mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
refactor (bootloader_support, efuse)!: remove target-specific rom includes
The following two functions in bootloader_support are private now: * esp_secure_boot_verify_sbv2_signature_block() * esp_secure_boot_verify_rsa_signature_block() They have been moved into private header files inside bootloader_private/ * Removed bootloader_reset_reason.h and bootloader_common_get_reset_reason() completely. Alternative in ROM component is available. * made esp_efuse.h independent of target-specific rom header
This commit is contained in:
parent
6291d6220a
commit
33a3616635
@ -30,6 +30,20 @@
|
|||||||
#include "esp_efuse.h"
|
#include "esp_efuse.h"
|
||||||
#include "esp_attr.h"
|
#include "esp_attr.h"
|
||||||
|
|
||||||
|
#if CONFIG_IDF_TARGET_ESP32
|
||||||
|
#include "esp32/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32S2
|
||||||
|
#include "esp32s2/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32C3
|
||||||
|
#include "esp32c3/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32S3
|
||||||
|
#include "esp32s3/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32H2
|
||||||
|
#include "esp32h2/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32C2
|
||||||
|
#include "esp32c2/rom/secure_boot.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
#define SUB_TYPE_ID(i) (i & 0x0F)
|
#define SUB_TYPE_ID(i) (i & 0x0F)
|
||||||
|
|
||||||
/* Partial_data is word aligned so no reallocation is necessary for encrypted flash write */
|
/* Partial_data is word aligned so no reallocation is necessary for encrypted flash write */
|
||||||
@ -898,7 +912,7 @@ esp_err_t esp_ota_revoke_secure_boot_public_key(esp_ota_secure_boot_public_key_i
|
|||||||
}
|
}
|
||||||
|
|
||||||
esp_err_t ret;
|
esp_err_t ret;
|
||||||
ets_secure_boot_key_digests_t trusted_keys;
|
esp_secure_boot_key_digests_t trusted_keys;
|
||||||
ret = esp_secure_boot_read_key_digests(&trusted_keys);
|
ret = esp_secure_boot_read_key_digests(&trusted_keys);
|
||||||
if (ret != ESP_OK) {
|
if (ret != ESP_OK) {
|
||||||
ESP_LOGE(TAG, "Could not read the secure boot key digests from efuse. Aborting..");
|
ESP_LOGE(TAG, "Could not read the secure boot key digests from efuse. Aborting..");
|
||||||
|
@ -5,6 +5,7 @@
|
|||||||
*/
|
*/
|
||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include "esp_log.h"
|
#include "esp_log.h"
|
||||||
|
#include "esp_rom_sys.h"
|
||||||
#include "bootloader_init.h"
|
#include "bootloader_init.h"
|
||||||
#include "bootloader_utility.h"
|
#include "bootloader_utility.h"
|
||||||
#include "bootloader_common.h"
|
#include "bootloader_common.h"
|
||||||
@ -79,7 +80,7 @@ static int selected_boot_partition(const bootloader_state_t *bs)
|
|||||||
if (boot_index == INVALID_INDEX) {
|
if (boot_index == INVALID_INDEX) {
|
||||||
return boot_index; // Unrecoverable failure (not due to corrupt ota data or bad partition contents)
|
return boot_index; // Unrecoverable failure (not due to corrupt ota data or bad partition contents)
|
||||||
}
|
}
|
||||||
if (bootloader_common_get_reset_reason(0) != DEEPSLEEP_RESET) {
|
if (esp_rom_get_reset_reason(0) != RESET_REASON_CORE_DEEP_SLEEP) {
|
||||||
// Factory firmware.
|
// Factory firmware.
