feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity
Files
ba717a298fe3983e7eba0c260488962eb712c3c6
esp-idf/components/bootloader_support/src/idf/secure_boot_signatures.c

282 lines
11 KiB
C
Raw Normal View History

Secure boot: initial image signature support
2016-11-03 17:33:30 +11:00
// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
#include "sdkconfig.h"
#include "bootloader_flash.h"
bootloader: Calculate SHA256 hash of image on every boot Makes app image booting more reliable (256-bit rather than 8-bit verification.) Some measurements, time to boot a 655KB app.bin file and run to app_main() execution. (All for rev 1 silicon, ie no 340ms spurious WDT delay.) 80MHz QIO mode: before = 300ms after = 140ms 40MHz DIO mode: before = 712ms after = 577ms 40MHz DIO mode, secure boot enabled before = 1380ms after = 934ms (Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-06-28 16:46:34 +10:00
#include "bootloader_sha.h"
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
#include "bootloader_utility.h"
Secure boot: initial image signature support
2016-11-03 17:33:30 +11:00
#include "esp_log.h"
#include "esp_image_format.h"
#include "esp_secure_boot.h"
secure boot: Use mbedtls_sha256() not esp_sha() Latter is probably compiled into most firmwares already, saves some size. Ref https://github.com/espressif/esp-idf/issues/3127
2019-03-08 16:16:55 +11:00
#include "mbedtls/sha256.h"
bootloader: use mbedTLS for secure boot verification in firmware
2019-01-04 12:48:28 +05:30
#include "mbedtls/x509.h"
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
#include "mbedtls/md.h"
#include "mbedtls/platform.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include <string.h>
#include <sys/param.h>
Secure boot: initial image signature support
2016-11-03 17:33:30 +11:00
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
#define DIGEST_LEN 32
#ifdef CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME
static const char *TAG = "secure_boot_v1";
Secure boot: initial image signature support
2016-11-03 17:33:30 +11:00
extern const uint8_t signature_verification_key_start[] asm("_binary_signature_verification_key_bin_start");
extern const uint8_t signature_verification_key_end[] asm("_binary_signature_verification_key_bin_end");
#define SIGNATURE_VERIFICATION_KEYLEN 64
esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
{
bootloader: Calculate SHA256 hash of image on every boot Makes app image booting more reliable (256-bit rather than 8-bit verification.) Some measurements, time to boot a 655KB app.bin file and run to app_main() execution. (All for rev 1 silicon, ie no 340ms spurious WDT delay.) 80MHz QIO mode: before = 300ms after = 140ms 40MHz DIO mode: before = 712ms after = 577ms 40MHz DIO mode, secure boot enabled before = 1380ms after = 934ms (Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-06-28 16:46:34 +10:00
uint8_t digest[DIGEST_LEN];
bootloader: Add fault injection resistance to Secure Boot bootloader verification Goal is that multiple faults would be required to bypass a boot-time signature check. - Also strengthens some address range checks for safe app memory addresses - Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32 Add some additional checks for invalid sections: - Sections only partially in DRAM or IRAM are invalid - If a section is in D/IRAM, allow the possibility only some is in D/IRAM - Only pass sections that are entirely in the same type of RTC memory region
2020-02-16 16:51:42 +11:00
uint8_t verified_digest[DIGEST_LEN];
Flash encryption: Support enabling flash encryption in bootloader, app support * App access functions are all flash encryption-aware * Documentation for flash encryption * Partition read/write is flash aware * New encrypted write function
2016-11-11 17:00:34 +11:00
const esp_secure_boot_sig_block_t *sigblock;
Secure boot: initial image signature support
2016-11-03 17:33:30 +11:00
ESP_LOGD(TAG, "verifying signature src_addr 0x%x length 0x%x", src_addr, length);
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
esp_err_t err = bootloader_sha256_flash_contents(src_addr, length, digest);
