Merge branch 'feature/secure_boot_dev_approach' into 'master'

feat(bootloader_support): Support SB-on app can do OTA on SB-off chip Closes IDFGH-12079 See merge request espressif/esp-idf!29027
2024-10-05 20:47:46 -04:00 · 2024-02-14 15:11:52 +08:00 · 2024-02-14 15:11:52 +08:00 · 07980dba2f
commit 07980dba2f
parent 4d90eedb6e 9b0eefee73
1 changed files with 19 additions and 19 deletions
--- a/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c
+++ b/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2015-2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2015-2024 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -143,27 +143,27 @@ esp_err_t esp_secure_boot_get_signature_blocks_for_running_app(bool digest_publi

 static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t *public_key_digests)
 {
-#ifdef CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
-    // Gets key digests from running app
-    ESP_LOGI(TAG, "Take trusted digest key(s) from running app");
-    return esp_secure_boot_get_signature_blocks_for_running_app(true, public_key_digests);
-#elif CONFIG_SECURE_BOOT_V2_ENABLED
-    ESP_LOGI(TAG, "Take trusted digest key(s) from eFuse block(s)");
-    // Read key digests from efuse
-    esp_secure_boot_key_digests_t efuse_trusted;
-    if (esp_secure_boot_read_key_digests(&efuse_trusted) == ESP_OK) {
-        for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
-            if (efuse_trusted.key_digests[i] != NULL) {
-                memcpy(public_key_digests->key_digests[i], (uint8_t *)efuse_trusted.key_digests[i], ESP_SECURE_BOOT_KEY_DIGEST_LEN);
-                public_key_digests->num_digests++;
+    if (!esp_secure_boot_enabled()) { // CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
+        // Gets key digests from running app
+        ESP_LOGI(TAG, "Take trusted digest key(s) from running app");
+        return esp_secure_boot_get_signature_blocks_for_running_app(true, public_key_digests);
+     } else { // CONFIG_SECURE_BOOT_V2_ENABLED
+        ESP_LOGI(TAG, "Take trusted digest key(s) from eFuse block(s)");
+        // Read key digests from efuse
+        esp_secure_boot_key_digests_t efuse_trusted;
+        if (esp_secure_boot_read_key_digests(&efuse_trusted) == ESP_OK) {
+            for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
+                if (efuse_trusted.key_digests[i] != NULL) {
+                    memcpy(public_key_digests->key_digests[i], (uint8_t *)efuse_trusted.key_digests[i], ESP_SECURE_BOOT_KEY_DIGEST_LEN);
+                    public_key_digests->num_digests++;
+                }
            }
        }
-    }
-    if (public_key_digests->num_digests > 0) {
-        return ESP_OK;
-    }
+        if (public_key_digests->num_digests > 0) {
+            return ESP_OK;
+        }
+     }
    return ESP_ERR_NOT_FOUND;
-#endif // CONFIG_SECURE_BOOT_V2_ENABLED
 }

 esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)