esp-idf/components/bootloader/subproject/components/micro-ecc/uECC_verify_antifault.h
Angus Gratton d40c69375c bootloader: Add fault injection resistance to Secure Boot bootloader verification
Goal is that multiple faults would be required to bypass a boot-time signature check.

- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32

Add some additional checks for invalid sections:

- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
2020-02-27 14:37:19 +05:30

19 lines
704 B
C

/* Copyright 2014, Kenneth MacKay. Licensed under the BSD 2-clause license.
Modifications Copyright 2020, Espressif Systems (Shanghai) PTE LTD. Licensed under the BSD
2-clause license.
*/
#pragma once
#include "uECC.h"
/* Version uECC_verify() that also copies message_hash to verified_hash
if the signature is valid, and does it in a way that is harder to attack
with fault injection.
*/
int uECC_verify_antifault(const uint8_t *public_key,
const uint8_t *message_hash,
unsigned hash_size,
const uint8_t *signature,
uECC_Curve curve,
uint8_t *verified_hash);