kopia lustrzana https://github.com/espressif/esp-idf
Merge branch 'bugfix/secure_boot_v2_part_size_check' into 'master'
gen_esp32part: allow secure boot v2 based app partition size 4K aligned See merge request espressif/esp-idf!22188pull/10745/head
commit
3850e9327a
|
@ -31,7 +31,11 @@ if(CONFIG_ESPTOOLPY_FLASHSIZE)
|
|||
endif()
|
||||
|
||||
if(CONFIG_SECURE_BOOT AND NOT CONFIG_SECURE_BOOT_ALLOW_SHORT_APP_PARTITION)
|
||||
set(partition_secure_opt --secure)
|
||||
if(CONFIG_SECURE_BOOT_V2_ENABLED)
|
||||
set(partition_secure_opt --secure v2)
|
||||
else()
|
||||
set(partition_secure_opt --secure v1)
|
||||
endif()
|
||||
else()
|
||||
set(partition_secure_opt "")
|
||||
endif()
|
||||
|
|
|
@ -28,6 +28,10 @@ PARTITION_TABLE_SIZE = 0x1000 # Size of partition table
|
|||
MIN_PARTITION_SUBTYPE_APP_OTA = 0x10
|
||||
NUM_PARTITION_SUBTYPE_APP_OTA = 16
|
||||
|
||||
SECURE_NONE = None
|
||||
SECURE_V1 = 'v1'
|
||||
SECURE_V2 = 'v2'
|
||||
|
||||
__version__ = '1.2'
|
||||
|
||||
APP_TYPE = 0x00
|
||||
|
@ -88,10 +92,23 @@ ALIGNMENT = {
|
|||
}
|
||||
|
||||
|
||||
def get_alignment_for_type(ptype):
|
||||
def get_alignment_offset_for_type(ptype):
|
||||
return ALIGNMENT.get(ptype, ALIGNMENT[DATA_TYPE])
|
||||
|
||||
|
||||
def get_alignment_size_for_type(ptype):
|
||||
if ptype == APP_TYPE and secure == SECURE_V1:
|
||||
# For secure boot v1 case, app partition must be 64K aligned
|
||||
# signature block (68 bytes) lies at the very end of 64K block
|
||||
return 0x10000
|
||||
if ptype == APP_TYPE and secure == SECURE_V2:
|
||||
# For secure boot v2 case, app partition must be 4K aligned
|
||||
# signature block (4K) is kept after padding the unsigned image to 64K boundary
|
||||
return 0x1000
|
||||
# No specific size alignement requirement as such
|
||||
return 0x1
|
||||
|
||||
|
||||
def get_partition_type(ptype):
|
||||
if ptype == 'app':
|
||||
return APP_TYPE
|
||||
|
@ -114,7 +131,7 @@ def add_extra_subtypes(csv):
|
|||
|
||||
quiet = False
|
||||
md5sum = True
|
||||
secure = False
|
||||
secure = SECURE_NONE
|
||||
offset_part_table = 0
|
||||
|
||||
|
||||
|
@ -183,7 +200,7 @@ class PartitionTable(list):
|
|||
raise InputError('CSV Error at line %d: Partitions overlap. Partition sets offset 0x%x. Previous partition ends 0x%x'
|
||||
% (e.line_no, e.offset, last_end))
|
||||
if e.offset is None:
|
||||
pad_to = get_alignment_for_type(e.type)
|
||||
pad_to = get_alignment_offset_for_type(e.type)
|
||||
if last_end % pad_to != 0:
|
||||
last_end += pad_to - (last_end % pad_to)
|
||||
e.offset = last_end
|
||||
|
@ -416,13 +433,15 @@ class PartitionDefinition(object):
|
|||
raise ValidationError(self, 'Subtype field is not set')
|
||||
if self.offset is None:
|
||||
raise ValidationError(self, 'Offset field is not set')
|
||||
align = get_alignment_for_type(self.type)
|
||||
if self.offset % align:
|
||||
raise ValidationError(self, 'Offset 0x%x is not aligned to 0x%x' % (self.offset, align))
|
||||
if self.size % align and secure and self.type == APP_TYPE:
|
||||
raise ValidationError(self, 'Size 0x%x is not aligned to 0x%x' % (self.size, align))
|
||||
if self.size is None:
|
||||
raise ValidationError(self, 'Size field is not set')
