From 4ac351247d3fdc98ed2e5a8ef42ad22b3099be86 Mon Sep 17 00:00:00 2001
From: Mahavir Jain <mahavir@espressif.com>
Date: Wed, 27 Oct 2021 17:51:01 +0530
Subject: [PATCH] secure_boot_v2: fix issue in pre-flashed digest (manual)
 workflow

This commit fixes issue where empty (unprogrammed) digest slot out of
multiple supported (e.g. 3 for ESP32-C3) could cause issue in
workflow enablement process.

Notes:

1. This issue was applicable for chips supporting "secure-boot-v2"
scheme with multiple digests slots
2. This issue was affecting only manual workflow, where digest of
public was pre-flashed in efuse
3. Change in "flash_encrypt.c" is only for additional safety purpose
---
 .../src/flash_encryption/flash_encrypt.c               |  3 ++-
 .../src/secure_boot_v2/secure_boot.c                   | 10 ++++++++--
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/components/bootloader_support/src/flash_encryption/flash_encrypt.c b/components/bootloader_support/src/flash_encryption/flash_encrypt.c
index e61922e19d..4ca3fbc368 100644
--- a/components/bootloader_support/src/flash_encryption/flash_encrypt.c
+++ b/components/bootloader_support/src/flash_encryption/flash_encrypt.c
@@ -104,7 +104,8 @@ static esp_err_t check_and_generate_encryption_keys(void)
 #endif // CONFIG_SECURE_FLASH_ENCRYPTION_AES256
 #endif // CONFIG_IDF_TARGET_ESP32
 
-    esp_efuse_block_t blocks[BLOCKS_NEEDED];
+    /* Initialize all efuse block entries to invalid (max) value */
+    esp_efuse_block_t blocks[BLOCKS_NEEDED] = {[0 ... BLOCKS_NEEDED-1] = EFUSE_BLK_KEY_MAX};
     bool has_key = true;
     for (unsigned i = 0; i < BLOCKS_NEEDED; i++) {
         bool tmp_has_key = esp_efuse_find_purpose(purposes[i], &blocks[i]);
diff --git a/components/bootloader_support/src/secure_boot_v2/secure_boot.c b/components/bootloader_support/src/secure_boot_v2/secure_boot.c
index 650fa7fcce..37223a89b6 100644
--- a/components/bootloader_support/src/secure_boot_v2/secure_boot.c
+++ b/components/bootloader_support/src/secure_boot_v2/secure_boot.c
@@ -156,11 +156,11 @@ static esp_err_t check_and_generate_secure_boot_keys(const esp_image_metadata_t
         return ret;
     }
 
+    /* Initialize all efuse block entries to invalid (max) value */
+    esp_efuse_block_t blocks[SECURE_BOOT_NUM_BLOCKS] = {[0 ... SECURE_BOOT_NUM_BLOCKS-1] = EFUSE_BLK_KEY_MAX};
     /* Check if secure boot digests are present */
-    esp_efuse_block_t blocks[SECURE_BOOT_NUM_BLOCKS];
     bool has_secure_boot_digest = false;
     for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
-        blocks[i] = EFUSE_BLK_KEY_MAX;
         bool tmp_has_key = esp_efuse_find_purpose(secure_boot_key_purpose[i], &blocks[i]);
         if (tmp_has_key) { // For ESP32: esp_efuse_find_purpose() always returns True, need to check whether the key block is used or not.
             tmp_has_key &= !esp_efuse_key_block_unused(blocks[i]);
@@ -198,6 +198,12 @@ static esp_err_t check_and_generate_secure_boot_keys(const esp_image_metadata_t
         }
     } else {
         for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
+            /* Check if corresponding digest slot is used or not */
+            if (blocks[i] == EFUSE_BLK_KEY_MAX) {
+                ESP_LOGD(TAG, "SECURE_BOOT_DIGEST%d slot is not used", i);
+                continue;
+            }
+
 #if SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS
             if (esp_efuse_get_digest_revoke(i)) {
                 continue;