espressif/esp-idf
1
0
Fork 1
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-02 18:10:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(bootloader): correct encryption length for secure update without secure boot

Browse Source 
For secure update without secure boot case, the encryption length for
app image must consider signature block length as well. This was
correctly handled for secure boot case but not for secure update without
secure boot.
This commit is contained in:
Mahavir Jain
2025-09-01 11:00:48 +05:30
parent 954ecf1b0b
commit ec588172ed
3 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/bootloader/Kconfig.projbuild
View File

@@ -1111,7 +1111,7 @@ menu "Security features"
endmenu # Potentially Insecure endmenu # Potentially Insecure
config SECURE_FLASH_ENCRYPT_ONLY_IMAGE_LEN_IN_APP_PART config SECURE_FLASH_ENCRYPT_ONLY_IMAGE_LEN_IN_APP_PART
bool "Encrypt only the app image that is present in the partition of type app" bool "Encrypt contents upto app image length in app partition"
depends on SECURE_FLASH_ENC_ENABLED && !SECURE_FLASH_REQUIRE_ALREADY_ENABLED depends on SECURE_FLASH_ENC_ENABLED && !SECURE_FLASH_REQUIRE_ALREADY_ENABLED
default y default y
help help

17
components/bootloader_support/include/esp_secure_boot.h
View File

@@ -196,6 +196,23 @@ typedef struct {
uint8_t signature[64]; uint8_t signature[64];
} esp_secure_boot_sig_block_t; } esp_secure_boot_sig_block_t;
/** @brief Get the size of the secure boot signature block
*
* This is the size of the signature block appended to a signed image.
*
* @return Size of the secure boot signature block in bytes
*/
static inline uint32_t esp_secure_boot_sig_block_size(void)
{
#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME
return sizeof(ets_secure_boot_signature_t);
#elif defined(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME)
return sizeof(esp_secure_boot_sig_block_t);
#else
return 0;
#endif
}
/** @brief Verify the ECDSA secure boot signature block for Secure Boot V1. /** @brief Verify the ECDSA secure boot signature block for Secure Boot V1.
* *
* Calculates Deterministic ECDSA w/ SHA256 based on the SHA256 hash of the image. ECDSA signature * Calculates Deterministic ECDSA w/ SHA256 based on the SHA256 hash of the image. ECDSA signature

4
components/bootloader_support/src/flash_encryption/flash_encrypt.c
View File

@@ -437,6 +437,10 @@ static esp_err_t encrypt_partition(int index, const esp_partition_info_t *partit
if (should_encrypt) { if (should_encrypt) {
// Encrypt only the app image instead of encrypting the whole partition // Encrypt only the app image instead of encrypting the whole partition
size = image_data.image_len; size = image_data.image_len;
#if CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
// If secure update without secure boot, also encrypt the signature block
size += esp_secure_boot_sig_block_size();
#endif
} }
#endif #endif
} else if ((partition->type == PART_TYPE_DATA && partition->subtype == PART_SUBTYPE_DATA_OTA) } else if ((partition->type == PART_TYPE_DATA && partition->subtype == PART_SUBTYPE_DATA_OTA)