espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-02 10:00:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/encrypt_len_for_sb_update_case' into 'master'

Browse Source 
fix(bootloader): correct encryption length for secure update without secure boot

See merge request espressif/esp-idf!41665
This commit is contained in:
Mahavir Jain
2025-09-15 15:48:26 +05:30
parent d4e58bf7dc a148c61bef
commit b05300be39
6 changed files with 75 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/bootloader/Kconfig.projbuild
View File

@@ -1058,7 +1058,7 @@ menu "Security features"
endmenu # Potentially Insecure endmenu # Potentially Insecure
config SECURE_FLASH_ENCRYPT_ONLY_IMAGE_LEN_IN_APP_PART config SECURE_FLASH_ENCRYPT_ONLY_IMAGE_LEN_IN_APP_PART
bool "Encrypt only the app image that is present in the partition of type app" bool "Encrypt contents upto app image length in app partition"
depends on SECURE_FLASH_ENC_ENABLED && !SECURE_FLASH_REQUIRE_ALREADY_ENABLED depends on SECURE_FLASH_ENC_ENABLED && !SECURE_FLASH_REQUIRE_ALREADY_ENABLED
default y default y
help help

17
components/bootloader_support/include/esp_secure_boot.h
View File

@@ -225,6 +225,23 @@ typedef struct {
uint8_t signature[64]; uint8_t signature[64];
} esp_secure_boot_sig_block_t; } esp_secure_boot_sig_block_t;
/** @brief Get the size of the secure boot signature block
*
* This is the size of the signature block appended to a signed image.
*
* @return Size of the secure boot signature block in bytes
*/
static inline uint32_t esp_secure_boot_sig_block_size()
{
#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME
return sizeof(ets_secure_boot_signature_t);
#elif defined(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME)
return sizeof(esp_secure_boot_sig_block_t);
#else
return 0;
#endif
}
/** @brief Verify the ECDSA secure boot signature block for Secure Boot V1. /** @brief Verify the ECDSA secure boot signature block for Secure Boot V1.
* *
* Calculates Deterministic ECDSA w/ SHA256 based on the SHA256 hash of the image. ECDSA signature * Calculates Deterministic ECDSA w/ SHA256 based on the SHA256 hash of the image. ECDSA signature

4
components/bootloader_support/src/flash_encryption/flash_encrypt.c
View File

@@ -428,6 +428,10 @@ static esp_err_t encrypt_partition(int index, const esp_partition_info_t *partit
if (partition->type == PART_TYPE_APP && should_encrypt) { if (partition->type == PART_TYPE_APP && should_encrypt) {
// Encrypt only the app image instead of encrypting the whole partition // Encrypt only the app image instead of encrypting the whole partition
size = image_data.image_len; size = image_data.image_len;
#if CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
// If secure update without secure boot, also encrypt the signature block
size += esp_secure_boot_sig_block_size();
#endif
} }
#endif #endif
} else if (partition->type == PART_TYPE_PARTITION_TABLE) { } else if (partition->type == PART_TYPE_PARTITION_TABLE) {

11
tools/test_apps/security/signed_app_no_secure_boot/pytest_signed_app_no_secure_boot.py
View File

@@ -1,5 +1,6 @@
# SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD # SPDX-FileCopyrightText: 2023-2025 Espressif Systems (Shanghai) CO LTD
# SPDX-License-Identifier: Unlicense OR CC0-1.0 # SPDX-License-Identifier: Unlicense OR CC0-1.0
import pytest import pytest
from pytest_embedded import Dut from pytest_embedded import Dut
from pytest_embedded_idf.utils import idf_parametrize from pytest_embedded_idf.utils import idf_parametrize
@@ -9,6 +10,14 @@ from pytest_embedded_idf.utils import idf_parametrize
@idf_parametrize('target', ['esp32c2', 'esp32c3'], indirect=['target']) @idf_parametrize('target', ['esp32c2', 'esp32c3'], indirect=['target'])
def test_examples_security_on_update_no_secure_boot(dut: Dut) -> None: def test_examples_security_on_update_no_secure_boot(dut: Dut) -> None:
dut.expect( dut.expect(
"This app is not signed, but check signature on update is enabled in config. It won't be possible to verify any update.", "This app is not signed, but check signature on update is enabled in config. It won't be possible to verify any update.", # noqa : E501
timeout=10, timeout=10,
) )
@pytest.mark.host_test
@pytest.mark.qemu
@pytest.mark.parametrize('config', ['secure_update_with_fe'], indirect=True)
@idf_parametrize('target', ['esp32c3'], indirect=['target'])
def test_examples_secure_update_with_fe_qemu(dut: Dut) -> None:
dut.expect('Example for secured signed with no secure boot', timeout=60)

4
tools/test_apps/security/signed_app_no_secure_boot/sdkconfig.ci.secure_update_with_fe Normal file
View File

@@ -0,0 +1,4 @@
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=y
CONFIG_PARTITION_TABLE_OFFSET=0xc000
CONFIG_NVS_ENCRYPTION=n

39
tools/test_apps/security/signed_app_no_secure_boot/secure_boot_signing_key.pem Normal file
View File

