Merge branch 'bugfix/secure_ota_no_secure_boot_v5.5' into 'release/v5.5'

fix: secure OTA without secure boot issue for MMU page size configurable SoCs (v5.5) See merge request espressif/esp-idf!39123
2025-07-30 18:57:19 +02:00 · 2025-05-20 10:47:57 +08:00
parent 1adbeceb27 45831351fa
commit 29520e982c
6 changed files with 82 additions and 6 deletions
--- a/components/bootloader_support/src/esp_image_format.c
+++ b/components/bootloader_support/src/esp_image_format.c
@ -796,20 +796,27 @@ static esp_err_t verify_segment_header(int index, const esp_image_segment_header
    bool map_segment = should_map(load_addr);

 #if SOC_MMU_PAGE_SIZE_CONFIGURABLE
+    esp_err_t err = ESP_FAIL;
+
    /* ESP APP descriptor is present in the DROM segment #0 */
    if (index == 0 && !is_bootloader(metadata->start_addr)) {
-        const esp_app_desc_t *app_desc = (const esp_app_desc_t *)bootloader_mmap(segment_data_offs, sizeof(esp_app_desc_t));
-        if (!app_desc || app_desc->magic_word != ESP_APP_DESC_MAGIC_WORD) {
+        uint32_t mmu_page_size = 0, magic_word = 0;
+        const uint32_t mmu_page_size_offset = segment_data_offs + offsetof(esp_app_desc_t, mmu_page_size);
+        CHECK_ERR(bootloader_flash_read(segment_data_offs, &magic_word, sizeof(uint32_t), true));
+        CHECK_ERR(bootloader_flash_read(mmu_page_size_offset, &mmu_page_size, sizeof(uint32_t), true));
+        // Extract only the lowest byte from mmu_page_size (as per image format)
+        mmu_page_size &= 0xFF;
+
+        if (magic_word != ESP_APP_DESC_MAGIC_WORD) {
            ESP_LOGE(TAG, "Failed to fetch app description header!");
            return ESP_FAIL;
        }

        // Convert from log base 2 number to actual size while handling legacy image case (value 0)
-        metadata->mmu_page_size = (app_desc->mmu_page_size > 0) ? (1UL << app_desc->mmu_page_size) : SPI_FLASH_MMU_PAGE_SIZE;
+        metadata->mmu_page_size = (mmu_page_size > 0) ? (1UL << mmu_page_size) : SPI_FLASH_MMU_PAGE_SIZE;
        if (metadata->mmu_page_size != SPI_FLASH_MMU_PAGE_SIZE) {
            ESP_LOGI(TAG, "MMU page size mismatch, configured: 0x%x, found: 0x%"PRIx32, SPI_FLASH_MMU_PAGE_SIZE, metadata->mmu_page_size);
        }
-        bootloader_munmap(app_desc);
    } else if (index == 0 && is_bootloader(metadata->start_addr)) {
        // Bootloader always uses the default MMU page size
        metadata->mmu_page_size = SPI_FLASH_MMU_PAGE_SIZE;
@ -836,6 +843,10 @@ static esp_err_t verify_segment_header(int index, const esp_image_segment_header
    }

    return ESP_OK;
+#if SOC_MMU_PAGE_SIZE_CONFIGURABLE
+err:
+    return err;
+#endif
 }

 static bool should_map(uint32_t load_addr)
--- a/tools/test_apps/system/mmu_page_size/main/CMakeLists.txt
+++ b/tools/test_apps/system/mmu_page_size/main/CMakeLists.txt
@ -1,2 +1,2 @@
 idf_component_register(SRCS "main.c"
-                        PRIV_REQUIRES unity esp_partition)
+                        PRIV_REQUIRES unity esp_partition bootloader_support)
--- a/tools/test_apps/system/mmu_page_size/main/main.c
+++ b/tools/test_apps/system/mmu_page_size/main/main.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2024-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -10,6 +10,7 @@

 #include "unity.h"
 #include "esp_partition.h"
+#include "esp_image_format.h"

