espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-07-31 19:24:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update to compatible crc & SBv2 enable check api's

Browse Source
This commit is contained in:
Supreet Deshpande
2020-08-06 02:40:53 +05:30
parent d72350c0ce
commit 7d57165922
3 changed files with 5 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
components/bootloader_support/src/esp32/secure_boot.c
View File

@@ -392,17 +392,6 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag
ESP_LOGW(TAG, "Not disabling ROM BASIC fallback - SECURITY COMPROMISED"); ESP_LOGW(TAG, "Not disabling ROM BASIC fallback - SECURITY COMPROMISED");
#endif #endif
#ifdef CONFIG_SECURE_DISABLE_ROM_DL_MODE
ESP_LOGI(TAG, "Disable ROM Download mode...");
esp_err_t err = esp_efuse_disable_rom_download_mode();
if (err != ESP_OK) {
ESP_LOGE(TAG, "Could not disable ROM Download mode...");
return ESP_FAIL;
}
#else
ESP_LOGW(TAG, "Not disabling ROM Download mode - SECURITY COMPROMISED");
#endif
#ifndef CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS #ifndef CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS
bool rd_dis_now = true; bool rd_dis_now = true;
#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED #ifdef CONFIG_SECURE_FLASH_ENC_ENABLED

6
components/bootloader_support/src/esp32s2/secure_boot.c
View File

@@ -21,7 +21,7 @@
#include "bootloader_sha.h" #include "bootloader_sha.h"
#include "bootloader_utility.h" #include "bootloader_utility.h"
#include "esp_rom_crc.h" #include "esp32s2/rom/crc.h"
#include "esp_efuse.h" #include "esp_efuse.h"
#include "esp_efuse_table.h" #include "esp_efuse_table.h"
@@ -40,7 +40,7 @@ static const char *TAG = "secure_boot_v2";
/* A signature block is valid when it has correct magic byte, crc and image digest. */ /* A signature block is valid when it has correct magic byte, crc and image digest. */
static esp_err_t validate_signature_block(const ets_secure_boot_sig_block_t *block, int block_num, const uint8_t *image_digest) static esp_err_t validate_signature_block(const ets_secure_boot_sig_block_t *block, int block_num, const uint8_t *image_digest)
{ {
uint32_t crc = esp_rom_crc32_le(0, (uint8_t *)block, CRC_SIGN_BLOCK_LEN); uint32_t crc = crc32_le(0, (uint8_t *)block, CRC_SIGN_BLOCK_LEN);
if (block->magic_byte != SIG_BLOCK_MAGIC_BYTE) { if (block->magic_byte != SIG_BLOCK_MAGIC_BYTE) {
// All signature blocks have been parsed, no new signature block present. // All signature blocks have been parsed, no new signature block present.
ESP_LOGD(TAG, "Signature block(%d) invalid/absent.", block_num); ESP_LOGD(TAG, "Signature block(%d) invalid/absent.", block_num);
@@ -318,7 +318,7 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag
assert(ets_efuse_secure_boot_aggressive_revoke_enabled()); assert(ets_efuse_secure_boot_aggressive_revoke_enabled());
#endif #endif
assert(esp_rom_efuse_is_secure_boot_enabled()); assert(ets_efuse_secure_boot_enabled());
ESP_LOGI(TAG, "Secure boot permanently enabled"); ESP_LOGI(TAG, "Secure boot permanently enabled");
return ESP_OK; return ESP_OK;

2
components/esptool_py/esptool

Submodule components/esptool_py/esptool updated: 5eada56341...10225816df