Merge branch 'bugfix/anti_rollback_check_regression_v5.2' into 'release/v5.2'

fix(bootloader_support): check the secure version only for app image (v5.2) See merge request espressif/esp-idf!29127
2025-07-30 02:37:19 +02:00 · 2024-02-20 23:30:04 +08:00
parent 7fafe4a9f4 b2cdc06789
commit 546e9e0b6e
1 changed files with 6 additions and 2 deletions
--- a/components/bootloader_support/src/esp_image_format.c
+++ b/components/bootloader_support/src/esp_image_format.c
@ -701,12 +701,16 @@ static esp_err_t process_segment_data(int segment, intptr_t load_addr, uint32_t
 #endif
    }
    uint32_t *dest = (uint32_t *)load_addr;
-#endif
+#endif // BOOTLOADER_BUILD

    const uint32_t *src = data;

 #if CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
-    if (segment == 0) {
+    // Case I: Bootloader verifying application
+    // Case II: Bootloader verifying bootloader
+    // Anti-rollback check should handle only Case I from above.
+    if (segment == 0 && metadata->start_addr != ESP_BOOTLOADER_OFFSET) {
+        ESP_LOGD(TAG, "additional anti-rollback check 0x%"PRIx32, data_addr);
        // The esp_app_desc_t structure is located in DROM and is always in segment #0.
        size_t len = process_esp_app_desc_data(src, sha_handle, checksum, metadata);
        data_len -= len;