|
||||||
#ifdef CONFIG_BOOTLOADER_FACTORY_RESET
|
#ifdef CONFIG_BOOTLOADER_FACTORY_RESET
|
||||||
bool reset_level = false;
|
bool reset_level = false;
|
||||||
|
@ -8,21 +8,6 @@
|
|||||||
#include "esp_flash_partitions.h"
|
#include "esp_flash_partitions.h"
|
||||||
#include "esp_image_format.h"
|
#include "esp_image_format.h"
|
||||||
#include "esp_app_format.h"
|
#include "esp_app_format.h"
|
||||||
// [refactor-todo]: we shouldn't expose ROM header files in a public API header, remove them in v5.0
|
|
||||||
// Tracked in IDF-1968
|
|
||||||
#if CONFIG_IDF_TARGET_ESP32
|
|
||||||
#include "esp32/rom/rtc.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32S2
|
|
||||||
#include "esp32s2/rom/rtc.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32S3
|
|
||||||
#include "esp32s3/rom/rtc.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32C3
|
|
||||||
#include "esp32c3/rom/rtc.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32H2
|
|
||||||
#include "esp32h2/rom/rtc.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32C2
|
|
||||||
#include "esp32c2/rom/rtc.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
@ -196,14 +181,6 @@ esp_err_t bootloader_common_get_partition_description(const esp_partition_pos_t
|
|||||||
*/
|
*/
|
||||||
uint32_t bootloader_common_get_chip_ver_pkg(void);
|
uint32_t bootloader_common_get_chip_ver_pkg(void);
|
||||||
|
|
||||||
/**
|
|
||||||
* @brief Query reset reason
|
|
||||||
*
|
|
||||||
* @param cpu_no CPU number
|
|
||||||
* @return reset reason enumeration
|
|
||||||
*/
|
|
||||||
RESET_REASON bootloader_common_get_reset_reason(int cpu_no);
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Check if the image (bootloader and application) has valid chip ID and revision
|
* @brief Check if the image (bootloader and application) has valid chip ID and revision
|
||||||
*
|
*
|
||||||
|
@ -8,32 +8,13 @@
|
|||||||
#include <stdbool.h>
|
#include <stdbool.h>
|
||||||
#include <esp_err.h>
|
#include <esp_err.h>
|
||||||
#include "soc/efuse_periph.h"
|
#include "soc/efuse_periph.h"
|
||||||
|
#include "soc/soc_caps.h"
|
||||||
#include "esp_image_format.h"
|
#include "esp_image_format.h"
|
||||||
#include "esp_rom_efuse.h"
|
#include "esp_rom_efuse.h"
|
||||||
#include "sdkconfig.h"
|
#include "sdkconfig.h"
|
||||||
#include "esp_rom_crc.h"
|
#include "esp_rom_crc.h"
|
||||||
#include "hal/efuse_ll.h"
|
#include "hal/efuse_ll.h"
|
||||||
|
|
||||||
#if CONFIG_IDF_TARGET_ESP32
|
|
||||||
#include "esp32/rom/efuse.h"
|
|
||||||
#include "esp32/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32S2
|
|
||||||
#include "esp32s2/rom/efuse.h"
|
|
||||||
#include "esp32s2/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32C3
|
|
||||||
#include "esp32c3/rom/efuse.h"
|
|
||||||
#include "esp32c3/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32S3
|
|
||||||
#include "esp32s3/rom/efuse.h"
|
|
||||||
#include "esp32s3/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32H2
|
|
||||||
#include "esp32h2/rom/efuse.h"
|
|
||||||
#include "esp32h2/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32C2
|
|
||||||
#include "esp32c2/rom/efuse.h"
|
|
||||||
#include "esp32c2/rom/secure_boot.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef CONFIG_SECURE_BOOT_V1_ENABLED
|
#ifdef CONFIG_SECURE_BOOT_V1_ENABLED
|
||||||
#if !defined(CONFIG_SECURE_SIGNED_ON_BOOT) || !defined(CONFIG_SECURE_SIGNED_ON_UPDATE) || !defined(CONFIG_SECURE_SIGNED_APPS)
|
#if !defined(CONFIG_SECURE_SIGNED_ON_BOOT) || !defined(CONFIG_SECURE_SIGNED_ON_UPDATE) || !defined(CONFIG_SECURE_SIGNED_APPS)
|
||||||
#error "internal sdkconfig error, secure boot should always enable all signature options"
|
#error "internal sdkconfig error, secure boot should always enable all signature options"
|
||||||
@ -217,34 +198,10 @@ esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig
|
|||||||
* Each image can have one or more signature blocks (up to SECURE_BOOT_NUM_BLOCKS). Each signature block includes a public key.
|
* Each image can have one or more signature blocks (up to SECURE_BOOT_NUM_BLOCKS). Each signature block includes a public key.
|
||||||
*/
|
*/
|
||||||
typedef struct {
|
typedef struct {
|
||||||
uint8_t key_digests[SECURE_BOOT_NUM_BLOCKS][ESP_SECURE_BOOT_DIGEST_LEN]; /* SHA of the public key components in the signature block */
|
uint8_t key_digests[SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS][ESP_SECURE_BOOT_DIGEST_LEN]; /* SHA of the public key components in the signature block */
|
||||||
unsigned num_digests; /* Number of valid digests, starting at index 0 */
|
unsigned num_digests; /* Number of valid digests, starting at index 0 */
|
||||||
} esp_image_sig_public_key_digests_t;
|
} esp_image_sig_public_key_digests_t;
|
||||||
|
|
||||||
/** @brief Verify the secure boot signature block for Secure Boot V2.
|
|
||||||
*
|
|
||||||
* Performs RSA-PSS or ECDSA verification of the SHA-256 image based on the public key
|
|
||||||
* in the signature block, compared against the public key digest stored in efuse.
|
|
||||||
*
|
|
||||||
* Similar to esp_secure_boot_verify_signature(), but can be used when the digest is precalculated.
