2021-05-09 22:56:51 -04:00
/*
2024-03-28 02:05:33 -04:00
* SPDX - FileCopyrightText : 2015 - 2024 Espressif Systems ( Shanghai ) CO LTD
2021-05-09 22:56:51 -04:00
*
* SPDX - License - Identifier : Apache - 2.0
*/
2017-06-27 03:25:30 -04:00
# pragma once
2016-11-01 19:41:58 -04:00
# include <stdbool.h>
# include <esp_err.h>
2019-05-13 06:02:45 -04:00
# include "soc/efuse_periph.h"
2022-05-23 00:36:02 -04:00
# include "soc/soc_caps.h"
2020-02-24 14:51:41 -05:00
# include "esp_image_format.h"
2020-07-13 09:57:24 -04:00
# include "esp_rom_efuse.h"
2018-07-19 01:15:37 -04:00
# include "sdkconfig.h"
2021-03-05 09:22:29 -05:00
# include "esp_rom_crc.h"
2021-12-22 09:18:43 -05:00
# include "hal/efuse_ll.h"
2020-07-13 09:57:24 -04:00
2023-12-07 04:24:11 -05:00
# if CONFIG_IDF_TARGET_ESP32
# include "esp32/rom/secure_boot.h"
# elif CONFIG_IDF_TARGET_ESP32S2
# include "esp32s2/rom/secure_boot.h"
# elif CONFIG_IDF_TARGET_ESP32C3
# include "esp32c3/rom/secure_boot.h"
# elif CONFIG_IDF_TARGET_ESP32S3
# include "esp32s3/rom/secure_boot.h"
# elif CONFIG_IDF_TARGET_ESP32C2
# include "esp32c2/rom/secure_boot.h"
# elif CONFIG_IDF_TARGET_ESP32C6
# include "esp32c6/rom/secure_boot.h"
# elif CONFIG_IDF_TARGET_ESP32H2
# include "esp32h2/rom/secure_boot.h"
# elif CONFIG_IDF_TARGET_ESP32P4
# include "esp32p4/rom/secure_boot.h"
# endif
2020-02-24 14:51:41 -05:00
# ifdef CONFIG_SECURE_BOOT_V1_ENABLED
2018-07-19 01:15:37 -04:00
# if !defined(CONFIG_SECURE_SIGNED_ON_BOOT) || !defined(CONFIG_SECURE_SIGNED_ON_UPDATE) || !defined(CONFIG_SECURE_SIGNED_APPS)
# error "internal sdkconfig error, secure boot should always enable all signature options"
# endif
# endif
2017-06-27 03:25:30 -04:00
# ifdef __cplusplus
extern " C " {
# endif
2016-11-01 19:41:58 -04:00
/* Support functions for secure boot features.
Can be compiled as part of app or bootloader code .
*/
2021-03-05 09:22:29 -05:00
# define ESP_SECURE_BOOT_DIGEST_LEN 32
2022-03-10 00:23:15 -05:00
# if CONFIG_IDF_TARGET_ESP32C2
# define ESP_SECURE_BOOT_KEY_DIGEST_LEN 16
# else
# define ESP_SECURE_BOOT_KEY_DIGEST_LEN 32
# endif
2021-06-16 19:21:36 -04:00
# ifdef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
# include "esp_efuse.h"
# include "esp_efuse_table.h"
# endif
2016-11-01 19:41:58 -04:00
/** @brief Is secure boot currently enabled in hardware?
*
2019-05-27 02:29:43 -04:00
* This means that the ROM bootloader code will only boot
* a verified secure bootloader from now on .
2016-11-01 19:41:58 -04:00
*
* @ return true if secure boot is enabled .
