feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

Merge branch 'bugfix/secure_boot_enable' into 'master'

Browse Source 
Fix regression when enabling secure boot

See merge request !1120
This commit is contained in:
Angus Gratton
2017-08-29 08:44:13 +08:00
parent 3161854efb 7755015f4f
commit 3c992f872f
2 changed files with 48 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
components/bootloader/subproject/main/bootloader_start.c
View File

@@ -262,8 +262,8 @@ static esp_partition_pos_t index_to_partition(const bootloader_state_t *bs, int
return bs->test; return bs->test;
} }
if (index >= 0 && index < MAX_OTA_SLOTS) { if (index >= 0 && index < MAX_OTA_SLOTS && index < bs->app_count) {
return bs->ota[index % bs->app_count]; return bs->ota[index];
} }
esp_partition_pos_t invalid = { 0 }; esp_partition_pos_t invalid = { 0 };
@@ -272,15 +272,16 @@ static esp_partition_pos_t index_to_partition(const bootloader_state_t *bs, int
static void log_invalid_app_partition(int index) static void log_invalid_app_partition(int index)
{ {
const char *not_bootable = " is not bootable"; /* save a few string literal bytes */
switch(index) { switch(index) {
case FACTORY_INDEX: case FACTORY_INDEX:
ESP_LOGE(TAG, "Factory app partition is not bootable"); ESP_LOGE(TAG, "Factory app partition%s", not_bootable);
break; break;
case TEST_APP_INDEX: case TEST_APP_INDEX:
ESP_LOGE(TAG, "Factory test app partition is not bootable"); ESP_LOGE(TAG, "Factory test app partition%s", not_bootable);
break; break;
default: default:
ESP_LOGE(TAG, "OTA app partition slot %d is not bootable", index); ESP_LOGE(TAG, "OTA app partition slot %d%s", index, not_bootable);
break; break;
} }
} }
@@ -367,6 +368,8 @@ static bool try_load_partition(const esp_partition_pos_t *partition, esp_image_m
return false; return false;
} }
#define TRY_LOG_FORMAT "Trying partition index %d offs 0x%x size 0x%x"
/* Load the app for booting. Start from partition 'start_index', if not bootable then work backwards to FACTORY_INDEX /* Load the app for booting. Start from partition 'start_index', if not bootable then work backwards to FACTORY_INDEX
* (ie try any OTA slots in descending order and then the factory partition). * (ie try any OTA slots in descending order and then the factory partition).
* *
@@ -382,29 +385,29 @@ static bool load_boot_image(const bootloader_state_t *bs, int start_index, esp_i
esp_partition_pos_t part; esp_partition_pos_t part;
/* work backwards from start_index, down to the factory app */ /* work backwards from start_index, down to the factory app */
do { for(index = start_index; index >= FACTORY_INDEX; index--) {
ESP_LOGD(TAG, "Trying partition index %d...", index);
part = index_to_partition(bs, index); part = index_to_partition(bs, index);
ESP_LOGD(TAG, "part offs 0x%x size 0x%x", part.offset, part.size); if (part.size == 0) {
if (try_load_partition(&part, result)) { continue;
return true;
} }
if (part.size > 0) { ESP_LOGD(TAG, TRY_LOG_FORMAT, index, part.offset, part.size);
log_invalid_app_partition(index); if (try_load_partition(&part, result)) {
} return true;
index--; }
} while(index >= FACTORY_INDEX); log_invalid_app_partition(index);
}
/* failing that work forwards from start_index, try valid OTA slots */
index = start_index + 1; /* failing that work forwards from start_index, try valid OTA slots */
while (index < bs->app_count) { for(index = start_index + 1; index < bs->app_count; index++) {
ESP_LOGD(TAG, "Trying partition index %d...", index); part = index_to_partition(bs, index);
part = index_to_partition(bs, index); if (part.size == 0) {
continue;
}
ESP_LOGD(TAG, TRY_LOG_FORMAT, index, part.offset, part.size);
if (try_load_partition(&part, result)) { if (try_load_partition(&part, result)) {
return true; return true;
} }
log_invalid_app_partition(index); log_invalid_app_partition(index);
index++;
} }
if (try_load_partition(&bs->test, result)) { if (try_load_partition(&bs->test, result)) {

35
components/bootloader_support/src/esp_image_format.c
View File

@@ -65,7 +65,7 @@ static esp_err_t verify_segment_header(int index, const esp_image_segment_header
static esp_err_t verify_checksum(bootloader_sha256_handle_t sha_handle, uint32_t checksum_word, esp_image_metadata_t *data); static esp_err_t verify_checksum(bootloader_sha256_handle_t sha_handle, uint32_t checksum_word, esp_image_metadata_t *data);
static esp_err_t __attribute__((unused)) verify_secure_boot(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data); static esp_err_t __attribute__((unused)) verify_secure_boot_signature(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data);
static esp_err_t __attribute__((unused)) verify_simple_hash(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data); static esp_err_t __attribute__((unused)) verify_simple_hash(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data);
esp_err_t esp_image_load(esp_image_load_mode_t mode, const esp_partition_pos_t *part, esp_image_metadata_t *data) esp_err_t esp_image_load(esp_image_load_mode_t mode, const esp_partition_pos_t *part, esp_image_metadata_t *data)
@@ -159,21 +159,32 @@ goto err;
FAIL_LOAD("Image length %d doesn't fit in partition length %d", data->image_len, part->size); FAIL_LOAD("Image length %d doesn't fit in partition length %d", data->image_len, part->size);
} }
bool is_bootloader = (data->start_addr == ESP_BOOTLOADER_OFFSET);
/* For secure boot, we don't verify signature on bootloaders.
For non-secure boot, we don't verify any SHA-256 hash appended to the bootloader because esptool.py may have
rewritten the header - rely on esptool.py having verified the bootloader at flashing time, instead.
*/
if (!is_bootloader) {
#ifdef CONFIG_SECURE_BOOT_ENABLED #ifdef CONFIG_SECURE_BOOT_ENABLED
err = verify_secure_boot(sha_handle, data); // secure boot images have a signature appended
err = verify_secure_boot_signature(sha_handle, data);
#else
// No secure boot, but SHA-256 can be appended for basic corruption detection
if (sha_handle != NULL) {
err = verify_simple_hash(sha_handle, data);
}
#endif // CONFIG_SECURE_BOOT_ENABLED
} else { // is_bootloader
// bootloader may still have a sha256 digest handle open
if (sha_handle != NULL) {
bootloader_sha256_finish(sha_handle, NULL);
}
}
sha_handle = NULL; sha_handle = NULL;
if (err != ESP_OK) { if (err != ESP_OK) {
goto err; goto err;
} }
#else // No secure boot, but SHA-256 can be appended for basic corruption detection
if (sha_handle != NULL) {
err = verify_simple_hash(sha_handle, data);
sha_handle = NULL;
if (err != ESP_OK) {
goto err;
}
}
#endif
#ifdef BOOTLOADER_BUILD #ifdef BOOTLOADER_BUILD
if (do_load) { // Need to deobfuscate RAM if (do_load) { // Need to deobfuscate RAM
@@ -446,7 +457,7 @@ static esp_err_t verify_checksum(bootloader_sha256_handle_t sha_handle, uint32_t
static void debug_log_hash(const uint8_t *image_hash, const char *caption); static void debug_log_hash(const uint8_t *image_hash, const char *caption);
static esp_err_t verify_secure_boot(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data) static esp_err_t verify_secure_boot_signature(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data)
{ {
uint8_t image_hash[HASH_LEN] = { 0 }; uint8_t image_hash[HASH_LEN] = { 0 };