_bootloader_mmu_page_size_64k(dut: Dut, app_do
|
|||||||
dut.expect('MMU page size mismatch')
|
dut.expect('MMU page size mismatch')
|
||||||
dut.expect('App is running')
|
dut.expect('App is running')
|
||||||
dut.expect('Partition test done')
|
dut.expect('Partition test done')
|
||||||
|
dut.expect('Image verified successfully', timeout=30)
|
||||||
|
|
||||||
|
|
||||||
@pytest.mark.generic
|
@pytest.mark.generic
|
||||||
@ -49,3 +50,4 @@ def test_app_mmu_page_size_64k_and_bootloader_mmu_page_size_32k(dut: Dut, app_do
|
|||||||
dut.expect('MMU page size mismatch')
|
dut.expect('MMU page size mismatch')
|
||||||
dut.expect('App is running')
|
dut.expect('App is running')
|
||||||
dut.expect('Partition test done')
|
dut.expect('Partition test done')
|
||||||
|
dut.expect('Image verified successfully', timeout=30)
|
||||||
|
|||||||
@ -1 +1,4 @@
|
|||||||
CONFIG_PARTITION_TABLE_CUSTOM=y
|
CONFIG_PARTITION_TABLE_CUSTOM=y
|
||||||
|
CONFIG_PARTITION_TABLE_OFFSET=0xa000
|
||||||
|
CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT=y
|
||||||
|
CONFIG_ESP_MAIN_TASK_STACK_SIZE=4096
|
||||||
|
|||||||
@ -0,0 +1,39 @@
|
|||||||
|
-----BEGIN RSA PRIVATE KEY-----
|
||||||
|
MIIG4wIBAAKCAYEAzJUktQ+7wpPDfDGterxiMRx5w9n7PFaUSK3wnE+05ALsEF8F
|
||||||
|
rUOC7/q0GutYYdWopdRM1FUKX2XVaryMViC+DHof42fEbpWYnfrCkYrDn8MLuMyK
|
||||||
|
4uGunl8LUTIAZk3I3SZKJZy5FW9eb1XtkwfN1lAd6lEEGQKyoR6Bk/Rkisj0LP7R
|
||||||
|
dyV9NKbJhxavZ1ohZXiXU5FW873iGdPIsloZoUK3QGRE1KRIH2woUGHATfXBCf5a
|
||||||
|
+e41wJzz7YHl5tjyxAbJ9PET52N14G73WoZKHu3QPShALrZVfjsk1oYdFvNdOBDL
|
||||||
|
uU0vpyKl7mJHno11gM0UM0s9PrMxk9ffdAqMyS8YeLEk2Xl3AwPv7m9oeGIdSD/P
|
||||||
|
okcISYcm4YAl5veqIG3RlkfpWjf5G15UYyLbgmn4GOkgr6ksB/dCFOMi9V1LjPah
|
||||||
|
32A7gxqTlapQza+wNs30SYBIXrFde4bNnhFhj4Cbt34ADefWm26KLiZEHFHFN30Z
|
||||||
|
IownitXz3rT7rmzBAgMBAAECggGBAK6bBA88dGWnM4rF42gDbFK6GPqdCp3+zuQR
|
||||||
|
AHCIXrzT+aInV3L/Ubt730eyYWZusleGEGSQiB/PjAxjC+teWpXPjXPK1o4DQ5Rh
|
||||||
|
trn9EuVB1LlOaaMmNqCYQdJ0uH6YGL0WtuXPEvBGcvTXA8MfQACPtFiN+M9XzBlT
|
||||||
|