if (err != ESP_OK) {
ESP_LOGE(TAG, "Digest calculation failed 0x%x, 0x%x", src_addr, length);
return err;
Secure boot: initial image signature support
2016-11-03 17:33:30 +11:00
}
bootloader: Calculate SHA256 hash of image on every boot Makes app image booting more reliable (256-bit rather than 8-bit verification.) Some measurements, time to boot a 655KB app.bin file and run to app_main() execution. (All for rev 1 silicon, ie no 340ms spurious WDT delay.) 80MHz QIO mode: before = 300ms after = 140ms 40MHz DIO mode: before = 712ms after = 577ms 40MHz DIO mode, secure boot enabled before = 1380ms after = 934ms (Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-06-28 16:46:34 +10:00
// Map the signature block and verify the signature
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
sigblock = (const esp_secure_boot_sig_block_t *)bootloader_mmap(src_addr + length, sizeof(esp_secure_boot_sig_block_t));
if (sigblock == NULL) {
ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", src_addr + length, sizeof(esp_secure_boot_sig_block_t));
return ESP_FAIL;
}
bootloader: Add fault injection resistance to Secure Boot bootloader verification Goal is that multiple faults would be required to bypass a boot-time signature check. - Also strengthens some address range checks for safe app memory addresses - Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32 Add some additional checks for invalid sections: - Sections only partially in DRAM or IRAM are invalid - If a section is in D/IRAM, allow the possibility only some is in D/IRAM - Only pass sections that are entirely in the same type of RTC memory region
2020-02-16 16:51:42 +11:00
err = esp_secure_boot_verify_ecdsa_signature_block(sigblock, digest, verified_digest);
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
bootloader_munmap(sigblock);
bootloader: Calculate SHA256 hash of image on every boot Makes app image booting more reliable (256-bit rather than 8-bit verification.) Some measurements, time to boot a 655KB app.bin file and run to app_main() execution. (All for rev 1 silicon, ie no 340ms spurious WDT delay.) 80MHz QIO mode: before = 300ms after = 140ms 40MHz DIO mode: before = 712ms after = 577ms 40MHz DIO mode, secure boot enabled before = 1380ms after = 934ms (Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-06-28 16:46:34 +10:00
return err;
}
bootloader: Add fault injection resistance to Secure Boot bootloader verification Goal is that multiple faults would be required to bypass a boot-time signature check. - Also strengthens some address range checks for safe app memory addresses - Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32 Add some additional checks for invalid sections: - Sections only partially in DRAM or IRAM are invalid - If a section is in D/IRAM, allow the possibility only some is in D/IRAM - Only pass sections that are entirely in the same type of RTC memory region
2020-02-16 16:51:42 +11:00
esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest)
bootloader: Calculate SHA256 hash of image on every boot Makes app image booting more reliable (256-bit rather than 8-bit verification.) Some measurements, time to boot a 655KB app.bin file and run to app_main() execution. (All for rev 1 silicon, ie no 340ms spurious WDT delay.) 80MHz QIO mode: before = 300ms after = 140ms 40MHz DIO mode: before = 712ms after = 577ms 40MHz DIO mode, secure boot enabled before = 1380ms after = 934ms (Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-06-28 16:46:34 +10:00
{
secure boot: Ensure mbedTLS enables ECDSA if signatures are checked in app and all ECDSA to be disabled if secure boot is not enabled Previously if ECDSA disabled in config then secure_boot_signatures.c would fail to build (whether or not secure boot was enabled). To avoid breaking apps that might be using the signature scheme with custom OTA without enabling secure boot signatures in config, this change just disables this functionality if unavailable in mbedTLS config. Possible fix for root cause of https://github.com/espressif/esp-idf/pull/3703
