From e517b4953f4a8db3d214bcbc3101b9e37480d040 Mon Sep 17 00:00:00 2001 From: Supreet Deshpande Date: Fri, 18 Dec 2020 14:10:28 +0530 Subject: [PATCH] Secure Boot v2: Fix the double padding of the image length during flash encryption Fixes https://github.com/espressif/esp-idf/issues/6236 --- components/bootloader_support/src/esp32/flash_encrypt.c | 4 +--- components/bootloader_support/src/esp32s2/flash_encrypt.c | 4 +--- components/bootloader_support/src/esp32s3/flash_encrypt.c | 4 +--- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/components/bootloader_support/src/esp32/flash_encrypt.c b/components/bootloader_support/src/esp32/flash_encrypt.c index 0a75ae6cf3..ebbf598ea2 100644 --- a/components/bootloader_support/src/esp32/flash_encrypt.c +++ b/components/bootloader_support/src/esp32/flash_encrypt.c @@ -252,9 +252,7 @@ static esp_err_t encrypt_bootloader(void) ESP_LOGD(TAG, "bootloader is plaintext. Encrypting..."); #if CONFIG_SECURE_BOOT_V2_ENABLED - // Account for the signature sector after the bootloader - image_length = (image_length + FLASH_SECTOR_SIZE - 1) & ~(FLASH_SECTOR_SIZE - 1); - image_length += FLASH_SECTOR_SIZE; + /* The image length obtained from esp_image_verify_bootloader includes the sector boundary padding and the signature block lengths */ if (ESP_BOOTLOADER_OFFSET + image_length > ESP_PARTITION_TABLE_OFFSET) { ESP_LOGE(TAG, "Bootloader is too large to fit Secure Boot V2 signature sector and partition table (configured offset 0x%x)", ESP_PARTITION_TABLE_OFFSET); return ESP_ERR_INVALID_STATE; diff --git a/components/bootloader_support/src/esp32s2/flash_encrypt.c b/components/bootloader_support/src/esp32s2/flash_encrypt.c index 017c42d8c0..9c624c6cf1 100644 --- a/components/bootloader_support/src/esp32s2/flash_encrypt.c +++ b/components/bootloader_support/src/esp32s2/flash_encrypt.c @@ -286,9 +286,7 @@ static esp_err_t encrypt_bootloader(void) ESP_LOGD(TAG, "bootloader is plaintext. Encrypting..."); #if CONFIG_SECURE_BOOT_V2_ENABLED - // Account for the signature sector after the bootloader - image_length = (image_length + FLASH_SECTOR_SIZE - 1) & ~(FLASH_SECTOR_SIZE - 1); - image_length += FLASH_SECTOR_SIZE; + /* The image length obtained from esp_image_verify_bootloader includes the sector boundary padding and the signature block lengths */ if (ESP_BOOTLOADER_OFFSET + image_length > ESP_PARTITION_TABLE_OFFSET) { ESP_LOGE(TAG, "Bootloader is too large to fit Secure Boot V2 signature sector and partition table (configured offset 0x%x)", ESP_PARTITION_TABLE_OFFSET); return ESP_ERR_INVALID_SIZE; diff --git a/components/bootloader_support/src/esp32s3/flash_encrypt.c b/components/bootloader_support/src/esp32s3/flash_encrypt.c index f7cff92435..a29dc429e2 100644 --- a/components/bootloader_support/src/esp32s3/flash_encrypt.c +++ b/components/bootloader_support/src/esp32s3/flash_encrypt.c @@ -287,9 +287,7 @@ static esp_err_t encrypt_bootloader(void) ESP_LOGD(TAG, "bootloader is plaintext. Encrypting..."); #if CONFIG_SECURE_BOOT_V2_ENABLED - // Account for the signature sector after the bootloader - image_length = (image_length + FLASH_SECTOR_SIZE - 1) & ~(FLASH_SECTOR_SIZE - 1); - image_length += FLASH_SECTOR_SIZE; + /* The image length obtained from esp_image_verify_bootloader includes the sector boundary padding and the signature block lengths */ if (ESP_BOOTLOADER_OFFSET + image_length > ESP_PARTITION_TABLE_OFFSET) { ESP_LOGE(TAG, "Bootloader is too large to fit Secure Boot V2 signature sector and partition table (configured offset 0x%x)", ESP_PARTITION_TABLE_OFFSET); return ESP_ERR_INVALID_SIZE;