*/
2019-05-27 02:29:43 -04:00
static inline bool esp_secure_boot_enabled ( void )
{
# if CONFIG_IDF_TARGET_ESP32
2020-02-24 14:51:41 -05:00
# ifdef CONFIG_SECURE_BOOT_V1_ENABLED
2021-06-16 19:21:36 -04:00
# ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
2021-12-22 09:18:43 -05:00
return efuse_ll_get_secure_boot_v1_en ( ) ;
2021-06-16 19:21:36 -04:00
# else
return esp_efuse_read_field_bit ( ESP_EFUSE_ABS_DONE_0 ) ;
# endif
2020-02-24 14:51:41 -05:00
# elif CONFIG_SECURE_BOOT_V2_ENABLED
2021-06-16 19:21:36 -04:00
# ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
2021-12-22 09:18:43 -05:00
return efuse_ll_get_secure_boot_v2_en ( ) ;
2021-06-16 19:21:36 -04:00
# else
return esp_efuse_read_field_bit ( ESP_EFUSE_ABS_DONE_1 ) ;
# endif
2020-02-24 14:51:41 -05:00
# endif
2020-07-13 09:57:24 -04:00
# else
2021-06-16 19:21:36 -04:00
# ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
2021-12-22 09:18:43 -05:00
return efuse_ll_get_secure_boot_v2_en ( ) ;
2021-06-16 19:21:36 -04:00
# else
return esp_efuse_read_field_bit ( ESP_EFUSE_SECURE_BOOT_EN ) ;
# endif
2019-05-27 02:29:43 -04:00
# endif
2020-02-24 14:51:41 -05:00
return false ; /* Secure Boot not enabled in menuconfig */
2016-11-02 02:54:47 -04:00
}
2016-11-01 19:41:58 -04:00
2019-04-04 05:55:22 -04:00
/** @brief Generate secure digest from bootloader image
*
* @ important This function is intended to be called from bootloader code only .
*
2020-02-24 14:51:41 -05:00
* This function is only used in the context of the Secure Boot V1 scheme .
2020-11-10 02:40:01 -05:00
*
2019-04-04 05:55:22 -04:00
* If secure boot is not yet enabled for bootloader , this will :
* 1 ) generate the secure boot key and burn it on EFUSE
* ( without enabling R / W protection )
* 2 ) generate the digest from bootloader and save it
* to flash address 0x0
*
* If first boot gets interrupted after calling this function
* but before esp_secure_boot_permanently_enable ( ) is called , then
* the key burned on EFUSE will not be regenerated , unless manually
* done using espefuse . py tool
*
* @ return ESP_OK if secure boot digest is generated
* successfully or found to be already present
*/
esp_err_t esp_secure_boot_generate_digest ( void ) ;
2016-11-01 19:41:58 -04:00
2020-02-24 14:51:41 -05:00
/** @brief Enable secure boot V1 if it is not already enabled.
2016-11-01 19:41:58 -04:00
*
2020-02-24 14:51:41 -05:00
* @ important If this function succeeds , secure boot V1 is permanently
2016-11-01 19:41:58 -04:00
* enabled on the chip via efuse .
*
2016-11-02 02:54:47 -04:00
* @ important This function is intended to be called from bootloader code only .
*
2020-11-10 02:40:01 -05:00
* @ important In case of Secure Boot V1 , this will enable r / w protection
* of secure boot key on EFUSE , therefore it is to be ensured that
* esp_secure_boot_generate_digest ( ) is called before this . If secure boot is not
2020-02-24 14:51:41 -05:00
* yet enabled for bootloader , this will
2019-04-04 05:55:22 -04:00
* 1 ) enable R / W protection of secure boot key on EFUSE
* 2 ) enable secure boot by blowing the EFUSE_RD_ABS_DONE_0 efuse .
2016-11-02 02:54:47 -04:00
*
* This function does not verify secure boot of the bootloader ( the
* ROM bootloader does this . )
*
* Will fail if efuses have been part - burned in a way that indicates
* secure boot should not or could not be correctly enabled .