2019-08-30 09:35:47 +10:00
#if !(defined(CONFIG_MBEDTLS_ECDSA_C) && defined(CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED))
ESP_LOGE(TAG, "Signature verification requires ECDSA & SECP256R1 curve enabled");
return ESP_ERR_NOT_SUPPORTED;
#else
bootloader: Calculate SHA256 hash of image on every boot Makes app image booting more reliable (256-bit rather than 8-bit verification.) Some measurements, time to boot a 655KB app.bin file and run to app_main() execution. (All for rev 1 silicon, ie no 340ms spurious WDT delay.) 80MHz QIO mode: before = 300ms after = 140ms 40MHz DIO mode: before = 712ms after = 577ms 40MHz DIO mode, secure boot enabled before = 1380ms after = 934ms (Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-06-28 16:46:34 +10:00
ptrdiff_t keylen;
bootloader: Add fault injection resistance to Secure Boot bootloader verification Goal is that multiple faults would be required to bypass a boot-time signature check. - Also strengthens some address range checks for safe app memory addresses - Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32 Add some additional checks for invalid sections: - Sections only partially in DRAM or IRAM are invalid - If a section is in D/IRAM, allow the possibility only some is in D/IRAM - Only pass sections that are entirely in the same type of RTC memory region
2020-02-16 16:51:42 +11:00
/* Note: in IDF app image verification we don't add any fault injection resistance, boot-time checks only */
memset(verified_digest, 0, DIGEST_LEN);
Secure boot: initial image signature support
2016-11-03 17:33:30 +11:00
keylen = signature_verification_key_end - signature_verification_key_start;
make bootloader_support depend on IDF_TARGET 1. move chip-specific code(e.g. encryption) into IDF_TARGET directory 2. splict app-only code to idf directory which won't be compiled into bootloader
2019-04-16 17:01:31 +08:00
if (keylen != SIGNATURE_VERIFICATION_KEYLEN) {
Secure boot: initial image signature support
2016-11-03 17:33:30 +11:00
ESP_LOGE(TAG, "Embedded public verification key has wrong length %d", keylen);
bootloader: Calculate SHA256 hash of image on every boot Makes app image booting more reliable (256-bit rather than 8-bit verification.) Some measurements, time to boot a 655KB app.bin file and run to app_main() execution. (All for rev 1 silicon, ie no 340ms spurious WDT delay.) 80MHz QIO mode: before = 300ms after = 140ms 40MHz DIO mode: before = 712ms after = 577ms 40MHz DIO mode, secure boot enabled before = 1380ms after = 934ms (Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-06-28 16:46:34 +10:00
return ESP_FAIL;
Secure boot: initial image signature support
2016-11-03 17:33:30 +11:00
}
bootloader: Calculate SHA256 hash of image on every boot Makes app image booting more reliable (256-bit rather than 8-bit verification.) Some measurements, time to boot a 655KB app.bin file and run to app_main() execution. (All for rev 1 silicon, ie no 340ms spurious WDT delay.) 80MHz QIO mode: before = 300ms after = 140ms 40MHz DIO mode: before = 712ms after = 577ms 40MHz DIO mode, secure boot enabled before = 1380ms after = 934ms (Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-06-28 16:46:34 +10:00
if (sig_block->version != 0) {
ESP_LOGE(TAG, "image has invalid signature version field 0x%08x", sig_block->version);
return ESP_FAIL;
}
Secure boot: initial image signature support
2016-11-03 17:33:30 +11:00
secure boot: Pad to avoid data after the signature mapping into the address space Because address space is mapped in 64KB pages, it was possible for unauthenticated data after the app .bin to become mapped into the flash cache address space. This problem is solved by 2 changes: * "esptool elf2image --secure-pad" will pad the image so that the signature block ends close to the 64KB boundary. Due to alignment constraints it will be 12 bytes too short after signing (but with flash encryption, these 12 bytes are still encrypted as part of the last block and can't be arbitrarily changed). * By default, secure boot now requires all app partitions to be a multiple of 64KB in size.
