From 242784722945a5a20d4a36efa400af8f12852221 Mon Sep 17 00:00:00 2001
From: Supreet Deshpande <supreet.deshpande@espressif.com>
Date: Fri, 18 Dec 2020 14:10:28 +0530
Subject: [PATCH 1/3] Secure Boot v2: Fix the double padding of the image
 length during flash encryption

Fixes https://github.com/espressif/esp-idf/issues/6236
---
 components/bootloader_support/src/esp32/flash_encrypt.c  | 4 +---
 .../bootloader_support/src/esp32s2beta/flash_encrypt.c   | 9 +++++++++
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/components/bootloader_support/src/esp32/flash_encrypt.c b/components/bootloader_support/src/esp32/flash_encrypt.c
index a85b728c32..8e07095cee 100644
--- a/components/bootloader_support/src/esp32/flash_encrypt.c
+++ b/components/bootloader_support/src/esp32/flash_encrypt.c
@@ -252,9 +252,7 @@ static esp_err_t encrypt_bootloader(void)
         ESP_LOGD(TAG, "bootloader is plaintext. Encrypting...");
 
 #if CONFIG_SECURE_BOOT_V2_ENABLED
-        // Account for the signature sector after the bootloader
-        image_length = (image_length + FLASH_SECTOR_SIZE - 1) & ~(FLASH_SECTOR_SIZE - 1);
-        image_length += FLASH_SECTOR_SIZE;
+        /* The image length obtained from esp_image_verify_bootloader includes the sector boundary padding and the signature block lengths */
         if (ESP_BOOTLOADER_OFFSET + image_length > ESP_PARTITION_TABLE_OFFSET) {
             ESP_LOGE(TAG, "Bootloader is too large to fit Secure Boot V2 signature sector and partition table (configured offset 0x%x)", ESP_PARTITION_TABLE_OFFSET);
             return ESP_ERR_INVALID_STATE;
diff --git a/components/bootloader_support/src/esp32s2beta/flash_encrypt.c b/components/bootloader_support/src/esp32s2beta/flash_encrypt.c
index 5afa4b7e6d..bef51c827e 100644
--- a/components/bootloader_support/src/esp32s2beta/flash_encrypt.c
+++ b/components/bootloader_support/src/esp32s2beta/flash_encrypt.c
@@ -191,6 +191,15 @@ static esp_err_t encrypt_bootloader(void)
     /* Check for plaintext bootloader (verification will fail if it's already encrypted) */
     if (esp_image_verify_bootloader(&image_length) == ESP_OK) {
         ESP_LOGD(TAG, "bootloader is plaintext. Encrypting...");
+
+#if CONFIG_SECURE_BOOT_V2_ENABLED
+        /* The image length obtained from esp_image_verify_bootloader includes the sector boundary padding and the signature block lengths */
+        if (ESP_BOOTLOADER_OFFSET + image_length > ESP_PARTITION_TABLE_OFFSET) {
+            ESP_LOGE(TAG, "Bootloader is too large to fit Secure Boot V2 signature sector and partition table (configured offset 0x%x)", ESP_PARTITION_TABLE_OFFSET);
+            return ESP_ERR_INVALID_SIZE;
+        }
+#endif // CONFIG_SECURE_BOOT_V2_ENABLED
+
         err = esp_flash_encrypt_region(ESP_BOOTLOADER_OFFSET, image_length);
         if (err != ESP_OK) {
             ESP_LOGE(TAG, "Failed to encrypt bootloader in place: 0x%x", err);

From 801bbcc7add2847f54263a7272a5960f1ee8271c Mon Sep 17 00:00:00 2001
From: Supreet Deshpande <supreet.deshpande@espressif.com>
Date: Fri, 18 Dec 2020 14:14:42 +0530
Subject: [PATCH 2/3] Secure boot v2: Fixes the issue of passing the flash
 calculated digest for ota verification.

---
 .../bootloader_support/src/idf/secure_boot_signatures.c       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/components/bootloader_support/src/idf/secure_boot_signatures.c b/components/bootloader_support/src/idf/secure_boot_signatures.c
index ee541445bd..ca66be7059 100644
--- a/components/bootloader_support/src/idf/secure_boot_signatures.c
+++ b/components/bootloader_support/src/idf/secure_boot_signatures.c
@@ -260,8 +260,8 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
             goto exit;
         }
 
-        ret = mbedtls_rsa_rsassa_pss_verify( &pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 32, 
-                                            sig_block->block[i].image_digest, sig_be);
+        ret = mbedtls_rsa_rsassa_pss_verify( &pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, DIGEST_LEN,
+                                            image_digest, sig_be);
         if (ret != 0) {
             ESP_LOGE(TAG, "Failed mbedtls_rsa_rsassa_pss_verify, err: %d", ret);
         } else {

From cca370df4758b502cc6f3f63478faf0bff5341f2 Mon Sep 17 00:00:00 2001
From: Morozov-5F <zhe3145@yandex.ru>
Date: Thu, 31 Dec 2020 18:14:50 +1100
Subject: [PATCH 3/3] secure boot v2: Fix crash if signature verification fails
 in app

sha_handle is "finished" when verify_secure_boot_signature() returns and
should be nulled out.

Alternative version of fix submitted in https://github.com/espressif/esp-idf/pull/6210

Closes https://github.com/espressif/esp-idf/pull/6210

Signed-off-by: Angus Gratton <angus@espressif.com>
---
 components/bootloader_support/src/esp_image_format.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/components/bootloader_support/src/esp_image_format.c b/components/bootloader_support/src/esp_image_format.c
index 5dc6db56a2..e8d705cf80 100644
--- a/components/bootloader_support/src/esp_image_format.c
+++ b/components/bootloader_support/src/esp_image_format.c
@@ -229,6 +229,7 @@ static esp_err_t image_load(esp_image_load_mode_t mode, const esp_partition_pos_
             if (true) {
 #endif // end checking for JTAG
                 err = verify_secure_boot_signature(sha_handle, data, image_digest, verified_digest);
+                sha_handle = NULL; // verify_secure_boot_signature finishes sha_handle
             }
 #else // SECURE_BOOT_CHECK_SIGNATURE
             // No secure boot, but SHA-256 can be appended for basic corruption detection