feedc0de/esp-idf
1
0
Fork 0
forked from espressif/esp-idf
Code Pull Requests Activity

bootloader: Call esp_partition_table_basic_verify() as part of standard boot

Browse Source 
Was previously only verified during flash encryption.
This commit is contained in:
Angus Gratton
2016-12-30 13:15:01 +11:00
parent d245f016ea
commit 76e61ded30
1 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
components/bootloader/src/main/bootloader_start.c
View File

@@ -40,6 +40,7 @@
#include "esp_image_format.h" #include "esp_image_format.h"
#include "esp_secure_boot.h" #include "esp_secure_boot.h"
#include "esp_flash_encrypt.h" #include "esp_flash_encrypt.h"
#include "esp_flash_partitions.h"
#include "bootloader_flash.h" #include "bootloader_flash.h"
#include "bootloader_config.h" #include "bootloader_config.h"
@@ -116,16 +117,14 @@ bool load_partition_table(bootloader_state_t* bs)
{ {
const esp_partition_info_t *partitions; const esp_partition_info_t *partitions;
const int ESP_PARTITION_TABLE_DATA_LEN = 0xC00; /* length of actual data (signature is appended to this) */ const int ESP_PARTITION_TABLE_DATA_LEN = 0xC00; /* length of actual data (signature is appended to this) */
const int MAX_PARTITIONS = ESP_PARTITION_TABLE_DATA_LEN / sizeof(esp_partition_info_t);
char *partition_usage; char *partition_usage;
esp_err_t err;
ESP_LOGI(TAG, "Partition Table:"); int num_partitions;
ESP_LOGI(TAG, "## Label Usage Type ST Offset Length");
#ifdef CONFIG_SECURE_BOOT_ENABLED #ifdef CONFIG_SECURE_BOOT_ENABLED
if(esp_secure_boot_enabled()) { if(esp_secure_boot_enabled()) {
ESP_LOGI(TAG, "Verifying partition table signature..."); ESP_LOGI(TAG, "Verifying partition table signature...");
esp_err_t err = esp_secure_boot_verify_signature(ESP_PARTITION_TABLE_ADDR, ESP_PARTITION_TABLE_DATA_LEN); err = esp_secure_boot_verify_signature(ESP_PARTITION_TABLE_ADDR, ESP_PARTITION_TABLE_DATA_LEN);
if (err != ESP_OK) { if (err != ESP_OK) {
ESP_LOGE(TAG, "Failed to verify partition table signature."); ESP_LOGE(TAG, "Failed to verify partition table signature.");
return false; return false;
@@ -141,17 +140,21 @@ bool load_partition_table(bootloader_state_t* bs)
} }
ESP_LOGD(TAG, "mapped partition table 0x%x at 0x%x", ESP_PARTITION_TABLE_ADDR, (intptr_t)partitions); ESP_LOGD(TAG, "mapped partition table 0x%x at 0x%x", ESP_PARTITION_TABLE_ADDR, (intptr_t)partitions);
for(int i = 0; i < MAX_PARTITIONS; i++) { err = esp_partition_table_basic_verify(partitions, true, &num_partitions);
if (err != ESP_OK) {
ESP_LOGE(TAG, "Failed to verify partition table");
return false;
}
ESP_LOGI(TAG, "Partition Table:");
ESP_LOGI(TAG, "## Label Usage Type ST Offset Length");
for(int i = 0; i < num_partitions; i++) {
const esp_partition_info_t *partition = &partitions[i]; const esp_partition_info_t *partition = &partitions[i];
ESP_LOGD(TAG, "load partition table entry 0x%x", (intptr_t)partition); ESP_LOGD(TAG, "load partition table entry 0x%x", (intptr_t)partition);
ESP_LOGD(TAG, "type=%x subtype=%x", partition->type, partition->subtype); ESP_LOGD(TAG, "type=%x subtype=%x", partition->type, partition->subtype);
partition_usage = "unknown"; partition_usage = "unknown";
if (partition->magic != ESP_PARTITION_MAGIC) {
/* invalid partition definition indicates end-of-table */
break;
}
/* valid partition table */ /* valid partition table */
switch(partition->type) { switch(partition->type) {
case PART_TYPE_APP: /* app partition */ case PART_TYPE_APP: /* app partition */