2018-07-13 11:52:57 +10:00
ESP_LOGD(TAG, "Verifying secure boot signature");
bootloader: use mbedTLS for secure boot verification in firmware
2019-01-04 12:48:28 +05:30
int ret;
mbedtls_mpi r, s;
mbedtls_mpi_init(&r);
mbedtls_mpi_init(&s);
/* Extract r and s components from RAW ECDSA signature of 64 bytes */
make bootloader_support depend on IDF_TARGET 1. move chip-specific code(e.g. encryption) into IDF_TARGET directory 2. splict app-only code to idf directory which won't be compiled into bootloader
2019-04-16 17:01:31 +08:00
#define ECDSA_INTEGER_LEN 32
bootloader: use mbedTLS for secure boot verification in firmware
2019-01-04 12:48:28 +05:30
ret = mbedtls_mpi_read_binary(&r, &sig_block->signature[0], ECDSA_INTEGER_LEN);
if (ret != 0) {
ESP_LOGE(TAG, "Failed mbedtls_mpi_read_binary(1), err:%d", ret);
return ESP_FAIL;
}
ret = mbedtls_mpi_read_binary(&s, &sig_block->signature[ECDSA_INTEGER_LEN], ECDSA_INTEGER_LEN);
if (ret != 0) {
ESP_LOGE(TAG, "Failed mbedtls_mpi_read_binary(2), err:%d", ret);
mbedtls_mpi_free(&r);
return ESP_FAIL;
}
/* Initialise ECDSA context */
mbedtls_ecdsa_context ecdsa_context;
mbedtls_ecdsa_init(&ecdsa_context);
mbedtls_ecp_group_load(&ecdsa_context.grp, MBEDTLS_ECP_DP_SECP256R1);
size_t plen = mbedtls_mpi_size(&ecdsa_context.grp.P);
make bootloader_support depend on IDF_TARGET 1. move chip-specific code(e.g. encryption) into IDF_TARGET directory 2. splict app-only code to idf directory which won't be compiled into bootloader
2019-04-16 17:01:31 +08:00
if (keylen != 2 * plen) {
bootloader: use mbedTLS for secure boot verification in firmware
2019-01-04 12:48:28 +05:30
ESP_LOGE(TAG, "Incorrect ECDSA key length %d", keylen);
ret = ESP_FAIL;
goto cleanup;
}
/* Extract X and Y components from ECDSA public key */
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.Q.X, signature_verification_key_start, plen));
MBEDTLS_MPI_CHK(mbedtls_mpi_read_binary(&ecdsa_context.Q.Y, signature_verification_key_start + plen, plen));
MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&ecdsa_context.Q.Z, 1));
ret = mbedtls_ecdsa_verify(&ecdsa_context.grp, image_digest, DIGEST_LEN, &ecdsa_context.Q, &r, &s);
ESP_LOGD(TAG, "Verification result %d", ret);
cleanup:
mbedtls_mpi_free(&r);
mbedtls_mpi_free(&s);
mbedtls_ecdsa_free(&ecdsa_context);
return ret == 0 ? ESP_OK : ESP_ERR_IMAGE_INVALID;
secure boot: Ensure mbedTLS enables ECDSA if signatures are checked in app and all ECDSA to be disabled if secure boot is not enabled Previously if ECDSA disabled in config then secure_boot_signatures.c would fail to build (whether or not secure boot was enabled). To avoid breaking apps that might be using the signature scheme with custom OTA without enabling secure boot signatures in config, this change just disables this functionality if unavailable in mbedTLS config. Possible fix for root cause of https://github.com/espressif/esp-idf/pull/3703
2019-08-30 09:35:47 +10:00
#endif // CONFIG_MBEDTLS_ECDSA_C && CONFIG_MBEDTLS_ECP_DP_SECP256R1_ENABLED
Secure boot: initial image signature support
2016-11-03 17:33:30 +11:00
}
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
#elif CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME
static const char *TAG = "secure_boot_v2";
#define ALIGN_UP(num, align) (((num) + ((align) - 1)) & ~((align) - 1))
#define RSA_KEY_SIZE 384 /* RSA 3072 Bits */
esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
{
uint8_t digest[DIGEST_LEN] = {0};
bootloader: Add fault injection resistance to Secure Boot bootloader verification Goal is that multiple faults would be required to bypass a boot-time signature check. - Also strengthens some address range checks for safe app memory addresses - Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32 Add some additional checks for invalid sections: - Sections only partially in DRAM or IRAM are invalid - If a section is in D/IRAM, allow the possibility only some is in D/IRAM - Only pass sections that are entirely in the same type of RTC memory region
2020-02-16 16:51:42 +11:00
uint8_t verified_digest[DIGEST_LEN] = {0};
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
/* Rounding off length to the upper 4k boundary */
bootloader: Add fault injection resistance to Secure Boot bootloader verification Goal is that multiple faults would be required to bypass a boot-time signature check. - Also strengthens some address range checks for safe app memory addresses - Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32 Add some additional checks for invalid sections: - Sections only partially in DRAM or IRAM are invalid - If a section is in D/IRAM, allow the possibility only some is in D/IRAM - Only pass sections that are entirely in the same type of RTC memory region