|
||||
offset_align = get_alignment_offset_for_type(self.type)
|
||||
if self.offset % offset_align:
|
||||
raise ValidationError(self, 'Offset 0x%x is not aligned to 0x%x' % (self.offset, offset_align))
|
||||
if self.type == APP_TYPE and secure is not SECURE_NONE:
|
||||
size_align = get_alignment_size_for_type(self.type)
|
||||
if self.size % size_align:
|
||||
raise ValidationError(self, 'Size 0x%x is not aligned to 0x%x' % (self.size, size_align))
|
||||
|
||||
if self.name in TYPES and TYPES.get(self.name, '') != self.type:
|
||||
critical("WARNING: Partition has name '%s' which is a partition type, but does not match this partition's "
|
||||
|
@ -527,7 +546,7 @@ def main():
|
|||
'enabled by default and this flag does nothing.', action='store_true')
|
||||
parser.add_argument('--quiet', '-q', help="Don't print non-critical status messages to stderr", action='store_true')
|
||||
parser.add_argument('--offset', '-o', help='Set offset partition table', default='0x8000')
|
||||
parser.add_argument('--secure', help='Require app partitions to be suitable for secure boot', action='store_true')
|
||||
parser.add_argument('--secure', help='Require app partitions to be suitable for secure boot', nargs='?', const=SECURE_V1, choices=[SECURE_V1, SECURE_V2])
|
||||
parser.add_argument('--extra-partition-subtypes', help='Extra partition subtype entries', nargs='*')
|
||||
parser.add_argument('input', help='Path to CSV or binary file to parse.', type=argparse.FileType('rb'))
|
||||
parser.add_argument('output', help='Path to output converted binary or CSV file. Will use stdout if omitted.',
|
||||
|
|
|
@ -389,6 +389,38 @@ class CommandLineTests(Py23TestCase):
|
|||
|
||||
class VerificationTests(Py23TestCase):
|
||||
|
||||
def _run_genesp32(self, csvcontents, args):
|
||||
csvpath = tempfile.mktemp()
|
||||
with open(csvpath, 'w') as f:
|
||||
f.write(csvcontents)
|
||||
try:
|
||||
output = subprocess.check_output([sys.executable, '../gen_esp32part.py', csvpath] + args, stderr=subprocess.STDOUT)
|
||||
return output.strip()
|
||||
except subprocess.CalledProcessError as e:
|
||||
return e.output.strip()
|
||||
finally:
|
||||
os.remove(csvpath)
|
||||
|
||||
def test_check_secure_app_size(self):
|
||||
sample_csv = """
|
||||
ota_0, app, ota_0, , 0x101000
|
||||
ota_1, app, ota_1, , 0x100800
|
||||
"""
|
||||
|
||||
def rge(args):
|
||||
return self._run_genesp32(sample_csv, args)
|
||||
|
||||
# Valid test that would pass with the above partition table
|
||||
partfile = tempfile.mktemp()
|
||||
self.assertEqual(rge([partfile]), b'Parsing CSV input...\nVerifying table...')
|
||||
os.remove(partfile)
|
||||
# Failure case 1, incorrect ota_0 partition size
|
||||
self.assertEqual(rge(['-q', '--secure', 'v1']),
|
||||
b'Partition ota_0 invalid: Size 0x101000 is not aligned to 0x10000')
|
||||
# Failure case 2, incorrect ota_1 partition size
|
||||
self.assertEqual(rge(['-q', '--secure', 'v2']),
|
||||
b'Partition ota_1 invalid: Size 0x100800 is not aligned to 0x1000')
|
||||
|
||||
def test_bad_alignment(self):
|
||||
csv = """
|
||||
# Name,Type, SubType,Offset,Size
|
||||
|
|
Ładowanie…
Reference in New Issue