Merge branch 'bugfix/secure_boot_v2_fixes_v4.1' into 'release/v4.1'

Small secure boot v2 fixes (v4.1) See merge request espressif/esp-idf!9019
2024-10-05 20:47:46 -04:00 · 2020-06-03 12:34:55 +08:00 · 2020-06-03 12:34:55 +08:00 · 0ea6d39686
commit 0ea6d39686
parent 69895387ee b00f38f91c
2 changed files with 29 additions and 7 deletions
--- a/components/bootloader_support/src/esp32/secure_boot_signatures.c
+++ b/components/bootloader_support/src/esp32/secure_boot_signatures.c
@ -137,13 +137,13 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)

 esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest)
 {
+    secure_boot_v2_status_t r;
    uint8_t efuse_trusted_digest[DIGEST_LEN] = {0}, sig_block_trusted_digest[DIGEST_LEN] = {0};

-    secure_boot_v2_status_t r;
    memcpy(efuse_trusted_digest, (uint8_t *)EFUSE_BLK2_RDATA0_REG, DIGEST_LEN); /* EFUSE_BLK2_RDATA0_REG - Stores the Secure Boot Public Key Digest */

    if (!ets_use_secure_boot_v2()) {
-        ESP_LOGI(TAG, "Secure Boot EFuse bit(ABS_DONE_1) not yet programmed.");
+        ESP_LOGI(TAG, "Secure Boot eFuse bit(ABS_DONE_1) not yet programmed.");

        /* Generating the SHA of the public key components in the signature block */
        bootloader_sha256_handle_t sig_block_sha;
@ -151,10 +151,25 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
        bootloader_sha256_data(sig_block_sha, &sig_block->block[0].key, sizeof(sig_block->block[0].key));
        bootloader_sha256_finish(sig_block_sha, (unsigned char *)sig_block_trusted_digest);

+#if CONFIG_SECURE_BOOT_V2_ENABLED
        if (memcmp(efuse_trusted_digest, sig_block_trusted_digest, DIGEST_LEN) != 0) {
-            ESP_LOGW(TAG, "Public key digest in eFuse BLK2 and the signature block don't match.");
+            /* Most likely explanation for this is that BLK2 is empty, and we're going to burn it
+               after we verify that the signature is valid. However, if BLK2 is not empty then we need to
+               fail here.
+            */
+            bool all_zeroes = true;
+            for (int i = 0; i < DIGEST_LEN; i++) {
+                all_zeroes = all_zeroes && (efuse_trusted_digest[i] == 0);
+            }
+            if (!all_zeroes) {
+                ESP_LOGE(TAG, "Different public key digest burned to eFuse BLK2");
+                return ESP_ERR_INVALID_STATE;
+            }
        }

+        ESP_FAULT_ASSERT(!ets_use_secure_boot_v2());
+#endif
+
        memcpy(efuse_trusted_digest, sig_block_trusted_digest, DIGEST_LEN);
    }

--- a/components/bootloader_support/src/idf/secure_boot_signatures.c
+++ b/components/bootloader_support/src/idf/secure_boot_signatures.c
@ -173,7 +173,10 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)

 esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest)
 {
-    uint8_t i = 0, efuse_trusted_digest[DIGEST_LEN] = {0}, sig_block_trusted_digest[DIGEST_LEN] = {0};
+    int i = 0;
+
+#if CONFIG_SECURE_BOOT_V2_ENABLED /* Verify key against efuse block */
+    uint8_t efuse_trusted_digest[DIGEST_LEN] = {0}, sig_block_trusted_digest[DIGEST_LEN] = {0};
    memcpy(efuse_trusted_digest, (uint8_t *) EFUSE_BLK2_RDATA0_REG, sizeof(efuse_trusted_digest));

    /* Note: in IDF verification we don't add any fault injection resistance, as we don't expect this to be called
@ -187,13 +190,17 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
    bootloader_sha256_finish(sig_block_sha, (unsigned char *)sig_block_trusted_digest);

    if (memcmp(efuse_trusted_digest, sig_block_trusted_digest, DIGEST_LEN) != 0) {
-        if (esp_secure_boot_enabled()) {
+        const uint8_t zeroes[DIGEST_LEN] = {0};
+        /* Can't continue if secure boot is enabled, OR if a different digest is already written in efuse BLK2
+
+           (If BLK2 is empty and Secure Boot is disabled then we assume that it will be enabled later.)
+         */
+        if (esp_secure_boot_enabled() || memcmp(efuse_trusted_digest, zeroes, DIGEST_LEN) != 0) {
            ESP_LOGE(TAG, "Public key digest in eFuse BLK2 and the signature block don't match.");
            return ESP_FAIL;
-        } else {
-            ESP_LOGW(TAG, "Public key digest in eFuse BLK2 and the signature block don't match.");
        }
    }
+#endif

    ESP_LOGI(TAG, "Verifying with RSA-PSS...");
    int ret = 0;