esp-idf/components/bootloader_support
Angus Gratton 32756b165e bootloader: Add fault injection resistance to Secure Boot bootloader verification
Goal is that multiple faults would be required to bypass a boot-time signature check.

- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32

Add some additional checks for invalid sections:

- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
2020-03-06 01:16:04 +05:30
..
include bootloader: Add fault injection resistance to Secure Boot bootloader verification 2020-03-06 01:16:04 +05:30
include_bootloader feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-03-06 01:16:04 +05:30
src bootloader: Add fault injection resistance to Secure Boot bootloader verification 2020-03-06 01:16:04 +05:30
test ut: Move tests back from "esp32" subfolder 2020-01-06 17:13:53 +08:00
CMakeLists.txt feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-03-06 01:16:04 +05:30
component.mk feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-03-06 01:16:04 +05:30
Makefile.projbuild Secure boot: Correctly re-sign if signing key changes, better error if missing 2016-12-01 23:49:12 -08:00
README.rst Refactor existing bootloader common functionality into bootloader_support component 2016-11-02 17:58:41 +11:00

Bootloader Support Component
============================

Overview
--------

"Bootloader support" contains APIs which are used by the bootloader but are also needed for the main app.

Code in this component needs to be aware of being executed in a bootloader environment (no RTOS available, BOOTLOADER_BUILD macro set) or in an esp-idf app environment (RTOS running, need locking support.)