|
|
||||||
* @param sig_block Pointer to signature block data
|
|
||||||
* @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
|
|
||||||
* @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
|
|
||||||
|
|
||||||
/** @brief Legacy function to verify RSA secure boot signature block for Secure Boot V2.
|
|
||||||
*
|
|
||||||
* @note This is kept for backward compatibility. It internally calls esp_secure_boot_verify_sbv2_signature_block.
|
|
||||||
*
|
|
||||||
* @param sig_block Pointer to RSA signature block data
|
|
||||||
* @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
|
|
||||||
* @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
|
|
||||||
|
|
||||||
#endif // !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_3
|
#endif // !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_3
|
||||||
|
|
||||||
/** @brief Legacy ECDSA verification function
|
/** @brief Legacy ECDSA verification function
|
||||||
|
@ -0,0 +1,52 @@
|
|||||||
|
/*
|
||||||
|
* SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
|
||||||
|
*
|
||||||
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
|
*/
|
||||||
|
#pragma once
|
||||||
|
|
||||||
|
#include "sdkconfig.h"
|
||||||
|
#include <esp_err.h>
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
|
#if CONFIG_IDF_TARGET_ESP32
|
||||||
|
#include "esp32/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32S2
|
||||||
|
#include "esp32s2/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32C3
|
||||||
|
#include "esp32c3/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32S3
|
||||||
|
#include "esp32s3/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32H2
|
||||||
|
#include "esp32h2/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32C2
|
||||||
|
#include "esp32c2/rom/secure_boot.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_3
|
||||||
|
|
||||||
|
/** @brief Verify the secure boot signature block for Secure Boot V2.
|
||||||
|
*
|
||||||
|
* Performs RSA-PSS or ECDSA verification of the SHA-256 image based on the public key
|
||||||
|
* in the signature block, compared against the public key digest stored in efuse.
|
||||||
|
*
|
||||||
|
* Similar to esp_secure_boot_verify_signature(), but can be used when the digest is precalculated.
|
||||||
|
* @param sig_block Pointer to signature block data
|
||||||
|
* @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
|
||||||
|
* @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
|
||||||
|
|
||||||
|
/** @brief Legacy function to verify RSA secure boot signature block for Secure Boot V2.
|
||||||
|
*
|
||||||
|
* @note This is kept for backward compatibility. It internally calls esp_secure_boot_verify_sbv2_signature_block.
|
||||||
|
*
|
||||||
|
* @param sig_block Pointer to RSA signature block data
|
||||||
|
* @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
|
||||||
|
* @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
|
||||||
|
|
||||||
|
#endif
|
@ -189,11 +189,6 @@ void bootloader_common_vddsdio_configure(void)
|
|||||||
#endif // CONFIG_BOOTLOADER_VDDSDIO_BOOST
|
#endif // CONFIG_BOOTLOADER_VDDSDIO_BOOST
|
||||||
}
|
}
|
||||||
|
|
||||||
RESET_REASON bootloader_common_get_reset_reason(int cpu_no)
|
|
||||||
{
|
|
||||||
return (RESET_REASON)esp_rom_get_reset_reason(cpu_no);
|
|
||||||
}
|
|
||||||
|
|
||||||
uint8_t bootloader_flash_get_cs_io(void)
|
uint8_t bootloader_flash_get_cs_io(void)
|
||||||
{
|
{
|
||||||
#if SOC_SPI_MEM_SUPPORT_CONFIG_GPIO_BY_EFUSE
|
#if SOC_SPI_MEM_SUPPORT_CONFIG_GPIO_BY_EFUSE
|
||||||
|
@ -20,6 +20,7 @@
|
|||||||
#include "soc/assist_debug_reg.h"
|
#include "soc/assist_debug_reg.h"
|
||||||
#include "esp_cpu.h"
|
#include "esp_cpu.h"
|
||||||
#include "soc/rtc.h"
|
#include "soc/rtc.h"
|
||||||
|
#include "soc/rtc_cntl_reg.h"
|
||||||
#include "soc/spi_periph.h"
|
#include "soc/spi_periph.h"
|
||||||
#include "soc/extmem_reg.h"
|
#include "soc/extmem_reg.h"
|
||||||
#include "soc/io_mux_reg.h"
|
#include "soc/io_mux_reg.h"
|
||||||
|
@ -20,6 +20,7 @@
|
|||||||
