From 7d57165922f712bdf58ab12bb2bc7fbf44bccf5e Mon Sep 17 00:00:00 2001 From: Supreet Deshpande Date: Thu, 6 Aug 2020 02:40:53 +0530 Subject: [PATCH] Update to compatible crc & SBv2 enable check api's --- .../bootloader_support/src/esp32/secure_boot.c | 13 +------------ .../bootloader_support/src/esp32s2/secure_boot.c | 6 +++--- components/esptool_py/esptool | 2 +- 3 files changed, 5 insertions(+), 16 deletions(-) diff --git a/components/bootloader_support/src/esp32/secure_boot.c b/components/bootloader_support/src/esp32/secure_boot.c index 0dcf655d86..c3a5a532a8 100644 --- a/components/bootloader_support/src/esp32/secure_boot.c +++ b/components/bootloader_support/src/esp32/secure_boot.c @@ -319,7 +319,7 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag uint32_t dis_reg = REG_READ(EFUSE_BLK0_RDATA0_REG); bool efuse_key_read_protected = dis_reg & EFUSE_RD_DIS_BLK2; bool efuse_key_write_protected = dis_reg & EFUSE_WR_DIS_BLK2; - if (efuse_key_write_protected == false + if (efuse_key_write_protected == false && efuse_key_read_protected == false && REG_READ(EFUSE_BLK2_RDATA0_REG) == 0 && REG_READ(EFUSE_BLK2_RDATA1_REG) == 0 @@ -392,17 +392,6 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag ESP_LOGW(TAG, "Not disabling ROM BASIC fallback - SECURITY COMPROMISED"); #endif -#ifdef CONFIG_SECURE_DISABLE_ROM_DL_MODE - ESP_LOGI(TAG, "Disable ROM Download mode..."); - esp_err_t err = esp_efuse_disable_rom_download_mode(); - if (err != ESP_OK) { - ESP_LOGE(TAG, "Could not disable ROM Download mode..."); - return ESP_FAIL; - } -#else - ESP_LOGW(TAG, "Not disabling ROM Download mode - SECURITY COMPROMISED"); -#endif - #ifndef CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS bool rd_dis_now = true; #ifdef CONFIG_SECURE_FLASH_ENC_ENABLED diff --git a/components/bootloader_support/src/esp32s2/secure_boot.c b/components/bootloader_support/src/esp32s2/secure_boot.c index e5dd3b93b4..bfe51bb8ae 100644 --- a/components/bootloader_support/src/esp32s2/secure_boot.c +++ b/components/bootloader_support/src/esp32s2/secure_boot.c @@ -21,7 +21,7 @@ #include "bootloader_sha.h" #include "bootloader_utility.h" -#include "esp_rom_crc.h" +#include "esp32s2/rom/crc.h" #include "esp_efuse.h" #include "esp_efuse_table.h" @@ -40,7 +40,7 @@ static const char *TAG = "secure_boot_v2"; /* A signature block is valid when it has correct magic byte, crc and image digest. */ static esp_err_t validate_signature_block(const ets_secure_boot_sig_block_t *block, int block_num, const uint8_t *image_digest) { - uint32_t crc = esp_rom_crc32_le(0, (uint8_t *)block, CRC_SIGN_BLOCK_LEN); + uint32_t crc = crc32_le(0, (uint8_t *)block, CRC_SIGN_BLOCK_LEN); if (block->magic_byte != SIG_BLOCK_MAGIC_BYTE) { // All signature blocks have been parsed, no new signature block present. ESP_LOGD(TAG, "Signature block(%d) invalid/absent.", block_num); @@ -318,7 +318,7 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag assert(ets_efuse_secure_boot_aggressive_revoke_enabled()); #endif - assert(esp_rom_efuse_is_secure_boot_enabled()); + assert(ets_efuse_secure_boot_enabled()); ESP_LOGI(TAG, "Secure boot permanently enabled"); return ESP_OK; diff --git a/components/esptool_py/esptool b/components/esptool_py/esptool index 5eada56341..10225816df 160000 --- a/components/esptool_py/esptool +++ b/components/esptool_py/esptool @@ -1 +1 @@ -Subproject commit 5eada56341f3a74c3e09eef3b1266f1072145059 +Subproject commit 10225816df4c9c1b078e677e8a75a87778786ad1