Merge branch 'bugfix/secure_boot_sig_verify' into 'master'

secure boot: Fix incorrect handling of mbedtls_ctr_drbg_seed() failure in signature verification

See merge request espressif/esp-idf!14300

components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c

@@ -182,7 +182,7 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
     ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy, NULL, 0);
     if (ret != 0) {
         ESP_LOGE(TAG, "mbedtls_ctr_drbg_seed returned -0x%04x\n", ret);
-        goto exit;
+        goto exit_outer;
     }
 
 #ifdef CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
@@ -234,19 +234,19 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
         ret = mbedtls_rsa_import(&pk, &N, NULL, NULL, NULL, &e);
         if (ret != 0) {
             ESP_LOGE(TAG, "Failed mbedtls_rsa_import, err: %d", ret);
-            goto exit;
+            goto exit_inner;
         }
 
         ret = mbedtls_rsa_complete(&pk);
         if (ret != 0) {
             ESP_LOGE(TAG, "Failed mbedtls_rsa_complete, err: %d", ret);
-            goto exit;
+            goto exit_inner;
         }
 
         ret = mbedtls_rsa_check_pubkey(&pk);
         if (ret != 0) {
             ESP_LOGI(TAG, "Key is not an RSA key -%0x", -ret);
-            goto exit;
+            goto exit_inner;
         }
 
         /* Signature needs to be byte swapped into BE representation */
@@ -257,7 +257,7 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
         ret = mbedtls_rsa_public( &pk, sig_be, buf);
         if (ret != 0) {
             ESP_LOGE(TAG, "mbedtls_rsa_public failed, err: %d", ret);
-            goto exit;
+            goto exit_inner;
         }
 
         ret = mbedtls_rsa_rsassa_pss_verify( &pk, mbedtls_ctr_drbg_random, &ctr_drbg, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA256, ESP_SECURE_BOOT_DIGEST_LEN,
@@ -267,13 +267,14 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
         } else {
             ESP_LOGI(TAG, "Signature verified successfully!");
         }
-exit:
+exit_inner:
         mbedtls_rsa_free(&pk);
         if (ret == 0) {
             break;
         }
     }
 
+ exit_outer:
     free(sig_be);
     free(buf);
     return (ret != 0 || any_trusted_key == false) ? ESP_ERR_IMAGE_INVALID: ESP_OK;

tools/test_apps/security/secure_boot/README.md

@@ -1,5 +1,5 @@
-| Supported Targets | ESP32 |
+| Supported Targets | ESP32 | ESP32-S2 |
-| ----------------- | ----- |
+| ----------------- | ----- | -------- |
 
 # Secure Boot
 

tools/test_apps/security/secure_boot/main/CMakeLists.txt

@@ -1,2 +1,8 @@
-idf_component_register(SRCS "secure_boot_main.c"
+
-                    INCLUDE_DIRS ".")
+if(CONFIG_IDF_TARGET_ESP32)
+    set(main_src "secure_boot_main_esp32.c")
+else()
+    set(main_src "secure_boot_main.c")
+endif()
+
+idf_component_register(SRCS "${main_src}" INCLUDE_DIRS ".")

tools/test_apps/security/secure_boot/main/secure_boot_main.c

@@ -11,6 +11,7 @@
 #include "freertos/task.h"
 #include "soc/efuse_reg.h"
 #include "esp_efuse.h"
+#include "esp_secure_boot.h"
 #include "esp_system.h"
 #include "esp_spi_flash.h"
 #include "esp_log.h"
@@ -36,10 +37,7 @@ static void example_print_chip_info(void)
     /* Print chip information */
     esp_chip_info_t chip_info;
     esp_chip_info(&chip_info);
-    printf("This is ESP32 chip with %d CPU cores, WiFi%s%s, ",
+    printf("This is %s chip with %d CPU cores\n", CONFIG_IDF_TARGET, chip_info.cores);
-            chip_info.cores,
-            (chip_info.features & CHIP_FEATURE_BT) ? "/BT" : "",
-            (chip_info.features & CHIP_FEATURE_BLE) ? "/BLE" : "");
 
     printf("silicon revision %d, ", chip_info.revision);
 
@@ -51,46 +49,23 @@ static void example_print_chip_info(void)
 
 static void example_secure_boot_status(void)
 {
-    uint32_t efuse_block0 = REG_READ(EFUSE_BLK0_RDATA6_REG);
+    ets_secure_boot_key_digests_t trusted_keys = { 0};
 