LgiW51DEHhJhEWl9J5VOXGXdaKru893kxFLgkrPI9jZQ2NPPrlxB0qE0csKBy8R1
|
||||||
|
zRp9s2FWRAFBg2gYdOwFiPLGkO8rbM+jhXM+IUV1GgVYdxAC6zS9AiIAWuACDEwp
|
||||||
|
Pzg3d3/5uyOFK1xTIPl/cG8CZyPQL1v/mUx0MZFaB1R1CVeDuMoFVz2YSbEaAVFv
|
||||||
|
QIcJGDN/WlJbt0jwj7/RJKKTx0ipFlUdNbodzdaSl3Yg4N+evzR1nS8DvLJpwl/e
|
||||||
|
ybu40IbavwYXWVzirH3wRg+P/NDsHLU5xASAyUwf1minsmObILayEZgfTA6TbrKL
|
||||||
|
fZbJCvy2/IuCM6iqKZwSvYy0bJdaAQKBwQDzDVa/M4/sJV0GEbwegeN6Xf+XKkl3
|
||||||
|
Gosjd+vQgv/0X1gbdMc0Ej9eYSU5/GYIHxDzDRkYIxtIfwaze1gGeNRHycMCmVkl
|
||||||
|
09DMi48jLGE7wzObPu6MtBCSAGHaS9zMTVCYDYtRlykPzG2/1QNrRUDNACnpzneK
|
||||||
|
MkWObzFYTIup1zh+JaD56vLIDdL7qM9apmEkq4O6y1BBPnCgRYJy5EU3BDZxz9fP
|
||||||
|
47JtCZ47uVguoh/NVYY5uibdvI5iJ4SA/VECgcEA13srpwJppfTTFPRWgD+g7PdU
|
||||||
|
Yg+ENBWygiJuwgGv6DyD4k73pxiyshNo7jxsdOLeGFA8hI3dvd/Ei6uUsGnWPy/a
|
||||||
|
OwuBcOZrJZjyawNSiC+mrCSP0LGQrC5VjmuE8IU1d2hFWyV/NzkSLaXJ52Zkg3ee
|
||||||
|
sSepBHtWEYpwH929u5FTKDKhL0qRH8E1EsULSjmkTa+cVDYgx8+2mb3vHRdJdvt3
|
||||||
|
FZU9erKyDb4II5GJhyNQo/cxBosDzj4yIMKM/dxxAoHAE1r1lIZjqLeU/927sGZB
|
||||||
|
mkYQC5a3gP+hIvLy2YkFHw3Us2MKVhA58ack0shRy8XFkMVzQSPSkWRkQTjKWsGW
|
||||||
|
jhz4JaXWnpeOoite+7sWBy9VVcCeOKBCTY4wPLUb4T0q9ODnPlkeUP7Doqow+oLq
|
||||||
|
VSj1LYReqqe0OFKMiG6YFK9p9UnD1wMp0FqheZ8I3DwxsjziYaa9PmTdjTXb3JBn
|
||||||
|
Hql8OHYHxqtoUxyX+EObTSNmCvELnl8/pxrT7+cbuzXxAoHAfmNYb1US8qxvQtMu
|
||||||
|
CXtIwLUxYXMIcCRp17qqjFDBBM657Hu09uWdqqWH3nTCiKyo6EnntTgg38XoWqQB
|
||||||
|
SphJejZvIkLVYYtFPYBAcFQ6jHampEGtuRLtcJCczjRyfUEk4yzdwWB1BccLyop7
|
||||||
|
qqZ8PkBjbDV/BYnyKcexjH9bUjEjPWi08jAifyWsI54/yQGWRZrDbwFwqMJEsFif
|
||||||
|
b8jA5nEIoDgxH07A8R6NV499wy4LlqDeuJ/BU69XZ6+1UxGBAoHAXfb9t5ivdf9N
|
||||||
|
ZbZj61GcrDLyYGDTotucy8HPNMr5P3ZmBR/5UzClpCbWVSaziK3CKzR0zURLw0W7
|
||||||
|
rF4CySTjuD9FHOFFWjjlkS4KwOyYiy8fuMMLg1RmsCS8H+0L3Pm25PmRQ9TLjEf4
|
||||||
|
0uFWf7fG4GQiciqGcvfaFH3w//d0Q7PSvIMNlM1Gc7JS1Qn4HoDF2Ux6drNb6nJL
|
||||||
|
l6tdXNMkUFHBMtaQy0l9D/ex5NZlAniePT3xfMrQf6m0rVAAaAY0
|
||||||
|
-----END RSA PRIVATE KEY-----
|
||||||
Reference in New Issue
Block a user