#include "soc/assist_debug_reg.h"
|
#include "soc/assist_debug_reg.h"
|
||||||
#include "esp_cpu.h"
|
#include "esp_cpu.h"
|
||||||
#include "soc/rtc.h"
|
#include "soc/rtc.h"
|
||||||
|
#include "soc/rtc_cntl_reg.h"
|
||||||
#include "soc/spi_periph.h"
|
#include "soc/spi_periph.h"
|
||||||
#include "soc/extmem_reg.h"
|
#include "soc/extmem_reg.h"
|
||||||
#include "soc/io_mux_reg.h"
|
#include "soc/io_mux_reg.h"
|
||||||
|
@ -33,6 +33,7 @@
|
|||||||
#include "soc/dport_reg.h"
|
#include "soc/dport_reg.h"
|
||||||
#include "soc/extmem_reg.h"
|
#include "soc/extmem_reg.h"
|
||||||
#include "soc/rtc.h"
|
#include "soc/rtc.h"
|
||||||
|
#include "soc/rtc_cntl_reg.h"
|
||||||
#include "soc/spi_periph.h"
|
#include "soc/spi_periph.h"
|
||||||
#include "esp_efuse.h"
|
#include "esp_efuse.h"
|
||||||
#include "hal/mmu_hal.h"
|
#include "hal/mmu_hal.h"
|
||||||
|
@ -7,6 +7,7 @@
|
|||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
#include <esp_cpu.h>
|
#include <esp_cpu.h>
|
||||||
#include <bootloader_utility.h>
|
#include <bootloader_utility.h>
|
||||||
|
#include <bootloader_signature.h>
|
||||||
#include <esp_secure_boot.h>
|
#include <esp_secure_boot.h>
|
||||||
#include <esp_fault.h>
|
#include <esp_fault.h>
|
||||||
#include <esp_log.h>
|
#include <esp_log.h>
|
||||||
|
@ -11,6 +11,7 @@
|
|||||||
#include "esp_log.h"
|
#include "esp_log.h"
|
||||||
|
|
||||||
#include "esp32/rom/cache.h"
|
#include "esp32/rom/cache.h"
|
||||||
|
#include "esp32/rom/secure_boot.h"
|
||||||
|
|
||||||
#include "soc/rtc_periph.h"
|
#include "soc/rtc_periph.h"
|
||||||
#include "bootloader_utility.h"
|
#include "bootloader_utility.h"
|
||||||
|
@ -15,6 +15,20 @@
|
|||||||
#include "esp_efuse.h"
|
#include "esp_efuse.h"
|
||||||
#include "esp_efuse_table.h"
|
#include "esp_efuse_table.h"
|
||||||
|
|
||||||
|
#if CONFIG_IDF_TARGET_ESP32
|
||||||
|
#include "esp32/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32S2
|
||||||
|
#include "esp32s2/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32C3
|
||||||
|
#include "esp32c3/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32S3
|
||||||
|
#include "esp32s3/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32H2
|
||||||
|
#include "esp32h2/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32C2
|
||||||
|
#include "esp32c2/rom/secure_boot.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
/* The following API implementations are used only when called
|
/* The following API implementations are used only when called
|
||||||
* from the bootloader code.
|
* from the bootloader code.
|
||||||
*/
|
*/
|
||||||
|
@ -14,6 +14,8 @@
|
|||||||
#include "mbedtls/ecp.h"
|
#include "mbedtls/ecp.h"
|
||||||
#include "rom/ecdsa.h"
|
#include "rom/ecdsa.h"
|
||||||
|
|
||||||
|
#include "secure_boot_signature_priv.h"
|
||||||
|
|
||||||
static const char *TAG = "secure_boot_v2_ecdsa";
|
static const char *TAG = "secure_boot_v2_ecdsa";
|
||||||
|
|
||||||
#define ECDSA_INTEGER_LEN 32
|
#define ECDSA_INTEGER_LEN 32
|
||||||
|
@ -12,6 +12,8 @@
|
|||||||
#include "mbedtls/entropy.h"
|
#include "mbedtls/entropy.h"
|
||||||
#include "mbedtls/ctr_drbg.h"
|
#include "mbedtls/ctr_drbg.h"
|
||||||
|
|
||||||
|
#include "secure_boot_signature_priv.h"
|
||||||
|
|
||||||
static const char *TAG = "secure_boot_v2_rsa";
|
static const char *TAG = "secure_boot_v2_rsa";
|
||||||
|
|
||||||
esp_err_t verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block)
|
esp_err_t verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block)
|
||||||
|
@ -4,7 +4,20 @@
|
|||||||
* SPDX-License-Identifier: Apache-2.0
|
* SPDX-License-Identifier: Apache-2.0
|
||||||
*/
|
*/
|
||||||
#include "esp_secure_boot.h"
|
#include "esp_secure_boot.h"
|
||||||
#include "esp_log.h"
|
|
||||||
|
#if CONFIG_IDF_TARGET_ESP32
|
||||||
|
#include "esp32/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32S2
|
||||||
|
#include "esp32s2/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32C3
|
||||||
|
#include "esp32c3/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32S3
|
