Merge branch 'add_agressive_revoke_v4.4' into 'release/v4.4'

secure_boot: Added Kconfig option for aggressive key revoke (v4.4)

See merge request espressif/esp-idf!15850

components/bootloader/Kconfig.projbuild

@@ -614,6 +614,22 @@ menu "Security features"
 
             Refer to the Secure Boot section of the ESP-IDF Programmer's Guide for this version before enabling.
 
+    config SECURE_BOOT_ENABLE_AGGRESSIVE_KEY_REVOKE
+        bool "Enable Aggressive key revoke strategy"
+        depends on SECURE_BOOT && (IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32S3)
+        default N
+        help
+            If this option is set, ROM bootloader will revoke the public key digest burned in efuse block
+            if it fails to verify the signature of software bootloader with it.
+            Revocation of keys does not happen when enabling secure boot. Once secure boot is enabled,
+            key revocation checks will be done on subsequent boot-up, while verifying the software bootloader
+
+            This feature provides a strong resistance against physical attacks on the device.
+
+            NOTE: Once a digest slot is revoked, it can never be used again to verify an image
+            This can lead to permanent bricking of the device, in case all keys are revoked
+            because of signature verification failure.
+
     choice SECURE_BOOTLOADER_KEY_ENCODING
         bool "Hardware Key Encoding"
         depends on SECURE_BOOTLOADER_REFLASHABLE

components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_bootloader.c

@@ -137,10 +137,13 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa
 #if SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS == 1
     int sb_result = ets_secure_boot_verify_signature(sig_block, image_digest, trusted.key_digests[0], verified_digest);
 #else
-    ets_secure_boot_key_digests_t trusted_key_digests;
+    ets_secure_boot_key_digests_t trusted_key_digests = {0};
     for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
         trusted_key_digests.key_digests[i] = &trusted.key_digests[i];
     }
+    // Key revocation happens in ROM bootloader.
+    // Do NOT allow key revocation while verifying application
+    trusted_key_digests.allow_key_revoke = false;
     int sb_result = ets_secure_boot_verify_signature(sig_block, image_digest, &trusted_key_digests, verified_digest);
 #endif
     if (sb_result != SB_SUCCESS) {

docs/en/security/secure-boot-v2.rst

@@ -330,6 +330,9 @@ Secure Boot Best Practices
     * Applications should be signed with only one key at a time, to minimize the exposure of unused private keys.
     * The bootloader can be signed with multiple keys from the factory.
 
+    Conservative approach:
+    ~~~~~~~~~~~~~~~~~~~~~~
+
     Assuming a trusted private key (N-1) has been compromised, to update to new key pair (N).
 
     1. Server sends an OTA update with an application signed with the new private key (#N).
@@ -342,6 +345,17 @@ Secure Boot Best Practices
 
     * A similar approach can also be used to physically re-flash with a new key. For physical re-flashing, the bootloader content can also be changed at the same time.
 
+    Aggressive approach:
+    ~~~~~~~~~~~~~~~~~~~~
+
+    ROM code has an additional feature of revoking a public key digest if the signature verification fails.
+
+    To enable this feature, you need to burn SECURE_BOOT_AGGRESSIVE_REVOKE efuse or enable :ref:`CONFIG_SECURE_BOOT_ENABLE_AGGRESSIVE_KEY_REVOKE`
+
+    Key revocation is not applicable unless secure boot is successfully enabled. Also, a key is not revoked in case of invalid signature block or invalid image digest, it is only revoked in case the signature verification fails, i.e. revoke key only if failure in step 3 of :ref:`verify_image`
+
+    Once a key is revoked, it can never be used for verfying a signature of an image. This feature provides strong resistance against physical attacks on the device. However, this could also brick the device permanently if all the keys are revoked because of signature verification failure.
+
 .. _secure-boot-v2-technical-details:
 
 Technical Details