esp-idf/tools/test_apps/system/bootloader_sections
Mahavir Jain 6d2153d703 fix(ota): additional checks for secure version in anti-rollback case
Some additional checks related to secure version of the application in
anti-rollback case have been added to avoid any attempts to boot lower
security version but valid application (e.g., passive partition image).

- Read secure_version under sha256 protection

- First check has been added in the bootloader to ensure correct secure
  version after application verification and loading stage. This check
  happens before setting up the flash cache mapping and handling over
  the final control to application. This check ensures that application
  was not swapped (e.g., to lower security version but valid image) just
  before the load stage in bootloader.

- Second check has been added in the application startup code to ensure
  that currently booting app has higher security version than the one
  programmed in the eFuse for anti-rollback scenario. This will ensure
  that only the legit application boots-up on the device for
  anti-rollback case.
2024-02-15 15:23:19 +02:00
..
main Whitespace: Automated whitespace fixes (large commit) 2020-11-11 07:36:35 +00:00
CMakeLists.txt ci: add script to check section references 2020-09-03 18:14:17 +02:00
partitions_example.csv test_apps: add anti rollback configuration for bootloader build 2020-09-30 12:21:24 +05:30
sdkconfig.ci.anti_rollback fix(ota): additional checks for secure version in anti-rollback case 2024-02-15 15:23:19 +02:00
sdkconfig.ci.default ci: add script to check section references 2020-09-03 18:14:17 +02:00
sdkconfig.ci.flash_encryption efuse(esp32): Deprecate esp_efuse_burn_new_values() & esp_efuse_write_random_key() 2021-06-17 07:21:36 +08:00
sdkconfig.ci.rtc_retain bootloader: move rtc_retain_mem functions back into .iram_loader.text 2020-09-09 10:35:29 +02:00
sdkconfig.defaults ci: add script to check section references 2020-09-03 18:14:17 +02:00