espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-03 20:54:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'bugfix/secure_boot_v2_doc_correction' into 'master'

Browse Source 
docs: fix salt length in secure-boot-v2 guide

See merge request espressif/esp-idf!16286
This commit is contained in:
Mahavir Jain
2021-12-08 03:25:10 +00:00
parent 2e1c7d876c 1501a22e02
commit ba355f924e
2 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
components/bootloader_support/src/esp_image_format.c
View File

@@ -127,25 +127,27 @@ static esp_err_t image_load(esp_image_load_mode_t mode, const esp_partition_pos_
uint32_t checksum_word = ESP_ROM_CHECKSUM_INITIAL;
uint32_t *checksum = (do_verify) ? &checksum_word : NULL;
bootloader_sha256_handle_t sha_handle = NULL;
bool verify_sha;
#if (SECURE_BOOT_CHECK_SIGNATURE == 1)
/* used for anti-FI checks */
uint8_t image_digest[HASH_LEN] = { [ 0 ... 31] = 0xEE };
uint8_t verified_digest[HASH_LEN] = { [ 0 ... 31 ] = 0x01 };
#endif
#if CONFIG_SECURE_BOOT_V2_ENABLED
// For Secure Boot V2, we do verify signature on bootloader which includes the SHA calculation.
bool verify_sha = do_verify;
#else // Secure boot not enabled
// For secure boot V1 on ESP32, we don't calculate SHA or verify signature on bootloaders.
// (For non-secure boot, we don't verify any SHA-256 hash appended to the bootloader because
// esptool.py may have rewritten the header - rely on esptool.py having verified the bootloader at flashing time, instead.)
bool verify_sha = (part->offset != ESP_BOOTLOADER_OFFSET) && do_verify;
#endif
if (data == NULL || part == NULL) {
return ESP_ERR_INVALID_ARG;
}
#if CONFIG_SECURE_BOOT_V2_ENABLED
// For Secure Boot V2, we do verify signature on bootloader which includes the SHA calculation.
verify_sha = do_verify;
#else // Secure boot not enabled
// For secure boot V1 on ESP32, we don't calculate SHA or verify signature on bootloaders.
// (For non-secure boot, we don't verify any SHA-256 hash appended to the bootloader because
// esptool.py may have rewritten the header - rely on esptool.py having verified the bootloader at flashing time, instead.)
verify_sha = (part->offset != ESP_BOOTLOADER_OFFSET) && do_verify;
#endif
if (part->size > SIXTEEN_MB) {
err = ESP_ERR_INVALID_ARG;
FAIL_LOAD("partition size 0x%x invalid, larger than 16MB", part->size);

2
docs/en/security/secure-boot-v2.rst
View File

@@ -132,7 +132,7 @@ The content of each signature block is shown in the following table:
- Pre-calculated M, derived from n
* - 812
- 384
- RSA-PSS Signature result (section 8.1.1 of RFC8017) of image content, computed using following PSS parameters: SHA256 hash, MFG1 function, 0 length salt, default trailer field (0xBC).
- RSA-PSS Signature result (section 8.1.1 of RFC8017) of image content, computed using following PSS parameters: SHA256 hash, MFG1 function, salt length 32 bytes, default trailer field (0xBC).
* - 1196
- 4
- CRC32 of the preceding 1095 bytes.