mirror of
https://github.com/espressif/esp-idf.git
synced 2025-07-30 02:37:19 +02:00
bootloader: add anti-FI checks around secure version in anti-rollback scheme
This commit is contained in:
Mahavir Jain
bot
@ -66,6 +66,7 @@
|
|||||||
#include "bootloader_utility.h"
|
#include "bootloader_utility.h"
|
||||||
#include "bootloader_sha.h"
|
#include "bootloader_sha.h"
|
||||||
#include "esp_efuse.h"
|
#include "esp_efuse.h"
|
||||||
|
#include "esp_fault.h"
|
||||||
|
|
||||||
static const char *TAG = "boot";
|
static const char *TAG = "boot";
|
||||||
|
|
||||||
@ -257,9 +258,16 @@ static esp_err_t write_otadata(esp_ota_select_entry_t *otadata, uint32_t offset,
|
|||||||
static bool check_anti_rollback(const esp_partition_pos_t *partition)
|
static bool check_anti_rollback(const esp_partition_pos_t *partition)
|
||||||
{
|
{
|
||||||
#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
|
#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
|
||||||
esp_app_desc_t app_desc;
|
esp_app_desc_t app_desc = {};
|
||||||
esp_err_t err = bootloader_common_get_partition_description(partition, &app_desc);
|
esp_err_t err = bootloader_common_get_partition_description(partition, &app_desc);
|
||||||
return err == ESP_OK && esp_efuse_check_secure_version(app_desc.secure_version) == true;
|
if (err != ESP_OK) {
|
||||||
|
ESP_LOGE(TAG, "Failed to get partition description %d", err);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
bool sec_ver = esp_efuse_check_secure_version(app_desc.secure_version);
|
||||||
|
/* Anti FI check */
|
||||||
|
ESP_FAULT_ASSERT(sec_ver == esp_efuse_check_secure_version(app_desc.secure_version));
|
||||||
|
return sec_ver;
|
||||||
#else
|
#else
|
||||||
return true;
|
return true;
|
||||||
#endif
|
#endif
|
||||||
@ -272,6 +280,8 @@ static void update_anti_rollback(const esp_partition_pos_t *partition)
|
|||||||
esp_err_t err = bootloader_common_get_partition_description(partition, &app_desc);
|
esp_err_t err = bootloader_common_get_partition_description(partition, &app_desc);
|
||||||
if (err == ESP_OK) {
|
if (err == ESP_OK) {
|
||||||
esp_efuse_update_secure_version(app_desc.secure_version);
|
esp_efuse_update_secure_version(app_desc.secure_version);
|
||||||
|
} else {
|
||||||
|
ESP_LOGE(TAG, "Failed to get partition description %d", err);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -20,6 +20,7 @@
|
|||||||
#include "esp_types.h"
|
#include "esp_types.h"
|
||||||
#include "assert.h"
|
#include "assert.h"
|
||||||
#include "esp_err.h"
|
#include "esp_err.h"
|
||||||
|
#include "esp_fault.h"
|
||||||
#include "esp_log.h"
|
#include "esp_log.h"
|
||||||
#include "soc/efuse_periph.h"
|
#include "soc/efuse_periph.h"
|
||||||
#include "bootloader_random.h"
|
#include "bootloader_random.h"
|
||||||
@ -129,7 +130,16 @@ static void write_anti_rollback(uint32_t new_bits)
|
|||||||
bool esp_efuse_check_secure_version(uint32_t secure_version)
|
bool esp_efuse_check_secure_version(uint32_t secure_version)
|
||||||
{
|
{
|
||||||
uint32_t sec_ver_hw = esp_efuse_read_secure_version();
|
uint32_t sec_ver_hw = esp_efuse_read_secure_version();
|
||||||
return secure_version >= sec_ver_hw;
|
/* Additional copies for Anti FI check */
|
||||||
|
uint32_t sec_ver_hw_c1 = esp_efuse_read_secure_version();
|
||||||
|
uint32_t sec_ver_hw_c2 = esp_efuse_read_secure_version();
|
||||||
|
ESP_FAULT_ASSERT(sec_ver_hw == sec_ver_hw_c1);
|
||||||
|
ESP_FAULT_ASSERT(sec_ver_hw == sec_ver_hw_c2);
|
||||||
|
|
||||||
|
bool ret_status = (secure_version >= sec_ver_hw);
|
||||||
|
/* Anti FI check */
|
||||||
|
ESP_FAULT_ASSERT(ret_status == (secure_version >= sec_ver_hw));
|
||||||
|
return ret_status;
|
||||||
}
|
}
|
||||||
|
|
||||||
esp_err_t esp_efuse_update_secure_version(uint32_t secure_version)
|
esp_err_t esp_efuse_update_secure_version(uint32_t secure_version)
|
||||||
|
|||||||
Reference in New Issue
Block a user