-#ifdef CONFIG_ESP32_REV_MIN_3
+    ESP_LOGI(TAG, "Checking for Secure Boot..");
-    uint8_t efuse_trusted_digest[DIGEST_LEN] = {0}, i;
+    if(esp_secure_boot_enabled()) {
-    ESP_LOGI(TAG, "Checking for secure boot v2..");
+        ESP_LOGI(TAG, "Secure Boot is enabled");
-    if(efuse_block0 & EFUSE_RD_ABS_DONE_1) {
+        ESP_ERROR_CHECK( esp_secure_boot_read_key_digests(&trusted_keys) );
-        ESP_LOGI(TAG, "ABS_DONE_1 is set. Secure Boot V2 enabled");
+
-        memcpy(efuse_trusted_digest, (uint8_t *)EFUSE_BLK2_RDATA0_REG, DIGEST_LEN);
+        unsigned total = 0;
-        ESP_LOGI(TAG,  "Reading the public key digest from BLK2.");
+        for (int i = 0; i < MAX_KEY_DIGESTS; i++) {
-        for (i = 0; i < DIGEST_LEN; i++) {
+            ESP_LOGI(TAG, "Key slot %d:", i);
-            ESP_LOGI(TAG, "%02x \t", efuse_trusted_digest[i]);
+            if (trusted_keys.key_digests[i]) {
+                ESP_LOG_BUFFER_HEXDUMP("trusted key", trusted_keys.key_digests[i], DIGEST_LEN, ESP_LOG_INFO);
+                total++;
             }
-        return;
+        }
+        ESP_LOGI(TAG, "Total %d trusted public keys", total);
     } else {
-        ESP_LOGI(TAG, "Secure boot v2 not enabled. Enable Secure Boot V2 in menuconfig, build & flash again.");
+        ESP_LOGI(TAG, "Secure Boot not enabled. Enable Secure Boot in menuconfig, build & flash again.");
-    }
-#endif
-
-    ESP_LOGI(TAG, "Checking for secure boot v1..");
-    uint32_t dis_reg = REG_READ(EFUSE_BLK0_RDATA0_REG);
-    if (efuse_block0 & EFUSE_RD_ABS_DONE_0) {
-    ESP_LOGI(TAG, "ABS_DONE_0 is set. Secure Boot V1 enabled");
-#ifdef CONFIG_ESP32_REV_MIN_3
-    ESP_LOGW(TAG, "This chip version supports Secure Boot V2. It is recommended to use Secure Boot V2.");
-#endif
-        bool efuse_key_read_protected = dis_reg & EFUSE_RD_DIS_BLK2;
-        bool efuse_key_write_protected = dis_reg & EFUSE_WR_DIS_BLK2;
-
-        ESP_LOGI(TAG, "Checking the integrityof the key in BLK2..");
-        if (!efuse_key_read_protected) {
-            ESP_LOGE(TAG, "Key is not read protected. Refusing to blow secure boot efuse.");
-            return;
-        }
-        if (!efuse_key_write_protected) {
-            ESP_LOGE(TAG, "Key is not write protected. Refusing to blow secure boot efuse.");
-            return;
-        }
-        ESP_LOGI(TAG, "Key is read/write protected in eFuse.");
-        return;
-    } else {
-        ESP_LOGI(TAG, "Secure Boot V1 not enabled. Enable Secure Boot in menuconfig, build & flash again.");
     }
 }