2020-02-16 16:51:42 +11:00
uint32_t padded_length = ALIGN_UP(length, FLASH_SECTOR_SIZE);
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
ESP_LOGD(TAG, "verifying signature src_addr 0x%x length 0x%x", src_addr, length);
esp_err_t err = bootloader_sha256_flash_contents(src_addr, padded_length, digest);
if (err != ESP_OK) {
ESP_LOGE(TAG, "Digest calculation failed 0x%x, 0x%x", src_addr, padded_length);
return err;
}
const ets_secure_boot_signature_t *sig_block = bootloader_mmap(src_addr + padded_length, sizeof(ets_secure_boot_signature_t));
if (sig_block == NULL) {
ESP_LOGE(TAG, "Failed to mmap data at offset 0x%x", src_addr + padded_length);
return ESP_FAIL;
}
bootloader: Add fault injection resistance to Secure Boot bootloader verification Goal is that multiple faults would be required to bypass a boot-time signature check. - Also strengthens some address range checks for safe app memory addresses - Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32 Add some additional checks for invalid sections: - Sections only partially in DRAM or IRAM are invalid - If a section is in D/IRAM, allow the possibility only some is in D/IRAM - Only pass sections that are entirely in the same type of RTC memory region
2020-02-16 16:51:42 +11:00
err = esp_secure_boot_verify_rsa_signature_block(sig_block, digest, verified_digest);
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
if (err != ESP_OK) {
ESP_LOGE(TAG, "Secure Boot V2 verification failed.");
}
bootloader_munmap(sig_block);
return err;
}
bootloader: Add fault injection resistance to Secure Boot bootloader verification Goal is that multiple faults would be required to bypass a boot-time signature check. - Also strengthens some address range checks for safe app memory addresses - Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32 Add some additional checks for invalid sections: - Sections only partially in DRAM or IRAM are invalid - If a section is in D/IRAM, allow the possibility only some is in D/IRAM - Only pass sections that are entirely in the same type of RTC memory region
2020-02-16 16:51:42 +11:00
esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest)
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
{
secure boot v2: Don't check efuse BLK2 if only boot-time signature verification is enabled
2020-04-24 14:41:42 +10:00
int i = 0;
#if CONFIG_SECURE_BOOT_V2_ENABLED /* Verify key against efuse block */
uint8_t efuse_trusted_digest[DIGEST_LEN] = {0}, sig_block_trusted_digest[DIGEST_LEN] = {0};
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
memcpy(efuse_trusted_digest, (uint8_t *) EFUSE_BLK2_RDATA0_REG, sizeof(efuse_trusted_digest));
bootloader: Add fault injection resistance to Secure Boot bootloader verification Goal is that multiple faults would be required to bypass a boot-time signature check. - Also strengthens some address range checks for safe app memory addresses - Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32 Add some additional checks for invalid sections: - Sections only partially in DRAM or IRAM are invalid - If a section is in D/IRAM, allow the possibility only some is in D/IRAM - Only pass sections that are entirely in the same type of RTC memory region
2020-02-16 16:51:42 +11:00
/* Note: in IDF verification we don't add any fault injection resistance, as we don't expect this to be called
during boot-time verification. */
memset(verified_digest, 0, DIGEST_LEN);
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
/* Generating the SHA of the public key components in the signature block */
bootloader_sha256_handle_t sig_block_sha;
sig_block_sha = bootloader_sha256_start();
bootloader_sha256_data(sig_block_sha, &sig_block->block[0].key, sizeof(sig_block->block[0].key));
bootloader_sha256_finish(sig_block_sha, (unsigned char *)sig_block_trusted_digest);
if (memcmp(efuse_trusted_digest, sig_block_trusted_digest, DIGEST_LEN) != 0) {
secure boot v2: Don't log warnings when BLK2 is empty as expected If BLK2 is empty then it's OK to continue with a warning (otherwise it may spook users into thinking something this is wrong, but this is the expected workflow.) If BLK2 is not empty and doesn't match then we need to fail because it won't be possible to trust the signature.
