espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-04 02:50:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

paritition_table: Verify the partition table md5sum when loading the app

Browse Source 
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).

The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
This commit is contained in:
Angus Gratton
2021-02-04 11:12:04 +11:00
parent b23f8e21cd
commit c572e0bf5f
8 changed files with 145 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
components/bootloader/Kconfig.projbuild
View File

@@ -435,6 +435,7 @@ menu "Security features"
config SECURE_FLASH_ENCRYPTION_MODE_RELEASE
bool "Release"
select PARTITION_TABLE_MD5 if !ESP32_COMPATIBLE_PRE_V3_1_BOOTLOADERS
endchoice