||||||
|
#include "esp32s3/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32H2
|
||||||
|
#include "esp32h2/rom/secure_boot.h"
|
||||||
|
#elif CONFIG_IDF_TARGET_ESP32C2
|
||||||
|
#include "esp32c2/rom/secure_boot.h"
|
||||||
|
#endif
|
||||||
|
|
||||||
esp_err_t verify_ecdsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block);
|
esp_err_t verify_ecdsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block);
|
||||||
|
|
||||||
|
@ -8,6 +8,7 @@
|
|||||||
#include "bootloader_flash_priv.h"
|
#include "bootloader_flash_priv.h"
|
||||||
#include "bootloader_sha.h"
|
#include "bootloader_sha.h"
|
||||||
#include "bootloader_utility.h"
|
#include "bootloader_utility.h"
|
||||||
|
#include "bootloader_signature.h"
|
||||||
#include "esp_log.h"
|
#include "esp_log.h"
|
||||||
#include "esp_image_format.h"
|
#include "esp_image_format.h"
|
||||||
#include "mbedtls/sha256.h"
|
#include "mbedtls/sha256.h"
|
||||||
@ -108,7 +109,7 @@ static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t
|
|||||||
#elif CONFIG_SECURE_BOOT_V2_ENABLED
|
#elif CONFIG_SECURE_BOOT_V2_ENABLED
|
||||||
ESP_LOGI(TAG, "Take trusted digest key(s) from eFuse block(s)");
|
ESP_LOGI(TAG, "Take trusted digest key(s) from eFuse block(s)");
|
||||||
// Read key digests from efuse
|
// Read key digests from efuse
|
||||||
ets_secure_boot_key_digests_t efuse_trusted;
|
esp_secure_boot_key_digests_t efuse_trusted;
|
||||||
if (esp_secure_boot_read_key_digests(&efuse_trusted) == ESP_OK) {
|
if (esp_secure_boot_read_key_digests(&efuse_trusted) == ESP_OK) {
|
||||||
for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
|
for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
|
||||||
if (efuse_trusted.key_digests[i] != NULL) {
|
if (efuse_trusted.key_digests[i] != NULL) {
|
||||||
|
@ -10,6 +10,7 @@
|
|||||||
#include "bootloader_flash_priv.h"
|
#include "bootloader_flash_priv.h"
|
||||||
#include "bootloader_sha.h"
|
#include "bootloader_sha.h"
|
||||||
#include "bootloader_utility.h"
|
#include "bootloader_utility.h"
|
||||||
|
#include "bootloader_signature.h"
|
||||||
#include "esp_log.h"
|
#include "esp_log.h"
|
||||||
#include "esp_image_format.h"
|
#include "esp_image_format.h"
|
||||||
#include "esp_secure_boot.h"
|
#include "esp_secure_boot.h"
|
||||||
@ -66,19 +67,19 @@ static esp_err_t validate_signature_block(const ets_secure_boot_sig_block_t *blo
|
|||||||
static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t *public_key_digests)
|
static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t *public_key_digests)
|
||||||
{
|
{
|
||||||
// Read key digests from efuse
|
// Read key digests from efuse
|
||||||
ets_secure_boot_key_digests_t trusted_keys;
|
esp_secure_boot_key_digests_t trusted_keys;
|
||||||
ets_secure_boot_key_digests_t trusted_key_copies[2];
|
esp_secure_boot_key_digests_t trusted_key_copies[2];
|
||||||
|
|
||||||
memset(&trusted_keys, 0, sizeof(ets_secure_boot_key_digests_t));
|
memset(&trusted_keys, 0, sizeof(esp_secure_boot_key_digests_t));
|
||||||
memset(trusted_key_copies, 0, 2 * sizeof(ets_secure_boot_key_digests_t));
|
memset(trusted_key_copies, 0, 2 * sizeof(esp_secure_boot_key_digests_t));
|
||||||
|
|
||||||
esp_err_t err = esp_secure_boot_read_key_digests(&trusted_keys);
|
esp_err_t err = esp_secure_boot_read_key_digests(&trusted_keys);
|
||||||
|
|
||||||
// Create the copies for FI checks (assuming result is ETS_OK, if it's not then it'll fail the fault check anyhow)
|
// Create the copies for FI checks (assuming result is ETS_OK, if it's not then it'll fail the fault check anyhow)
|
||||||
esp_secure_boot_read_key_digests(&trusted_key_copies[0]);
|
esp_secure_boot_read_key_digests(&trusted_key_copies[0]);
|
||||||
esp_secure_boot_read_key_digests(&trusted_key_copies[1]);
|
esp_secure_boot_read_key_digests(&trusted_key_copies[1]);
|
||||||
ESP_FAULT_ASSERT(memcmp(&trusted_keys, &trusted_key_copies[0], sizeof(ets_secure_boot_key_digests_t)) == 0);
|
ESP_FAULT_ASSERT(memcmp(&trusted_keys, &trusted_key_copies[0], sizeof(esp_secure_boot_key_digests_t)) == 0);