*
2016-11-01 19:41:58 -04:00
* @ return ESP_ERR_INVALID_STATE if efuse state doesn ' t allow
* secure boot to be enabled cleanly . ESP_OK if secure boot
* is enabled on this chip from now on .
*/
2016-11-02 02:54:47 -04:00
esp_err_t esp_secure_boot_permanently_enable ( void ) ;
2016-11-01 19:41:58 -04:00
2020-02-24 14:51:41 -05:00
/** @brief Enables secure boot V2 if it is not already enabled.
*
* @ important If this function succeeds , secure boot V2 is permanently
* enabled on the chip via efuse .
*
* @ important This function is intended to be called from bootloader code only .
2020-11-10 02:40:01 -05:00
*
* @ important In case of Secure Boot V2 , this will enable write protection
* of secure boot key on EFUSE in BLK2 . . If secure boot is not
2020-02-24 14:51:41 -05:00
* yet enabled for bootloader , this will
* 1 ) enable W protection of secure boot key on EFUSE
* 2 ) enable secure boot by blowing the EFUSE_RD_ABS_DONE_1 efuse .
2016-11-06 23:45:57 -05:00
*
2020-02-24 14:51:41 -05:00
* This function does not verify secure boot of the bootloader ( the
* ROM bootloader does this . )
*
* @ param image_data Image metadata of the application to be loaded .
2020-11-10 02:40:01 -05:00
*
2020-02-24 14:51:41 -05:00
* Will fail if efuses have been part - burned in a way that indicates
* secure boot should not or could not be correctly enabled .
*
* @ return ESP_ERR_INVALID_STATE if efuse state doesn ' t allow
* secure boot to be enabled cleanly . ESP_OK if secure boot
* is enabled on this chip from now on .
*/
esp_err_t esp_secure_boot_v2_permanently_enable ( const esp_image_metadata_t * image_data ) ;
/** @brief Verify the secure boot signature appended to some binary data in flash.
*
* For ECDSA Scheme ( Secure Boot V1 ) - deterministic ECDSA w / SHA256 image
* For RSA Scheme ( Secure Boot V2 ) - RSA - PSS Verification of the SHA - 256 image
2020-11-10 02:40:01 -05:00
*
2020-02-24 14:51:41 -05:00
* Public key is compiled into the calling program in the ECDSA Scheme .
* See the apt docs / security / secure - boot - v1 . rst or docs / security / secure - boot - v2 . rst for details .
2016-11-03 02:33:30 -04:00
*
* @ param src_addr Starting offset of the data in flash .
* @ param length Length of data in bytes . Signature is appended - after - length bytes .
*
2016-11-11 01:00:34 -05:00
* If flash encryption is enabled , the image will be transparently decrypted while being verified .
*
2020-02-16 00:51:42 -05:00
* @ note This function doesn ' t have any fault injection resistance so should not be called
* during a secure boot itself ( but can be called when verifying an update , etc . )
*
2016-11-03 02:33:30 -04:00
* @ return ESP_OK if signature is valid , ESP_ERR_INVALID_STATE if
* signature fails , ESP_FAIL for other failures ( ie can ' t read flash ) .
*/
esp_err_t esp_secure_boot_verify_signature ( uint32_t src_addr , uint32_t length ) ;
2016-11-01 19:41:58 -04:00
2016-11-11 01:00:34 -05:00
/** @brief Secure boot verification block, on-flash data format. */
typedef struct {
uint32_t version ;
uint8_t signature [ 64 ] ;
} esp_secure_boot_sig_block_t ;
2020-02-16 00:51:42 -05:00
/** @brief Verify the ECDSA secure boot signature block for Secure Boot V1.
*
* Calculates Deterministic ECDSA w / SHA256 based on the SHA256 hash of the image . ECDSA signature
* verification must be enabled in project configuration to use this function .
2020-02-24 14:51:41 -05:00
*
* Similar to esp_secure_boot_verify_signature ( ) , but can be used when the digest is precalculated .
