secure boot: Use mbedtls_sha256() not esp_sha()

Latter is probably compiled into most firmwares already, saves some size. Ref https://github.com/espressif/esp-idf/issues/3127
2024-10-05 20:47:46 -04:00 · 2019-03-08 16:16:55 +11:00 · 2019-03-08 16:16:55 +11:00 · 5c6be8380e
commit 5c6be8380e
parent 1d8e1c4ce4
1 changed files with 3 additions and 3 deletions
--- a/components/bootloader_support/src/secure_boot_signatures.c
+++ b/components/bootloader_support/src/secure_boot_signatures.c
@ -25,7 +25,7 @@
 #include "rom/sha.h"
 typedef SHA_CTX sha_context;
 #else
-#include "hwcrypto/sha.h"
+#include "mbedtls/sha256.h"
 #endif

 static const char* TAG = "secure_boot";
@ -57,8 +57,8 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
    bootloader_sha256_data(handle, data, length);
    bootloader_sha256_finish(handle, digest);
 #else
-    /* Use thread-safe esp-idf SHA function */
-    esp_sha(SHA2_256, data, length, digest);
+    /* Use thread-safe mbedTLS version */
+    mbedtls_sha256_ret(data, length, digest, 0);
 #endif

    // Map the signature block and verify the signature