|
||||||
ESP_FAULT_ASSERT(memcmp(&trusted_keys, &trusted_key_copies[1], sizeof(ets_secure_boot_key_digests_t)) == 0);
|
ESP_FAULT_ASSERT(memcmp(&trusted_keys, &trusted_key_copies[1], sizeof(esp_secure_boot_key_digests_t)) == 0);
|
||||||
|
|
||||||
if (err == ESP_OK) {
|
if (err == ESP_OK) {
|
||||||
for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
|
for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
|
||||||
|
@ -15,20 +15,6 @@
|
|||||||
#include "sdkconfig.h"
|
#include "sdkconfig.h"
|
||||||
#include_next "esp_efuse.h"
|
#include_next "esp_efuse.h"
|
||||||
|
|
||||||
#if CONFIG_IDF_TARGET_ESP32
|
|
||||||
#include "esp32/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32S2
|
|
||||||
#include "esp32s2/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32C3
|
|
||||||
#include "esp32c3/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32S3
|
|
||||||
#include "esp32s3/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32H2
|
|
||||||
#include "esp32h2/rom/secure_boot.h"
|
|
||||||
#elif CONFIG_IDF_TARGET_ESP32C2
|
|
||||||
#include "esp32c2/rom/secure_boot.h"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
@ -60,6 +46,17 @@ typedef enum {
|
|||||||
ESP_EFUSE_ROM_LOG_ALWAYS_OFF /**< Disable ROM logging permanently */
|
ESP_EFUSE_ROM_LOG_ALWAYS_OFF /**< Disable ROM logging permanently */
|
||||||
} esp_efuse_rom_log_scheme_t;
|
} esp_efuse_rom_log_scheme_t;
|
||||||
|
|
||||||
|
#if CONFIG_ESP32_REV_MIN_3 || !CONFIG_IDF_TARGET_ESP32
|
||||||
|
/**
|
||||||
|
* @brief Pointers to the trusted key digests.
|
||||||
|
*
|
||||||
|
* The number of digests depends on the SOC's capabilities.
|
||||||
|
*/
|
||||||
|
typedef struct {
|
||||||
|
const void *key_digests[SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS]; /**< Pointers to the key digests */
|
||||||
|
} esp_secure_boot_key_digests_t;
|
||||||
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @brief Reads bits from EFUSE field and writes it into an array.
|
* @brief Reads bits from EFUSE field and writes it into an array.
|
||||||
*
|
*
|
||||||
@ -749,13 +746,15 @@ esp_err_t esp_efuse_write_keys(const esp_efuse_purpose_t purposes[], uint8_t key
|
|||||||
/**
|
/**
|
||||||
* @brief Read key digests from efuse. Any revoked/missing digests will be marked as NULL
|
* @brief Read key digests from efuse. Any revoked/missing digests will be marked as NULL
|
||||||
*
|
*
|
||||||
* @param[out] trusted_keys The number of digest in range 0..2
|
* @param[out] trusted_key_digests Trusted keys digests, stored in this parameter after successfully
|
||||||
|
* completing this function.
|
||||||
|
* The number of digests depends on the SOC's capabilities.
|
||||||
*
|
*
|
||||||
* @return
|
* @return
|
||||||
* - ESP_OK: Successful.
|
* - ESP_OK: Successful.
|
||||||
* - ESP_FAIL: If trusted_keys is NULL or there is no valid digest.
|
* - ESP_FAIL: If trusted_keys is NULL or there is no valid digest.
|
||||||
*/
|
*/
|
||||||
esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys);
|
esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_key_digests);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -365,7 +365,7 @@ esp_err_t esp_efuse_set_write_protect_of_digest_revoke(unsigned num_digest)
|
|||||||
return esp_efuse_write_field_bit(s_revoke_table[num_digest].revoke_wr_dis);
|
return esp_efuse_write_field_bit(s_revoke_table[num_digest].revoke_wr_dis);
|
||||||
}
|
}
|
||||||
|
|
||||||
esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys)
|
esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_keys)
|
||||||
{
|
{
|
||||||
bool found = false;
|
bool found = false;
|
||||||
esp_efuse_block_t key_block;
|
esp_efuse_block_t key_block;
|
||||||
@ -374,7 +374,7 @@ esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *truste
|
|||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
}
|
}
|
||||||
|
|
||||||
for (unsigned i = 0; i < MAX_KEY_DIGESTS; i++) {
|
for (unsigned i = 0; i < SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS; i++) {
|
||||||