2020-02-16 00:51:42 -05:00
* @ param sig_block Pointer to ECDSA signature block data
2020-02-24 14:51:41 -05:00
* @ param image_digest Pointer to 32 byte buffer holding SHA - 256 hash .
2020-02-16 00:51:42 -05:00
* @ param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes . ( Used during bootloader implementation only , result is invalid otherwise . )
2020-02-24 14:51:41 -05:00
*
*/
2020-02-16 00:51:42 -05:00
esp_err_t esp_secure_boot_verify_ecdsa_signature_block ( const esp_secure_boot_sig_block_t * sig_block , const uint8_t * image_digest , uint8_t * verified_digest ) ;
2022-03-17 09:58:15 -04:00
# if !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_FULL >= 300
2023-12-07 04:24:11 -05:00
# if CONFIG_SECURE_BOOT_V2_ENABLED || CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT
/** @brief Verify the secure boot signature block for Secure Boot V2.
*
* Performs RSA - PSS or ECDSA verification of the SHA - 256 image based on the public key
* in the signature block , compared against the public key digest stored in efuse .
*
* Similar to esp_secure_boot_verify_signature ( ) , but can be used when the digest is precalculated .
* @ param [ in ] sig_block Pointer to signature block data
* @ param [ in ] image_digest Pointer to 32 byte buffer holding SHA - 256 hash .
* @ param [ out ] verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes . ( Used during bootloader implementation only , result is invalid otherwise . )
*
*/
esp_err_t esp_secure_boot_verify_sbv2_signature_block ( const ets_secure_boot_signature_t * sig_block , const uint8_t * image_digest , uint8_t * verified_digest ) ;
# endif /* CONFIG_SECURE_BOOT_V2_ENABLED || CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT */
2021-03-05 09:22:29 -05:00
/**
* @ brief Structure to hold public key digests calculated from the signature blocks of a single image .
*
* Each image can have one or more signature blocks ( up to SECURE_BOOT_NUM_BLOCKS ) . Each signature block includes a public key .
*/
typedef struct {
2022-05-23 00:36:02 -04:00
uint8_t key_digests [ SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS ] [ ESP_SECURE_BOOT_DIGEST_LEN ] ; /* SHA of the public key components in the signature block */
2021-03-05 09:22:29 -05:00
unsigned num_digests ; /* Number of valid digests, starting at index 0 */
} esp_image_sig_public_key_digests_t ;
2020-02-16 00:51:42 -05:00
2022-03-17 09:58:15 -04:00
# endif // !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_FULL >= 300
2020-02-16 00:51:42 -05:00
/** @brief Legacy ECDSA verification function
*
* @ note Deprecated , call either esp_secure_boot_verify_ecdsa_signature_block ( ) or esp_secure_boot_verify_rsa_signature_block ( ) instead .
*
* @ param sig_block Pointer to ECDSA signature block data
* @ param image_digest Pointer to 32 byte buffer holding SHA - 256 hash .
*/
esp_err_t esp_secure_boot_verify_signature_block ( const esp_secure_boot_sig_block_t * sig_block , const uint8_t * image_digest )
__attribute__ ( ( deprecated ( " use esp_secure_boot_verify_ecdsa_signature_block instead " ) ) ) ;
2017-06-28 02:46:34 -04:00
2016-11-11 01:00:34 -05:00
# define FLASH_OFFS_SECURE_BOOT_IV_DIGEST 0
/** @brief Secure boot IV+digest header */
typedef struct {
uint8_t iv [ 128 ] ;
uint8_t digest [ 64 ] ;
} esp_secure_boot_iv_digest_t ;
2021-01-25 15:27:03 -05:00
/** @brief Check the secure boot V2 during startup
*
* @ note This function is called automatically during app startup ,
* it doesn ' t need to be called from the app .