 #define SZ 4096

@ -37,4 +38,24 @@ void app_main(void)
    esp_partition_munmap(handle1);

    printf("Partition test done\n");
+
+    // Get the factory partition
+    partition = esp_partition_find_first(ESP_PARTITION_TYPE_APP, ESP_PARTITION_SUBTYPE_APP_FACTORY, NULL);
+    if (partition == NULL) {
+        printf("Failed to find factory partition\n");
+        return;
+    }
+
+    esp_image_metadata_t data;
+    const esp_partition_pos_t part_pos = {
+      .offset = partition->address,
+      .size = partition->size,
+    };
+
+    if (esp_image_verify(ESP_IMAGE_VERIFY, &part_pos, &data) != ESP_OK) {
+        printf("Failed to verify image\n");
+    } else {
+        printf("Image verified successfully\n");
+    }
+    return;
 }
--- a/tools/test_apps/system/mmu_page_size/pytest_mmu_page_size.py
+++ b/tools/test_apps/system/mmu_page_size/pytest_mmu_page_size.py
@ -28,6 +28,7 @@ def test_app_mmu_page_size_32k_and_bootloader_mmu_page_size_64k(dut: Dut, app_do
    dut.expect('MMU page size mismatch')
    dut.expect('App is running')
    dut.expect('Partition test done')
+    dut.expect('Image verified successfully', timeout=30)


