From 08ce6b92aa05597063718815d1bd6f14aa7fa318 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Thu, 9 Feb 2023 12:08:59 +0530 Subject: [PATCH 1/2] gen_esp32part: allow secure boot v2 based app partition size 4K aligned For Secure Boot v2 case, unsigned image is first padded to next 64K aligned boundary and then a signature block of 4K gets appended. Thus an app partition whose size is 4K aligned should be allowed here. For Secure Boot v1 case, app partition size must be 64K aligned as the signature block lies at the very end of 64K boundary. Relevant: 57b601ab7f6254e98b29d6f48124055b59f57d15 --- components/partition_table/CMakeLists.txt | 6 ++++- components/partition_table/gen_esp32part.py | 28 ++++++++++++++++++--- 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/components/partition_table/CMakeLists.txt b/components/partition_table/CMakeLists.txt index 113728f413..8b56c12293 100644 --- a/components/partition_table/CMakeLists.txt +++ b/components/partition_table/CMakeLists.txt @@ -25,7 +25,11 @@ if(CONFIG_ESPTOOLPY_FLASHSIZE) endif() if(CONFIG_SECURE_BOOT AND NOT CONFIG_SECURE_BOOT_ALLOW_SHORT_APP_PARTITION) - set(partition_secure_opt --secure) + if(CONFIG_SECURE_BOOT_V2_ENABLED) + set(partition_secure_opt --secure v2) + else() + set(partition_secure_opt --secure v1) + endif() else() set(partition_secure_opt "") endif() diff --git a/components/partition_table/gen_esp32part.py b/components/partition_table/gen_esp32part.py index ec04b9b0b2..9ea7b22e51 100755 --- a/components/partition_table/gen_esp32part.py +++ b/components/partition_table/gen_esp32part.py @@ -38,6 +38,10 @@ PARTITION_TABLE_SIZE = 0x1000 # Size of partition table MIN_PARTITION_SUBTYPE_APP_OTA = 0x10 NUM_PARTITION_SUBTYPE_APP_OTA = 16 +SECURE_NONE = None +SECURE_V1 = 'v1' +SECURE_V2 = 'v2' + __version__ = '1.2' APP_TYPE = 0x00 @@ -68,9 +72,23 @@ SUBTYPES = { }, } + +def get_alignment_size_for_type(ptype): + if ptype == APP_TYPE and secure == SECURE_V1: + # For secure boot v1 case, app partition must be 64K aligned + # signature block (68 bytes) lies at the very end of 64K block + return 0x10000 + if ptype == APP_TYPE and secure == SECURE_V2: + # For secure boot v2 case, app partition must be 4K aligned + # signature block (4K) is kept after padding the unsigned image to 64K boundary + return 0x1000 + # No specific size alignement requirement as such + return 0x1 + + quiet = False md5sum = True -secure = False +secure = SECURE_NONE offset_part_table = 0 @@ -367,10 +385,12 @@ class PartitionDefinition(object): align = self.ALIGNMENT.get(self.type, 4) if self.offset % align: raise ValidationError(self, 'Offset 0x%x is not aligned to 0x%x' % (self.offset, align)) - if self.size % align and secure: - raise ValidationError(self, 'Size 0x%x is not aligned to 0x%x' % (self.size, align)) if self.size is None: raise ValidationError(self, 'Size field is not set') + if self.type == APP_TYPE and secure is not SECURE_NONE: + size_align = get_alignment_size_for_type(self.type) + if self.size % size_align: + raise ValidationError(self, 'Size 0x%x is not aligned to 0x%x' % (self.size, size_align)) if self.name in TYPES and TYPES.get(self.name, '') != self.type: critical("WARNING: Partition has name '%s' which is a partition type, but does not match this partition's " @@ -475,7 +495,7 @@ def main(): 'enabled by default and this flag does nothing.', action='store_true') parser.add_argument('--quiet', '-q', help="Don't print non-critical status messages to stderr", action='store_true') parser.add_argument('--offset', '-o', help='Set offset partition table', default='0x8000') - parser.add_argument('--secure', help='Require app partitions to be suitable for secure boot', action='store_true') + parser.add_argument('--secure', help='Require app partitions to be suitable for secure boot', nargs='?', const=SECURE_V1, choices=[SECURE_V1, SECURE_V2]) parser.add_argument('input', help='Path to CSV or binary file to parse.', type=argparse.FileType('rb')) parser.add_argument('output', help='Path to output converted binary or CSV file. Will use stdout if omitted.', nargs='?', default='-') From 726c7cd45cd9de5505e5ae91453c7f9c3c753010 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Mon, 6 Feb 2023 09:06:32 +0530 Subject: [PATCH 2/2] partition_table: add tests for checking secure boot part size --- .../gen_esp32part_tests.py | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/components/partition_table/test_gen_esp32part_host/gen_esp32part_tests.py b/components/partition_table/test_gen_esp32part_host/gen_esp32part_tests.py index fbb2dd0451..961cedec2e 100755 --- a/components/partition_table/test_gen_esp32part_host/gen_esp32part_tests.py +++ b/components/partition_table/test_gen_esp32part_host/gen_esp32part_tests.py @@ -397,6 +397,38 @@ class CommandLineTests(Py23TestCase): class VerificationTests(Py23TestCase): + def _run_genesp32(self, csvcontents, args): + csvpath = tempfile.mktemp() + with open(csvpath, 'w') as f: + f.write(csvcontents) + try: + output = subprocess.check_output([sys.executable, '../gen_esp32part.py', csvpath] + args, stderr=subprocess.STDOUT) + return output.strip() + except subprocess.CalledProcessError as e: + return e.output.strip() + finally: + os.remove(csvpath) + + def test_check_secure_app_size(self): + sample_csv = """ +ota_0, app, ota_0, , 0x101000 +ota_1, app, ota_1, , 0x100800 + """ + + def rge(args): + return self._run_genesp32(sample_csv, args) + + # Valid test that would pass with the above partition table + partfile = tempfile.mktemp() + self.assertEqual(rge([partfile]), b'Parsing CSV input...\nVerifying table...') + os.remove(partfile) + # Failure case 1, incorrect ota_0 partition size + self.assertEqual(rge(['-q', '--secure', 'v1']), + b'Partition ota_0 invalid: Size 0x101000 is not aligned to 0x10000') + # Failure case 2, incorrect ota_1 partition size + self.assertEqual(rge(['-q', '--secure', 'v2']), + b'Partition ota_1 invalid: Size 0x100800 is not aligned to 0x1000') + def test_bad_alignment(self): csv = """ # Name,Type, SubType,Offset,Size