trusted_keys->key_digests[i] = NULL;
|
trusted_keys->key_digests[i] = NULL;
|
||||||
if (esp_efuse_get_digest_revoke(i)) {
|
if (esp_efuse_get_digest_revoke(i)) {
|
||||||
continue;
|
continue;
|
||||||
@ -390,8 +390,6 @@ esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *truste
|
|||||||
found = found || (trusted_keys->key_digests[i] != NULL);
|
found = found || (trusted_keys->key_digests[i] != NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
trusted_keys->allow_key_revoke = false;
|
|
||||||
|
|
||||||
if (!found) {
|
if (!found) {
|
||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
}
|
}
|
||||||
|
@ -238,7 +238,7 @@ err_exit:
|
|||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
|
|
||||||
esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys)
|
esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_keys)
|
||||||
{
|
{
|
||||||
if (trusted_keys == NULL) {
|
if (trusted_keys == NULL) {
|
||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
|
@ -241,7 +241,7 @@ err_exit:
|
|||||||
}
|
}
|
||||||
|
|
||||||
#if CONFIG_ESP32_REV_MIN_3
|
#if CONFIG_ESP32_REV_MIN_3
|
||||||
esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys)
|
esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_keys)
|
||||||
{
|
{
|
||||||
if (trusted_keys == NULL) {
|
if (trusted_keys == NULL) {
|
||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
|
@ -5,6 +5,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
#include "esp32s2/rom/ets_sys.h"
|
||||||
#include "esp32s2/rom/hmac.h"
|
#include "esp32s2/rom/hmac.h"
|
||||||
#include "esp_hmac.h"
|
#include "esp_hmac.h"
|
||||||
#include "esp_crypto_lock.h"
|
#include "esp_crypto_lock.h"
|
||||||
|
@ -28,13 +28,16 @@
|
|||||||
#include "soc/dport_reg.h"
|
#include "soc/dport_reg.h"
|
||||||
#include "esp32/rtc.h"
|
#include "esp32/rtc.h"
|
||||||
#include "esp32/rom/cache.h"
|
#include "esp32/rom/cache.h"
|
||||||
|
#include "esp32/rom/secure_boot.h"
|
||||||
#elif CONFIG_IDF_TARGET_ESP32S2
|
#elif CONFIG_IDF_TARGET_ESP32S2
|
||||||
#include "esp32s2/rtc.h"
|
#include "esp32s2/rtc.h"
|
||||||
#include "esp32s2/rom/cache.h"
|
#include "esp32s2/rom/cache.h"
|
||||||
|
#include "esp32s2/rom/secure_boot.h"
|
||||||
#include "esp32s2/memprot.h"
|
#include "esp32s2/memprot.h"
|
||||||
#elif CONFIG_IDF_TARGET_ESP32S3
|
#elif CONFIG_IDF_TARGET_ESP32S3
|
||||||
#include "esp32s3/rtc.h"
|
#include "esp32s3/rtc.h"
|
||||||
#include "esp32s3/rom/cache.h"
|
#include "esp32s3/rom/cache.h"
|
||||||
|
#include "esp32s3/rom/secure_boot.h"
|
||||||
#include "esp_memprot.h"
|
#include "esp_memprot.h"
|
||||||
#include "soc/assist_debug_reg.h"
|
#include "soc/assist_debug_reg.h"
|
||||||
#include "soc/system_reg.h"
|
#include "soc/system_reg.h"
|
||||||
@ -42,15 +45,18 @@
|
|||||||
#elif CONFIG_IDF_TARGET_ESP32C3
|
#elif CONFIG_IDF_TARGET_ESP32C3
|
||||||
#include "esp32c3/rtc.h"
|
#include "esp32c3/rtc.h"
|
||||||
#include "esp32c3/rom/cache.h"
|
#include "esp32c3/rom/cache.h"
|
||||||
|
#include "esp32c3/rom/secure_boot.h"
|
||||||
#include "esp_memprot.h"
|
#include "esp_memprot.h"
|
||||||
#elif CONFIG_IDF_TARGET_ESP32H2
|
#elif CONFIG_IDF_TARGET_ESP32H2
|
||||||
#include "esp32h2/rtc.h"
|
#include "esp32h2/rtc.h"
|
||||||
#include "esp32h2/rom/cache.h"
|
#include "esp32h2/rom/cache.h"
|
||||||
|
#include "esp32h2/rom/secure_boot.h"
|
||||||
#include "esp_memprot.h"
|
#include "esp_memprot.h"
|
||||||
#elif CONFIG_IDF_TARGET_ESP32C2
|
#elif CONFIG_IDF_TARGET_ESP32C2
|
||||||
#include "esp32c2/rtc.h"
|
#include "esp32c2/rtc.h"
|
||||||
#include "esp32c2/rom/cache.h"
|
#include "esp32c2/rom/cache.h"
|
||||||
#include "esp32c2/rom/rtc.h"
|
#include "esp32c2/rom/rtc.h"
|
||||||
|
#include "esp32c2/rom/secure_boot.h"
|
||||||
#include "esp32c2/memprot.h"
|
#include "esp32c2/memprot.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
@ -20,6 +20,12 @@ Cache Error Interrupt
|
|||||||
|
|
||||||
The old headers ``{IDF_TARGET_NAME}/cache_err_int.h`` have been removed. Please include ``esp_private/cache_err_int.h`` instead.