@@ -0,0 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
MIIG5AIBAAKCAYEA5sRBdVlob0RWwRsBYrGrMmdhIbam45boFbD/1skxb7lRhJjE
pStZ5DVhtQWVAsqTKkY/QH0zzRBBSfdnsneBAc3yFBTBrMPBQitOvg2UK5rx3jJ2
dD3hpFG5QZPzmB48ZBmsnmMILLgSMwraAPwkbA4qU2TAeCkAE5WVH3w2m1n95sze
gbxZamLbaPj5DedT5yqIjWK4NecTlr7VXFTXWzzAfb+hQtzBN1RmemvbhCgSksAS
4huoLAZ6iwpEyuACj4pNmFMyQJQ4PPr54mUkL+btMSTbkOZdMbIrXR/FePvFU/Ug
zu9u3QvGm/u2tmpp2Lo/hDgJOhcS4bQjLk7R6Ynq+pi6zQuqpRSCoMEuSzth+yQr
rMCox8lvHgALpc/G8ZbI1bZN0UybmqBBQ5p5FVf9xfNwnt/tuyFV4QDjaRrCcJ1y
FTrMG/+aSM8de4TuxWC3dImfCrVQf/ncB+Y5rL+h3lo9Viozd+bBy79jACjpkwbY
o9GINr26F3GcK/ShAgMBAAECggGADvNsIkQ2pe7RiBVN060bIFreSibhTSF7y9v5
11qVn11sUKDtLJ5QZp6mw+mmq9WgDz8Z3f2+m2yQLlCfIUroyssjAfYOTjkojjbs
FRggH2scfH7cec+AjPrWe88wGwzqcLnRGznjT7JlS3VKhoHPgkiwqVJ/vck6PgqU
7MNJbms4Lfnb+J/RUzkwae6nhCUWpIV272IT+ToNZNjcTe0ZPsoC1qLRudk/k2we
b5QJVtiZy3QyRP/xt1h8HAIATvyQTmcdubE3cC0waEINI1jJdGJwJQ66LPJpx5ov
s+ldjDdkJi/E8fNrnrn/WIWKwAXctg8VaIHj++WVJ0f9hmZ/bBNRJbFh4LpVKRY5
oU1XCC9b2edbQbhWLsG19E0XJ+c5i8UY8uIH6DC9QCK28I/eYxA1RoDUt1st06CW
hZT3INFqQ+1mbbff3pm0+kDNxne/PhR7bNApzF/3Fa33v9d0iEfKviEUhCtM4rzD
SVMGTGOAXuAS5RCBAYzTEPrp8UCBAoHBAPluD2o33eEQ5MOm9WoTYLFKKLS/l91B
wHmwY9m53YiMBxLgYrJ9oQOTEApAY5B4G1BxidvhehAMd51iK03W/YkZhy3ZhUTJ
DC29upFPCsS1On1kUC9doyuSgILt3zLZVW98RX6PM7LCLR+jSJPYJQ13xlBRe2Dc
pHpkr0vwtUR35D1EKV2cXFJZLDzj1xAIFNqiv6591J7xzehzBEyP56lar/oeqsvv
w7SWsU4rF6E8Os3gvlTRV5QgnBZEUTTZaQKBwQDs2Fio7NYofSQeI5Q+FPDiV4U1
rkOZzXJFsf6dQl3GaqgXmuJsfYbRDcAvSBcfo6RFu+ZHEa0U9yEQKK4OSeXTrD8U
0wLCfVmlzQf/l0Iutxv1qGTkB0NnZ7nKCSmdoGErXWTVdz4pHPmU6nUNZ3ih02oP
2nA6CjVtsJVUGWwi6k8bX2mRvLpmjjfJP82EmRXbkKh4xseddWd7Xf/G9hJcXaXt
piE8dmyBQP1u2WluffDT1VNGt3k5O8TIvqlfYnkCgcEA66MfKvB2S35jL7bV2A1Q
ZoyxoffyZxML26pY2kKt16a5tAqJEyh96VuQZq7noH7nBvsMCs6bOvgcNHGeiV3W
jSOxwg3hydbJC5lW3Jm4iZbQF8+htO2YDbzMbWR9XJNXFAhpuqNcar7oVCA0m38x
meSSVCR2E06+j+X4eRyAkptU4tA25/mkeiNGGIwCC2InGVlxDk5PhIzZQoUOBapZ
Z3OGFhvMrPbogv1tqXQqUacNwptUE9rlCso3yw1lTjEpAoHBAJ2CQ3QUDVhf4OUq
RCwFQS1FhxFsEwj12EkBVpK+0B5kT+Vi27HKyR2+R1EqYDZqXZUCoOIinziSISrd
4uMdwfpDUrBGpE8zjar175vKu/jVTYLRukbrjaf3E1eJQGPThMuSELzl0DEHU/P0
+GMxrMfyEVb5rijrIR0Rkj2bqo6NxI4vpcWF/XC2o+Lyy3qjVCXwzhmEGLxel7Mz
kCaA/zTuEqs5EGFlYEOVNPXDIJqaps450Gf3HGczmGroYTtOAQKBwCzmQn+pONYM
zg8FGbRafACNucw4vuiVgMvWtREgZuGFyQ9UKiaPLjvQl6xR/1jZXA0nD8ApjZwK
KOoKgzZD1XfiGjpuA6Ift2UuPDdq4NnI8orPfFCZRXmqBFzpByFx7XZLtKEtYm5w
r4WHCqQMLSYufS77FClcuWOfyx08iaqONLNQLLps1HJ0ydCPWKObhL+iKlzapEMh
6aAMN/0YR2Fw3+5Cz4Zsn+pe/N6/rqoCVMxS5vsgbmIAZ6537ENMwA==
-----END RSA PRIVATE KEY-----