forked from espressif/esp-idf
esp32h2: add secure boot feature support
Closes IDF-6281
This commit is contained in:
Mahavir Jain
@@ -43,6 +43,8 @@
|
|||||||
#include "esp32c2/rom/secure_boot.h"
|
#include "esp32c2/rom/secure_boot.h"
|
||||||
#elif CONFIG_IDF_TARGET_ESP32C6
|
#elif CONFIG_IDF_TARGET_ESP32C6
|
||||||
#include "esp32c6/rom/secure_boot.h"
|
#include "esp32c6/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32H2
|
||||||
|
#include "esp32h2/rom/secure_boot.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define SUB_TYPE_ID(i) (i & 0x0F)
|
#define SUB_TYPE_ID(i) (i & 0x0F)
|
||||||
|
|||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
@@ -24,7 +24,11 @@ bootloader_sha256_handle_t bootloader_sha256_start()
|
|||||||
void bootloader_sha256_data(bootloader_sha256_handle_t handle, const void *data, size_t data_len)
|
void bootloader_sha256_data(bootloader_sha256_handle_t handle, const void *data, size_t data_len)
|
||||||
{
|
{
|
||||||
assert(handle != NULL);
|
assert(handle != NULL);
|
||||||
assert(data_len % 4 == 0);
|
/* H2 secure boot key field consists of 1 byte of curve identifier and 64 bytes of ECDSA public key.
|
||||||
|
* While verifying the signature block, we need to calculate the SHA of this key field which is of 65 bytes.
|
||||||
|
* ets_sha_update handles it cleanly so we can safely remove the check:
|
||||||
|
* assert(data_len % 4) == 0
|
||||||
|
*/
|
||||||
ets_sha_update(&ctx, data, data_len, false);
|
ets_sha_update(&ctx, data, data_len, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -14,22 +14,8 @@
|
|||||||
#include "esp_image_format.h"
|
#include "esp_image_format.h"
|
||||||
#include "esp_efuse.h"
|
#include "esp_efuse.h"
|
||||||
#include "esp_efuse_table.h"
|
#include "esp_efuse_table.h"
|
||||||
|
#include "secure_boot_signature_priv.h"
|
||||||
|
|
||||||
#if CONFIG_IDF_TARGET_ESP32
|
|
||||||
#include "esp32/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32S2
|
|
||||||
#include "esp32s2/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32C3
|
|
||||||
#include "esp32c3/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32S3
|
|
||||||
#include "esp32s3/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32H4
|
|
||||||
#include "esp32h4/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32C2
|
|
||||||
#include "esp32c2/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32C6
|
|
||||||
#include "esp32c6/rom/secure_boot.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
/* The following API implementations are used only when called
|
/* The following API implementations are used only when called
|
||||||
* from the bootloader code.
|
* from the bootloader code.
|
||||||
|
|||||||
@@ -19,6 +19,8 @@
|
|||||||
#include "esp32c2/rom/secure_boot.h"
|
#include "esp32c2/rom/secure_boot.h"
|
||||||
#elif CONFIG_IDF_TARGET_ESP32C6
|
#elif CONFIG_IDF_TARGET_ESP32C6
|
||||||
#include "esp32c6/rom/secure_boot.h"
|
#include "esp32c6/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32H2
|
||||||
|
#include "esp32h2/rom/secure_boot.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
esp_err_t verify_ecdsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block);
|
esp_err_t verify_ecdsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block);
|
||||||
|
|||||||
26
components/esp_rom/include/esp32h2/rom/ecdsa.h
Normal file
26
components/esp_rom/include/esp32h2/rom/ecdsa.h
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
/*
|
||||||
|
* SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
|
||||||
|
*
|
||||||
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
*/
|
||||||
|
|
||||||
|
#pragma once
|
||||||
|
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
extern "C" {
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#define ETS_DIGEST_LEN 32 /* SHA-256, bytes */