2020-04-24 14:40:24 +10:00
const uint8_t zeroes[DIGEST_LEN] = {0};
/* Can't continue if secure boot is enabled, OR if a different digest is already written in efuse BLK2
(If BLK2 is empty and Secure Boot is disabled then we assume that it will be enabled later.)
*/
if (esp_secure_boot_enabled() || memcmp(efuse_trusted_digest, zeroes, DIGEST_LEN) != 0) {
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
ESP_LOGE(TAG, "Public key digest in eFuse BLK2 and the signature block don't match.");
return ESP_FAIL;
}
}
secure boot v2: Don't check efuse BLK2 if only boot-time signature verification is enabled
2020-04-24 14:41:42 +10:00
#endif
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
ESP_LOGI(TAG, "Verifying with RSA-PSS...");
int ret = 0;
mbedtls_rsa_context pk;
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
unsigned char *sig_be = calloc(1, RSA_KEY_SIZE);
unsigned char *buf = calloc(1, RSA_KEY_SIZE);
if (sig_be == NULL || buf == NULL) {
return ESP_ERR_NO_MEM;
}
mbedtls_entropy_init(&entropy);
bootloader_support: initialize mbedtls_ctr_drbg_context per mbedtls v2.16.5 requirement In commit 02d2903e39e87f185c5af9029b2c09c0943b8b05, mbedtls was updated to release v2.16.5, where it was made mandatory to initialize mbedtls_ctr_drbg_context before using same. It was fixed in wpa supplicant but missed out in secure boot v2 verification code. This commit fixes that.
2020-03-20 20:42:10 +05:30
mbedtls_ctr_drbg_init(&ctr_drbg);
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:21:41 +05:30
ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0);
if (ret != 0) {
ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned -0x%04x\n", ret);
goto exit;
}
for (i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
const mbedtls_mpi N = { .s = 1,
.n = sizeof(sig_block->block[i].key.n)/sizeof(mbedtls_mpi_uint),
.p = (void *)sig_block->block[i].key.n,
};
const mbedtls_mpi e = { .s = 1,
.n = sizeof(sig_block->block[i].key.e)/sizeof(mbedtls_mpi_uint), // 1
.p = (void *)&sig_block->block[i].key.e,
};
mbedtls_rsa_init(&pk, MBEDTLS_RSA_PKCS_V21, MBEDTLS_MD_SHA256);
ret = mbedtls_rsa_import(&pk, &N, NULL, NULL, NULL, &e);
if (ret != 0) {
ESP_LOGE(TAG, "Failed mbedtls_rsa_import, err: %d", ret);
goto exit;
}
ret = mbedtls_rsa_complete(&pk);
if (ret != 0) {
ESP_LOGE(TAG, "Failed mbedtls_rsa_complete, err: %d", ret);
goto exit;
}
ret = mbedtls_rsa_check_pubkey(&pk);
if (ret != 0) {
ESP_LOGI(TAG, "Key is not an RSA key -%0x", -ret);
goto exit;
}
/* Signature needs to be byte swapped into BE representation */
for (int j = 0; j < RSA_KEY_SIZE; j++) {
sig_be[RSA_KEY_SIZE- j - 1] = sig_block->block[i].signature[j];
}
ret = mbedtls_rsa_public( &pk, sig_be, buf);
if (ret != 0) {
ESP_LOGE(TAG, "mbedtls_rsa_public failed, err: %d", ret);
goto exit;
}
ret = mbedtls_rsa_rsassa_pss_verify( &pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, 32,
sig_block->block[i].image_digest, sig_be);
if (ret != 0) {
ESP_LOGE(TAG, "Failed mbedtls_rsa_rsassa_pss_verify, err: %d", ret);
} else {
ESP_LOGI(TAG, "Signature verified successfully!");
}
exit:
mbedtls_rsa_free(&pk);
if (ret == 0) {
break;
}
}
free(sig_be);
free(buf);
return (!ret) ? ESP_OK : ESP_ERR_IMAGE_INVALID;
}
#endif
Copy Permalink