fix(nvs_sec_provider): Added check for nvs_keys partition

Added check to whether nvs_keys partition is provided or not in partiton csv. Converted nvs_sec_provider_register_flash_enc_ctr and nvs_sec_provider_register_hmac_ctr functions from __attribute__(constructor) to ESP_SYSTEM_INIT_FN.
2024-10-05 20:47:46 -04:00 · 2024-08-30 11:26:34 +05:30 · 2024-08-30 11:26:34 +05:30 · aaf1f868d5
commit aaf1f868d5
parent ef221d007a
2 changed files with 24 additions and 6 deletions
--- a/components/esp_system/system_init_fn.txt
+++ b/components/esp_system/system_init_fn.txt
@ -97,6 +97,10 @@ SECONDARY: 130: init_coredump in components/espcoredump/src/core_dump_init.c on
 # esp_debug_stubs doesn't have init dependencies
 SECONDARY: 140: init_dbg_stubs in components/app_trace/debug_stubs.c on BIT(0)

+# Register NVS Encryption schemes
+SECONDARY: 150: nvs_sec_provider_register_flash_enc_scheme in components/nvs_sec_provider/nvs_sec_provider.c on BIT(0)
+SECONDARY: 151: nvs_sec_provider_register_hmac_scheme in components/nvs_sec_provider/nvs_sec_provider.c on BIT(0)
+
 # the rest of the components which are initialized from startup_funcs.c
 # [refactor-todo]: move init calls into respective components
 SECONDARY: 201: init_pm in components/esp_system/startup_funcs.c on BIT(0)
--- a/components/nvs_sec_provider/nvs_sec_provider.c
+++ b/components/nvs_sec_provider/nvs_sec_provider.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2023-2024 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -10,10 +10,10 @@
 #include "esp_fault.h"
 #include "soc/soc_caps.h"
 #include "sdkconfig.h"
-
 #include "nvs_flash.h"
 #include "nvs_sec_provider.h"

+#include "esp_private/startup_internal.h"
 #if SOC_HMAC_SUPPORTED
 #include "bootloader_random.h"
 #include "esp_random.h"
@ -79,14 +79,27 @@ esp_err_t nvs_sec_provider_register_flash_enc(const nvs_sec_config_flash_enc_t *
    return ESP_OK;
 }

-static void __attribute__((constructor)) nvs_sec_provider_register_flash_enc_ctr(void)
+
+ESP_SYSTEM_INIT_FN(nvs_sec_provider_register_flash_enc_scheme, SECONDARY, BIT(0), 150)
 {
    ESP_EARLY_LOGI(TAG, "NVS Encryption - Registering Flash encryption-based scheme...");

    nvs_sec_config_flash_enc_t sec_scheme_cfg = NVS_SEC_PROVIDER_CFG_FLASH_ENC_DEFAULT();
+
+     /*
+     * This checks partition with subtype nvs_keys from partition table, if NVS Encryption is enabled
+     * and "nvs_keys" do not exist in partition table, then execution gets aborted. To fix the problem,
+     * please introduce partition with subtype "nvs_keys" in the partition table.
+     */
+
+    if (sec_scheme_cfg.nvs_keys_part == NULL) {
+        ESP_EARLY_LOGE(TAG, "partition with subtype \"nvs_keys\" not found");
+        return ESP_FAIL;
+    }
+
    nvs_sec_scheme_t *sec_scheme_handle_out = NULL;

-    nvs_sec_provider_register_flash_enc(&sec_scheme_cfg, &sec_scheme_handle_out);
+    return nvs_sec_provider_register_flash_enc(&sec_scheme_cfg, &sec_scheme_handle_out);
 }

 #endif
@ -251,14 +264,15 @@ esp_err_t nvs_sec_provider_register_hmac(const nvs_sec_config_hmac_t *sec_scheme
 }

 #if CONFIG_NVS_SEC_KEY_PROTECT_USING_HMAC
-static void __attribute__((constructor)) nvs_sec_provider_register_hmac_ctr(void)
+ESP_SYSTEM_INIT_FN(nvs_sec_provider_register_hmac_scheme, SECONDARY, BIT(0), 151)
 {
    ESP_EARLY_LOGI(TAG, "NVS Encryption - Registering HMAC-based scheme...");

    nvs_sec_config_hmac_t sec_scheme_cfg = NVS_SEC_PROVIDER_CFG_HMAC_DEFAULT();
+
    nvs_sec_scheme_t *sec_scheme_handle_out = NULL;

-    nvs_sec_provider_register_hmac(&sec_scheme_cfg, &sec_scheme_handle_out);
+    return nvs_sec_provider_register_hmac(&sec_scheme_cfg, &sec_scheme_handle_out);
 }
 #endif  // CONFIG_NVS_SEC_KEY_PROTECT_USING_HMAC