tools/test_apps/security/secure_boot/main/secure_boot_main_esp32.c

@@ -0,0 +1,96 @@
+/* Flash encryption Example
+
+   This example code is in the Public Domain (or CC0 licensed, at your option.)
+
+   Unless required by applicable law or agreed to in writing, this
+   software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+   CONDITIONS OF ANY KIND, either express or implied.
+*/
+#include <stdio.h>
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "soc/efuse_reg.h"
+#include "esp_efuse.h"
+#include "esp_system.h"
+#include "esp_spi_flash.h"
+#include "esp_log.h"
+#include "esp_efuse_table.h"
+#include <string.h>
+
+static void example_print_chip_info(void);
+static void example_secure_boot_status(void);
+
+#define TAG "example_secure_boot"
+
+void app_main(void)
+{
+    printf("\nExample to check Secure Boot status\n");
+
+    example_print_chip_info();
+    example_secure_boot_status();
+}
+
+
+static void example_print_chip_info(void)
+{
+    /* Print chip information */
+    esp_chip_info_t chip_info;
+    esp_chip_info(&chip_info);
+    printf("This is ESP32 chip with %d CPU cores, WiFi%s%s, ",
+            chip_info.cores,
+            (chip_info.features & CHIP_FEATURE_BT) ? "/BT" : "",
+            (chip_info.features & CHIP_FEATURE_BLE) ? "/BLE" : "");
+
+    printf("silicon revision %d, ", chip_info.revision);
+
+    printf("%dMB %s flash\n", spi_flash_get_chip_size() / (1024 * 1024),
+            (chip_info.features & CHIP_FEATURE_EMB_FLASH) ? "embedded" : "external");
+}
+
+#define DIGEST_LEN 32
+
+static void example_secure_boot_status(void)
+{
+    uint32_t efuse_block0 = REG_READ(EFUSE_BLK0_RDATA6_REG);
+
+#ifdef CONFIG_ESP32_REV_MIN_3
+    uint8_t efuse_trusted_digest[DIGEST_LEN] = {0}, i;
+    ESP_LOGI(TAG, "Checking for secure boot v2..");
+    if(efuse_block0 & EFUSE_RD_ABS_DONE_1) {
+        ESP_LOGI(TAG, "ABS_DONE_1 is set. Secure Boot V2 enabled");
+        memcpy(efuse_trusted_digest, (uint8_t *)EFUSE_BLK2_RDATA0_REG, DIGEST_LEN);
+        ESP_LOGI(TAG,  "Reading the public key digest from BLK2.");
+        for (i = 0; i < DIGEST_LEN; i++) {
+            ESP_LOGI(TAG, "%02x \t", efuse_trusted_digest[i]);
+        }
+        return;
+    } else {
+        ESP_LOGI(TAG, "Secure boot v2 not enabled. Enable Secure Boot V2 in menuconfig, build & flash again.");
+    }
+#endif
+
+    ESP_LOGI(TAG, "Checking for secure boot v1..");
+    uint32_t dis_reg = REG_READ(EFUSE_BLK0_RDATA0_REG);
+    if (efuse_block0 & EFUSE_RD_ABS_DONE_0) {
+    ESP_LOGI(TAG, "ABS_DONE_0 is set. Secure Boot V1 enabled");
+#ifdef CONFIG_ESP32_REV_MIN_3
+    ESP_LOGW(TAG, "This chip version supports Secure Boot V2. It is recommended to use Secure Boot V2.");
+#endif
+        bool efuse_key_read_protected = dis_reg & EFUSE_RD_DIS_BLK2;
+        bool efuse_key_write_protected = dis_reg & EFUSE_WR_DIS_BLK2;
+
+        ESP_LOGI(TAG, "Checking the integrityof the key in BLK2..");
+        if (!efuse_key_read_protected) {
+            ESP_LOGE(TAG, "Key is not read protected. Refusing to blow secure boot efuse.");
+            return;
+        }
+        if (!efuse_key_write_protected) {
+            ESP_LOGE(TAG, "Key is not write protected. Refusing to blow secure boot efuse.");
+            return;
+        }
+        ESP_LOGI(TAG, "Key is read/write protected in eFuse.");
+        return;
+    } else {
+        ESP_LOGI(TAG, "Secure Boot V1 not enabled. Enable Secure Boot in menuconfig, build & flash again.");
+    }
+}

tools/test_apps/security/secure_boot/sdkconfig.ci.04

@@ -3,4 +3,4 @@ CONFIG_IDF_TARGET="esp32s2"
 CONFIG_SECURE_BOOT=y
 CONFIG_SECURE_BOOT_SIGNING_KEY="test_rsa_3072_key.pem"
 CONFIG_SECURE_FLASH_ENC_ENABLED=y
-SECURE_FLASH_ENCRYPTION_MODE_RELEASE=y
+CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE=y

tools/test_apps/security/secure_boot/sdkconfig.defaults

@@ -4,3 +4,6 @@
 # If you find yourself needing to edit this in the future, it's a sign the
 # bootloader is bloating out!
 CONFIG_PARTITION_TABLE_OFFSET=0xC000
+
+# Maximize the number of possible build warnings
+CONFIG_COMPILER_OPTIMIZATION_PERF=y