mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
4c95aa445d
Some additional checks related to secure version of the application in anti-rollback case have been added to avoid any attempts to boot lower security version but valid application (e.g., passive partition image). - Read secure_version under sha256 protection - First check has been added in the bootloader to ensure correct secure version after application verification and loading stage. This check happens before setting up the flash cache mapping and handling over the final control to application. This check ensures that application was not swapped (e.g., to lower security version but valid image) just before the load stage in bootloader. - Second check has been added in the application startup code to ensure that currently booting app has higher security version than the one programmed in the eFuse for anti-rollback scenario. This will ensure that only the legit application boots-up on the device for anti-rollback case. |
||
---|---|---|
.. | ||
bootloader_flash | ||
include | ||
private_include | ||
src | ||
test_apps | ||
CMakeLists.txt | ||
README.rst |
Bootloader Support Component ============================ Overview -------- "Bootloader support" contains APIs which are used by the bootloader but are also needed for the main app. Code in this component needs to be aware of being executed in a bootloader environment (no RTOS available, BOOTLOADER_BUILD macro set) or in an esp-idf app environment (RTOS running, need locking support.)