|
||||||
|
|
||||||
|
typedef enum {
|
||||||
|
ECDSA_CURVE_P192 = 1,
|
||||||
|
ECDSA_CURVE_P256 = 2
|
||||||
|
} ECDSA_CURVE;
|
||||||
|
|
||||||
|
int ets_ecdsa_verify(const uint8_t *key, const uint8_t *sig, ECDSA_CURVE curve_id, const uint8_t *digest, uint8_t *verified_digest);
|
||||||
|
|
||||||
|
#ifdef __cplusplus
|
||||||
|
}
|
||||||
|
#endif
|
||||||
@@ -1,5 +1,5 @@
|
|||||||
/*
|
/*
|
||||||
* SPDX-FileCopyrightText: 2021-2022 Espressif Systems (Shanghai) CO LTD
|
* SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
|
||||||
*
|
*
|
||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
@@ -9,6 +9,7 @@
|
|||||||
#include <stdint.h>
|
#include <stdint.h>
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include "ets_sys.h"
|
#include "ets_sys.h"
|
||||||
|
#include "ecdsa.h"
|
||||||
#include "rsa_pss.h"
|
#include "rsa_pss.h"
|
||||||
#include "esp_assert.h"
|
#include "esp_assert.h"
|
||||||
|
|
||||||
@@ -16,6 +17,8 @@
|
|||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if CONFIG_SECURE_BOOT_V2_ENABLED || CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT
|
||||||
|
|
||||||
typedef struct ets_secure_boot_sig_block ets_secure_boot_sig_block_t;
|
typedef struct ets_secure_boot_sig_block ets_secure_boot_sig_block_t;
|
||||||
typedef struct ets_secure_boot_signature ets_secure_boot_signature_t;
|
typedef struct ets_secure_boot_signature ets_secure_boot_signature_t;
|
||||||
typedef struct ets_secure_boot_key_digests ets_secure_boot_key_digests_t;
|
typedef struct ets_secure_boot_key_digests ets_secure_boot_key_digests_t;
|
||||||
@@ -69,6 +72,8 @@ void ets_secure_boot_revoke_public_key_digest(int index);
|
|||||||
|
|
||||||
(Up to 3 in a signature sector are appended to the image)
|
(Up to 3 in a signature sector are appended to the image)
|
||||||
*/
|
*/
|
||||||
|
#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME
|
||||||
|
|
||||||
struct ets_secure_boot_sig_block {
|
struct ets_secure_boot_sig_block {
|
||||||
uint8_t magic_byte;
|
uint8_t magic_byte;
|
||||||
uint8_t version;
|
uint8_t version;
|
||||||
@@ -81,6 +86,27 @@ struct ets_secure_boot_sig_block {
|
|||||||
uint8_t _padding[16];
|
uint8_t _padding[16];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#elif CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME
|
||||||
|
|
||||||
|
struct __attribute((packed)) ets_secure_boot_sig_block {
|
||||||
|
uint8_t magic_byte;
|
||||||
|
uint8_t version;
|
||||||
|
uint8_t _reserved1;
|
||||||
|
uint8_t _reserved2;
|
||||||
|
uint8_t image_digest[32];
|
||||||
|
struct {
|
||||||
|
struct {
|
||||||
|
uint8_t curve_id; /* ETS_ECDSA_CURVE_P192 / ETS_ECDSA_CURVE_P256 */
|
||||||
|
uint8_t point[64]; /* X followed by Y (both little-endian), plus zero bytes if P192 */
|
||||||
|
} key;
|
||||||
|
uint8_t signature[64]; /* r followed by s (both little-endian) */
|
||||||
|
uint8_t padding[1031];
|
||||||
|
} ecdsa;
|
||||||
|
uint32_t block_crc; /* note: crc covers all bytes in the structure before it, regardless of version field */
|
||||||
|
uint8_t _padding[16];
|
||||||
|
};
|
||||||
|
#endif
|
||||||
|
|
||||||
ESP_STATIC_ASSERT(sizeof(ets_secure_boot_sig_block_t) == 1216, "invalid sig block size");
|
ESP_STATIC_ASSERT(sizeof(ets_secure_boot_sig_block_t) == 1216, "invalid sig block size");
|
||||||
|
|
||||||
#define SECURE_BOOT_NUM_BLOCKS 3
|
#define SECURE_BOOT_NUM_BLOCKS 3
|
||||||
@@ -100,6 +126,8 @@ struct ets_secure_boot_key_digests {
|
|||||||
bool allow_key_revoke;
|
bool allow_key_revoke;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
#endif /* CONFIG_SECURE_BOOT_V2_ENABLED || CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT */
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|||||||
Reference in New Issue
Block a user