fix(bootloader_support): Fix condition for SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT

Fix the condition to verify the image when SECURE_SIGNED_APPS_ECDSA_V2_SCHEME and
SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT are selected.
This commit is contained in:
Harshit Malpani 2023-09-15 17:25:10 +05:30
parent aaded3fd59
commit c4e6312687
No known key found for this signature in database
GPG Key ID: 441A8ACC7853D493

View File

@ -144,9 +144,9 @@ static esp_err_t secure_boot_v2_check(bool *need_fix)
#endif
#endif // CONFIG_SECURE_BOOT
#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
#if (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME) && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
static void rsa_check_signature_on_update_check(void)
static void check_signature_on_update_check(void)
{
// We rely on the keys used to sign this app to verify the next app on OTA, so make sure there is at
// least one to avoid a stuck firmware
@ -164,7 +164,7 @@ static void rsa_check_signature_on_update_check(void)
}
#endif
}
#endif // CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
#endif // (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME) && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
void esp_secure_boot_init_checks(void)
{
@ -184,9 +184,9 @@ void esp_secure_boot_init_checks(void)
#endif // CONFIG_SECURE_BOOT
#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
rsa_check_signature_on_update_check();
#endif // CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
#if (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME) && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
check_signature_on_update_check();
#endif // (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME) && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
}