@pytest.mark.generic
@ -49,3 +50,4 @@ def test_app_mmu_page_size_64k_and_bootloader_mmu_page_size_32k(dut: Dut, app_do
    dut.expect('MMU page size mismatch')
    dut.expect('App is running')
    dut.expect('Partition test done')
+    dut.expect('Image verified successfully', timeout=30)
--- a/tools/test_apps/system/mmu_page_size/sdkconfig.defaults
+++ b/tools/test_apps/system/mmu_page_size/sdkconfig.defaults
@ -1 +1,4 @@
 CONFIG_PARTITION_TABLE_CUSTOM=y
+CONFIG_PARTITION_TABLE_OFFSET=0xa000
+CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT=y
+CONFIG_ESP_MAIN_TASK_STACK_SIZE=4096
--- a/tools/test_apps/system/mmu_page_size/secure_boot_signing_key.pem
+++ b/tools/test_apps/system/mmu_page_size/secure_boot_signing_key.pem
@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4wIBAAKCAYEAzJUktQ+7wpPDfDGterxiMRx5w9n7PFaUSK3wnE+05ALsEF8F
+rUOC7/q0GutYYdWopdRM1FUKX2XVaryMViC+DHof42fEbpWYnfrCkYrDn8MLuMyK
+4uGunl8LUTIAZk3I3SZKJZy5FW9eb1XtkwfN1lAd6lEEGQKyoR6Bk/Rkisj0LP7R
+dyV9NKbJhxavZ1ohZXiXU5FW873iGdPIsloZoUK3QGRE1KRIH2woUGHATfXBCf5a
+e41wJzz7YHl5tjyxAbJ9PET52N14G73WoZKHu3QPShALrZVfjsk1oYdFvNdOBDL
+uU0vpyKl7mJHno11gM0UM0s9PrMxk9ffdAqMyS8YeLEk2Xl3AwPv7m9oeGIdSD/P
+okcISYcm4YAl5veqIG3RlkfpWjf5G15UYyLbgmn4GOkgr6ksB/dCFOMi9V1LjPah
+32A7gxqTlapQza+wNs30SYBIXrFde4bNnhFhj4Cbt34ADefWm26KLiZEHFHFN30Z
+IownitXz3rT7rmzBAgMBAAECggGBAK6bBA88dGWnM4rF42gDbFK6GPqdCp3+zuQR
+AHCIXrzT+aInV3L/Ubt730eyYWZusleGEGSQiB/PjAxjC+teWpXPjXPK1o4DQ5Rh
+trn9EuVB1LlOaaMmNqCYQdJ0uH6YGL0WtuXPEvBGcvTXA8MfQACPtFiN+M9XzBlT
+LgiW51DEHhJhEWl9J5VOXGXdaKru893kxFLgkrPI9jZQ2NPPrlxB0qE0csKBy8R1
+zRp9s2FWRAFBg2gYdOwFiPLGkO8rbM+jhXM+IUV1GgVYdxAC6zS9AiIAWuACDEwp
+Pzg3d3/5uyOFK1xTIPl/cG8CZyPQL1v/mUx0MZFaB1R1CVeDuMoFVz2YSbEaAVFv
+QIcJGDN/WlJbt0jwj7/RJKKTx0ipFlUdNbodzdaSl3Yg4N+evzR1nS8DvLJpwl/e
+ybu40IbavwYXWVzirH3wRg+P/NDsHLU5xASAyUwf1minsmObILayEZgfTA6TbrKL
+fZbJCvy2/IuCM6iqKZwSvYy0bJdaAQKBwQDzDVa/M4/sJV0GEbwegeN6Xf+XKkl3
+Gosjd+vQgv/0X1gbdMc0Ej9eYSU5/GYIHxDzDRkYIxtIfwaze1gGeNRHycMCmVkl
+09DMi48jLGE7wzObPu6MtBCSAGHaS9zMTVCYDYtRlykPzG2/1QNrRUDNACnpzneK
+MkWObzFYTIup1zh+JaD56vLIDdL7qM9apmEkq4O6y1BBPnCgRYJy5EU3BDZxz9fP
+47JtCZ47uVguoh/NVYY5uibdvI5iJ4SA/VECgcEA13srpwJppfTTFPRWgD+g7PdU
+Yg+ENBWygiJuwgGv6DyD4k73pxiyshNo7jxsdOLeGFA8hI3dvd/Ei6uUsGnWPy/a
+OwuBcOZrJZjyawNSiC+mrCSP0LGQrC5VjmuE8IU1d2hFWyV/NzkSLaXJ52Zkg3ee
+sSepBHtWEYpwH929u5FTKDKhL0qRH8E1EsULSjmkTa+cVDYgx8+2mb3vHRdJdvt3
+FZU9erKyDb4II5GJhyNQo/cxBosDzj4yIMKM/dxxAoHAE1r1lIZjqLeU/927sGZB
+mkYQC5a3gP+hIvLy2YkFHw3Us2MKVhA58ack0shRy8XFkMVzQSPSkWRkQTjKWsGW
+jhz4JaXWnpeOoite+7sWBy9VVcCeOKBCTY4wPLUb4T0q9ODnPlkeUP7Doqow+oLq
+VSj1LYReqqe0OFKMiG6YFK9p9UnD1wMp0FqheZ8I3DwxsjziYaa9PmTdjTXb3JBn
+Hql8OHYHxqtoUxyX+EObTSNmCvELnl8/pxrT7+cbuzXxAoHAfmNYb1US8qxvQtMu
+CXtIwLUxYXMIcCRp17qqjFDBBM657Hu09uWdqqWH3nTCiKyo6EnntTgg38XoWqQB
+SphJejZvIkLVYYtFPYBAcFQ6jHampEGtuRLtcJCczjRyfUEk4yzdwWB1BccLyop7
+qqZ8PkBjbDV/BYnyKcexjH9bUjEjPWi08jAifyWsI54/yQGWRZrDbwFwqMJEsFif
+b8jA5nEIoDgxH07A8R6NV499wy4LlqDeuJ/BU69XZ6+1UxGBAoHAXfb9t5ivdf9N
+ZbZj61GcrDLyYGDTotucy8HPNMr5P3ZmBR/5UzClpCbWVSaziK3CKzR0zURLw0W7
+rF4CySTjuD9FHOFFWjjlkS4KwOyYiy8fuMMLg1RmsCS8H+0L3Pm25PmRQ9TLjEf4
+0uFWf7fG4GQiciqGcvfaFH3w//d0Q7PSvIMNlM1Gc7JS1Qn4HoDF2Ux6drNb6nJL
+l6tdXNMkUFHBMtaQy0l9D/ex5NZlAniePT3xfMrQf6m0rVAAaAY0
+-----END RSA PRIVATE KEY-----