secure_boot_v2: fix issue in pre-flashed digest (manual) workflow

This commit fixes issue where empty (unprogrammed) digest slot out of multiple supported (e.g. 3 for ESP32-C3) could cause issue in workflow enablement process. Notes: 1. This issue was applicable for chips supporting "secure-boot-v2" scheme with multiple digests slots 2. This issue was affecting only manual workflow, where digest of public was pre-flashed in efuse 3. Change in "flash_encrypt.c" is only for additional safety purpose
2024-10-05 20:47:46 -04:00 · 2021-10-27 17:51:01 +05:30 · 2021-10-27 17:51:01 +05:30 · 4ac351247d
commit 4ac351247d
parent 56aa8b6cb3
2 changed files with 10 additions and 3 deletions
--- a/components/bootloader_support/src/flash_encryption/flash_encrypt.c
+++ b/components/bootloader_support/src/flash_encryption/flash_encrypt.c
@ -104,7 +104,8 @@ static esp_err_t check_and_generate_encryption_keys(void)
 #endif // CONFIG_SECURE_FLASH_ENCRYPTION_AES256
 #endif // CONFIG_IDF_TARGET_ESP32

-    esp_efuse_block_t blocks[BLOCKS_NEEDED];
+    /* Initialize all efuse block entries to invalid (max) value */
+    esp_efuse_block_t blocks[BLOCKS_NEEDED] = {[0 ... BLOCKS_NEEDED-1] = EFUSE_BLK_KEY_MAX};
    bool has_key = true;
    for (unsigned i = 0; i < BLOCKS_NEEDED; i++) {
        bool tmp_has_key = esp_efuse_find_purpose(purposes[i], &blocks[i]);
--- a/components/bootloader_support/src/secure_boot_v2/secure_boot.c
+++ b/components/bootloader_support/src/secure_boot_v2/secure_boot.c
@ -156,11 +156,11 @@ static esp_err_t check_and_generate_secure_boot_keys(const esp_image_metadata_t
        return ret;
    }

+    /* Initialize all efuse block entries to invalid (max) value */
+    esp_efuse_block_t blocks[SECURE_BOOT_NUM_BLOCKS] = {[0 ... SECURE_BOOT_NUM_BLOCKS-1] = EFUSE_BLK_KEY_MAX};
    /* Check if secure boot digests are present */
-    esp_efuse_block_t blocks[SECURE_BOOT_NUM_BLOCKS];
    bool has_secure_boot_digest = false;
    for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
-        blocks[i] = EFUSE_BLK_KEY_MAX;
        bool tmp_has_key = esp_efuse_find_purpose(secure_boot_key_purpose[i], &blocks[i]);
        if (tmp_has_key) { // For ESP32: esp_efuse_find_purpose() always returns True, need to check whether the key block is used or not.
            tmp_has_key &= !esp_efuse_key_block_unused(blocks[i]);
@ -198,6 +198,12 @@ static esp_err_t check_and_generate_secure_boot_keys(const esp_image_metadata_t
        }
    } else {
        for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
+            /* Check if corresponding digest slot is used or not */
+            if (blocks[i] == EFUSE_BLK_KEY_MAX) {
+                ESP_LOGD(TAG, "SECURE_BOOT_DIGEST%d slot is not used", i);
+                continue;
+            }
+
 #if SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS
            if (esp_efuse_get_digest_revoke(i)) {
                continue;