*
* Verifies the secure boot config during startup :
*
* - Correct any insecure secure boot settings
*/
void esp_secure_boot_init_checks ( void ) ;
2022-03-10 00:23:15 -05:00
# if !BOOTLOADER_BUILD && (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME)
2021-03-12 00:07:20 -05:00
/** @brief Scan the current running app for signature blocks
*
* @ note This function doesn ' t verify that the signatures are valid or the
* corresponding public keys are trusted , it only reads the number of signature
* blocks present and optionally calculates the digests of the public keys
* provided in the signature blocks .
*
* @ param digest_public_keys If true , the key_digests fields in the
* public_key_digests structure will be filled with the digests of the public
* key provided in each signature block . Note that if Secure Boot V2 is enabled ,
* each public key will only be trusted if the same digest is also present in
* eFuse ( but this is not checked by this function ) .
*
* @ param public_key_digests [ out ] Structure is initialized with the num_digests
* field set to the number of signatures found . If digest_public_keys is set ,
* the public key digests are also calculated and stored here .
*
* @ return
* - ESP_OK - At least one signature was found
* - ESP_ERR_NOT_FOUND - No signatures were found , num_digests value will be zero
2024-03-28 02:05:33 -04:00
* - ESP_FAIL - An error occurred trying to read the signature blocks from flash
2021-03-12 00:07:20 -05:00
*/
esp_err_t esp_secure_boot_get_signature_blocks_for_running_app ( bool digest_public_keys , esp_image_sig_public_key_digests_t * public_key_digests ) ;
2022-03-10 00:23:15 -05:00
# endif // !BOOTLOADER_BUILD && (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME)
2021-03-12 00:07:20 -05:00
2021-06-16 19:21:36 -04:00
/** @brief Set all secure eFuse features related to secure_boot
*
2024-03-28 02:05:33 -04:00
* @ note
* This API needs to be called in the eFuse batch mode .
* i . e . A call to esp_efuse_batch_write_begin ( ) should be made prior to calling this API to start the batch mode
* After the API has been executed a call to esp_efuse_batch_write_commit ( ) / esp_efuse_batch_write_cancel ( )
* should be made accordingly .
2021-06-16 19:21:36 -04:00
* @ return
* - ESP_OK - Successfully
*/
esp_err_t esp_secure_boot_enable_secure_features ( void ) ;
2022-08-12 05:05:39 -04:00
/** @brief Returns the verification status for all physical security features of secure boot in release mode
*
* If the device has secure boot feature configured in the release mode ,
* then it is highly recommended to call this API in the application startup code .
* This API verifies the sanity of the eFuse configuration against
* the release ( production ) mode of the secure boot feature .
*
* @ return
* - True - all eFuses are configured correctly
* - False - not all eFuses are configured correctly .
*/
bool esp_secure_boot_cfg_verify_release_mode ( void ) ;
2023-07-04 00:48:47 -04:00
# if !defined(BOOTLOADER_BUILD) && SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY && CONFIG_SECURE_BOOT_V2_ENABLED
/** @brief Returns the verification status of the image pointed by the part_pos argument against the public key digest present at index `efuse_digest_index`
*
* @ param index [ in ] Index of public key digest present in efuse against which the image is to be verified
* @ param part_pos [ in ] It is a pointer to the bootloader / app partition .
*
* @ return
* - ESP_OK - if the image can be verified by the key at efuse_index .
* - ESP_FAIL - if the image cannot be verified by the key at efuse_index .
* - ESP_ERR_INVALID_ARG : Error in the passed arguments .
*/
esp_err_t esp_secure_boot_verify_with_efuse_digest_index ( int efuse_digest_index , esp_partition_pos_t * part_pos ) ;
# endif // !defined(BOOTLOADER_BUILD) && SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY && CONFIG_SECURE_BOOT_V2_ENABLED
2017-06-27 03:25:30 -04:00
# ifdef __cplusplus
}
2016-11-01 19:41:58 -04:00
# endif