mirror of
https://github.com/espressif/esp-idf.git
synced 2024-09-19 14:26:01 -04:00
Merge branch 'bugfix/fix_condition_to_verify_when_no_SB' into 'master'
fix(bootloader_support): Fix condition for checking signature in the application See merge request espressif/esp-idf!26026
This commit is contained in:
commit
5d9ebd2473
@ -709,14 +709,12 @@ menu "Security features"
|
||||
|
||||
config SECURE_BOOT_VERIFICATION_KEY
|
||||
string "Secure boot public signature verification key"
|
||||
depends on SECURE_SIGNED_APPS && !SECURE_BOOT_BUILD_SIGNED_BINARIES && !SECURE_SIGNED_APPS_RSA_SCHEME
|
||||
depends on SECURE_SIGNED_APPS && SECURE_SIGNED_APPS_ECDSA_SCHEME && !SECURE_BOOT_BUILD_SIGNED_BINARIES
|
||||
default "signature_verification_key.bin"
|
||||
help
|
||||
Path to a public key file used to verify signed images.
|
||||
Secure Boot V1: This ECDSA public key is compiled into the bootloader and/or
|
||||
app, to verify app images.
|
||||
Secure Boot V2: This RSA public key is compiled into the signature block at
|
||||
the end of the bootloader/app.
|
||||
|
||||
Key file is in raw binary format, and can be extracted from a
|
||||
PEM formatted private key using the espsecure.py
|
||||
|
@ -144,9 +144,9 @@ static esp_err_t secure_boot_v2_check(bool *need_fix)
|
||||
#endif
|
||||
#endif // CONFIG_SECURE_BOOT
|
||||
|
||||
#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
|
||||
#if (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME) && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
|
||||
|
||||
static void rsa_check_signature_on_update_check(void)
|
||||
static void check_signature_on_update_check(void)
|
||||
{
|
||||
// We rely on the keys used to sign this app to verify the next app on OTA, so make sure there is at
|
||||
// least one to avoid a stuck firmware
|
||||
@ -164,7 +164,7 @@ static void rsa_check_signature_on_update_check(void)
|
||||
}
|
||||
#endif
|
||||
}
|
||||
#endif // CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
|
||||
#endif // (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME) && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
|
||||
|
||||
void esp_secure_boot_init_checks(void)
|
||||
{
|
||||
@ -184,9 +184,9 @@ void esp_secure_boot_init_checks(void)
|
||||
#endif // CONFIG_SECURE_BOOT
|
||||
|
||||
|
||||
#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
|
||||
rsa_check_signature_on_update_check();
|
||||
#endif // CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
|
||||
#if (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME) && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
|
||||
check_signature_on_update_check();
|
||||
#endif // (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME) && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
|
||||
|
||||
}
|
||||
|
||||
|
@ -68,6 +68,12 @@ tools/test_apps/security/secure_boot:
|
||||
- if: IDF_ENV_FPGA != 1
|
||||
reason: the test can only run on an FPGA as efuses need to be reset during the test.
|
||||
|
||||
tools/test_apps/security/signed_app_no_secure_boot:
|
||||
enable:
|
||||
- if: IDF_TARGET in ["esp32c2", "esp32c3"]
|
||||
temporary: true
|
||||
reason: No need to test on all targets
|
||||
|
||||
tools/test_apps/system/bootloader_sections:
|
||||
disable:
|
||||
- if: IDF_TARGET == "esp32c2"
|
||||
|
@ -0,0 +1,7 @@
|
||||
# The following lines of boilerplate have to be in your project's
|
||||
# CMakeLists in this exact order for cmake to work correctly
|
||||
cmake_minimum_required(VERSION 3.16)
|
||||
|
||||
# Secure Boot not currently supported for ESP32-S2
|
||||
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
|
||||
project(secure_boot)
|
11
tools/test_apps/security/signed_app_no_secure_boot/README.md
Normal file
11
tools/test_apps/security/signed_app_no_secure_boot/README.md
Normal file
@ -0,0 +1,11 @@
|
||||
| Supported Targets | ESP32-C2 | ESP32-C3 |
|
||||
| ----------------- | -------- | -------- |
|
||||
|
||||
# Secure Signed On Update No Secure Boot
|
||||
|
||||
This examples verifies the case when CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT is selected and application is not signed. The application should abort its execution with the logs:
|
||||
|
||||
```
|
||||
secure_boot_v2: No signatures were found for the running app
|
||||
secure_boot: This app is not signed, but check signature on update is enabled in config. It won't be possible to verify any update.
|
||||
```
|
@ -0,0 +1,2 @@
|
||||
idf_component_register(SRCS "main.c"
|
||||
INCLUDE_DIRS ".")
|
@ -0,0 +1,15 @@
|
||||
/*
|
||||
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
|
||||
*
|
||||
* SPDX-License-Identifier: Unlicense OR CC0-1.0
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include "freertos/FreeRTOS.h"
|
||||
#include "freertos/task.h"
|
||||
|
||||
#define TAG "example_secure_boot"
|
||||
|
||||
void app_main(void)
|
||||
{
|
||||
printf("\nExample for secured signed with no secure boot\n");
|
||||
}
|
@ -0,0 +1,12 @@
|
||||
# SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
|
||||
# SPDX-License-Identifier: Unlicense OR CC0-1.0
|
||||
|
||||
import pytest
|
||||
from pytest_embedded import Dut
|
||||
|
||||
|
||||
@pytest.mark.esp32c2
|
||||
@pytest.mark.esp32c3
|
||||
@pytest.mark.generic
|
||||
def test_examples_security_on_update_no_secure_boot(dut: Dut) -> None:
|
||||
dut.expect("This app is not signed, but check signature on update is enabled in config. It won't be possible to verify any update.", timeout=10)
|
@ -0,0 +1,8 @@
|
||||
CONFIG_SECURE_SIGNED_ON_UPDATE=y
|
||||
CONFIG_SECURE_SIGNED_APPS=y
|
||||
CONFIG_SECURE_BOOT_V2_PREFERRED=y
|
||||
CONFIG_SECURE_SIGNED_APPS_NO_SECURE_BOOT=y
|
||||
CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT=y
|
||||
# CONFIG_SECURE_BOOT is not set
|
||||
# CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES is not set
|
||||
# CONFIG_SECURE_FLASH_ENC_ENABLED is not set
|
Loading…
Reference in New Issue
Block a user