|
The old headers ``{IDF_TARGET_NAME}/cache_err_int.h`` have been removed. Please include ``esp_private/cache_err_int.h`` instead.
|
||||||
|
|
||||||
|
Bootloader Support
|
||||||
|
------------------
|
||||||
|
|
||||||
|
* The function ``bootloader_common_get_reset_reason()`` has been removed. Please use the function ``esp_rom_get_reset_reason()`` in the ROM component.
|
||||||
|
* The functions ``esp_secure_boot_verify_sbv2_signature_block()`` and ``esp_secure_boot_verify_rsa_signature_block()`` have been removed without replacement. We don't expect users to use these directly. If they are indeed still neccessary, please open a feature request on github explaining why these functions are necessary to you.
|
||||||
|
|
||||||
Brownout
|
Brownout
|
||||||
--------
|
--------
|
||||||
|
|
||||||
@ -49,6 +55,11 @@ PSRAM
|
|||||||
- The target specific header files ``spiram.h`` have been deleted. The header file ``esp_spiram.h`` has been deleted. A new component ``esp_psram`` is created, you should include ``esp_psram.h`` instead. Besides, you might need to add ``esp_psram`` component to the list of component requirements in CMakeLists.txt.
|
- The target specific header files ``spiram.h`` have been deleted. The header file ``esp_spiram.h`` has been deleted. A new component ``esp_psram`` is created, you should include ``esp_psram.h`` instead. Besides, you might need to add ``esp_psram`` component to the list of component requirements in CMakeLists.txt.
|
||||||
- ``esp_spiram_get_chip_size`` and ``esp_spiram_get_size`` have been deleted. You should use ``esp_psram_get_size`` instead.
|
- ``esp_spiram_get_chip_size`` and ``esp_spiram_get_size`` have been deleted. You should use ``esp_psram_get_size`` instead.
|
||||||
|
|
||||||
|
Efuse
|
||||||
|
----------
|
||||||
|
|
||||||
|
The parameter type of function ``esp_secure_boot_read_key_digests()`` changed from ``ets_secure_boot_key_digests_t*`` to ``esp_secure_boot_key_digests_t*``. ``ets_secure_boot_key_digests_t*``. The new type is the same as the old one, except that the ``allow_key_revoke`` flag has been removed. The latter was always set to ``true`` in current code, hence, it didn't provide additional information.
|
||||||
|
|
||||||
ESP Common
|
ESP Common
|
||||||
----------
|
----------
|
||||||
|
|
||||||
|
@ -7,6 +7,7 @@
|
|||||||
CONDITIONS OF ANY KIND, either express or implied.
|
CONDITIONS OF ANY KIND, either express or implied.
|
||||||
*/
|
*/
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
|
#include "sdkconfig.h"
|
||||||
#include "freertos/FreeRTOS.h"
|
#include "freertos/FreeRTOS.h"
|
||||||
#include "freertos/task.h"
|
#include "freertos/task.h"
|
||||||
#include "soc/efuse_reg.h"
|
#include "soc/efuse_reg.h"
|
||||||
@ -54,7 +55,7 @@ static void example_print_chip_info(void)
|
|||||||
|
|
||||||
static void example_secure_boot_status(void)
|
static void example_secure_boot_status(void)
|
||||||
{
|
{
|
||||||
ets_secure_boot_key_digests_t trusted_keys = { 0};
|
esp_secure_boot_key_digests_t trusted_keys = { 0};
|
||||||
|
|
||||||
ESP_LOGI(TAG, "Checking for Secure Boot..");
|
ESP_LOGI(TAG, "Checking for Secure Boot..");
|
||||||
if(esp_secure_boot_enabled()) {
|
if(esp_secure_boot_enabled()) {
|
||||||
@ -62,7 +63,7 @@ static void example_secure_boot_status(void)
|
|||||||
ESP_ERROR_CHECK( esp_secure_boot_read_key_digests(&trusted_keys) );
|
ESP_ERROR_CHECK( esp_secure_boot_read_key_digests(&trusted_keys) );
|
||||||
|
|
||||||
unsigned total = 0;
|
unsigned total = 0;
|
||||||
for (int i = 0; i < MAX_KEY_DIGESTS; i++) {
|
for (int i = 0; i < SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS; i++) {
|
||||||
ESP_LOGI(TAG, "Key slot %d:", i);
|
ESP_LOGI(TAG, "Key slot %d:", i);
|
||||||
if (trusted_keys.key_digests[i]) {
|
if (trusted_keys.key_digests[i]) {
|
||||||
ESP_LOG_BUFFER_HEXDUMP("trusted key", trusted_keys.key_digests[i], DIGEST_LEN, ESP_LOG_INFO);
|
ESP_LOG_BUFFER_HEXDUMP("trusted key", trusted_keys.key_digests[i], DIGEST_LEN, ESP_LOG_INFO);
|
||||||
|
Loading…
Reference in New Issue
Block a user