mirror
/
esp-idf
kopia lustrzana https://github.com/espressif/esp-idf
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Merge branch 'bugfix/secure_boot_v2_part_size_check' into 'master' 

gen_esp32part: allow secure boot v2 based app partition size 4K aligned

See merge request espressif/esp-idf!22188
pull/10745/head
Mahavir Jain 2023-02-08 18:42:34 +08:00
rodzic 889142552c 9628118400
commit 3850e9327a
3 zmienionych plików z 65 dodań i 10 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

6
components/partition_table/CMakeLists.txt
Wyświetl plik

@ -31,7 +31,11 @@ if(CONFIG_ESPTOOLPY_FLASHSIZE)
endif()
if(CONFIG_SECURE_BOOT AND NOT CONFIG_SECURE_BOOT_ALLOW_SHORT_APP_PARTITION)
set(partition_secure_opt --secure)
if(CONFIG_SECURE_BOOT_V2_ENABLED)
set(partition_secure_opt --secure v2)
else()
set(partition_secure_opt --secure v1)
endif()
else()
set(partition_secure_opt "")
endif()

37
components/partition_table/gen_esp32part.py
Wyświetl plik

@ -28,6 +28,10 @@ PARTITION_TABLE_SIZE = 0x1000 # Size of partition table
MIN_PARTITION_SUBTYPE_APP_OTA = 0x10
NUM_PARTITION_SUBTYPE_APP_OTA = 16
SECURE_NONE = None
SECURE_V1 = 'v1'
SECURE_V2 = 'v2'
__version__ = '1.2'
APP_TYPE = 0x00
@ -88,10 +92,23 @@ ALIGNMENT = {
}
def get_alignment_for_type(ptype):
def get_alignment_offset_for_type(ptype):
return ALIGNMENT.get(ptype, ALIGNMENT[DATA_TYPE])
def get_alignment_size_for_type(ptype):
if ptype == APP_TYPE and secure == SECURE_V1:
# For secure boot v1 case, app partition must be 64K aligned
# signature block (68 bytes) lies at the very end of 64K block
return 0x10000
if ptype == APP_TYPE and secure == SECURE_V2:
# For secure boot v2 case, app partition must be 4K aligned
# signature block (4K) is kept after padding the unsigned image to 64K boundary
return 0x1000
# No specific size alignement requirement as such
return 0x1
def get_partition_type(ptype):
if ptype == 'app':
return APP_TYPE
@ -114,7 +131,7 @@ def add_extra_subtypes(csv):
quiet = False
md5sum = True
secure = False
secure = SECURE_NONE
offset_part_table = 0
@ -183,7 +200,7 @@ class PartitionTable(list):
raise InputError('CSV Error at line %d: Partitions overlap. Partition sets offset 0x%x. Previous partition ends 0x%x'
% (e.line_no, e.offset, last_end))
if e.offset is None:
pad_to = get_alignment_for_type(e.type)
pad_to = get_alignment_offset_for_type(e.type)
if last_end % pad_to != 0:
last_end += pad_to - (last_end % pad_to)
e.offset = last_end
@ -416,13 +433,15 @@ class PartitionDefinition(object):
raise ValidationError(self, 'Subtype field is not set')
if self.offset is None:
raise ValidationError(self, 'Offset field is not set')
align = get_alignment_for_type(self.type)
if self.offset % align:
raise ValidationError(self, 'Offset 0x%x is not aligned to 0x%x' % (self.offset, align))
if self.size % align and secure and self.type == APP_TYPE:
raise ValidationError(self, 'Size 0x%x is not aligned to 0x%x' % (self.size, align))
if self.size is None:
raise ValidationError(self, 'Size field is not set')
offset_align = get_alignment_offset_for_type(self.type)
if self.offset % offset_align:
raise ValidationError(self, 'Offset 0x%x is not aligned to 0x%x' % (self.offset, offset_align))
if self.type == APP_TYPE and secure is not SECURE_NONE:
size_align = get_alignment_size_for_type(self.type)
if self.size % size_align:
raise ValidationError(self, 'Size 0x%x is not aligned to 0x%x' % (self.size, size_align))
if self.name in TYPES and TYPES.get(self.name, '') != self.type:
critical("WARNING: Partition has name '%s' which is a partition type, but does not match this partition's "
@ -527,7 +546,7 @@ def main():
'enabled by default and this flag does nothing.', action='store_true')
parser.add_argument('--quiet', '-q', help="Don't print non-critical status messages to stderr", action='store_true')
parser.add_argument('--offset', '-o', help='Set offset partition table', default='0x8000')
parser.add_argument('--secure', help='Require app partitions to be suitable for secure boot', action='store_true')
parser.add_argument('--secure', help='Require app partitions to be suitable for secure boot', nargs='?', const=SECURE_V1, choices=[SECURE_V1, SECURE_V2])
parser.add_argument('--extra-partition-subtypes', help='Extra partition subtype entries', nargs='*')
parser.add_argument('input', help='Path to CSV or binary file to parse.', type=argparse.FileType('rb'))
parser.add_argument('output', help='Path to output converted binary or CSV file. Will use stdout if omitted.',

32
components/partition_table/test_gen_esp32part_host/gen_esp32part_tests.py
Wyświetl plik

@ -389,6 +389,38 @@ class CommandLineTests(Py23TestCase):
class VerificationTests(Py23TestCase):
def _run_genesp32(self, csvcontents, args):
csvpath = tempfile.mktemp()
with open(csvpath, 'w') as f:
f.write(csvcontents)
try:
output = subprocess.check_output([sys.executable, '../gen_esp32part.py', csvpath] + args, stderr=subprocess.STDOUT)
return output.strip()
except subprocess.CalledProcessError as e:
return e.output.strip()
finally:
os.remove(csvpath)
def test_check_secure_app_size(self):
sample_csv = """
ota_0, app, ota_0, , 0x101000
ota_1, app, ota_1, , 0x100800
"""
def rge(args):
return self._run_genesp32(sample_csv, args)
# Valid test that would pass with the above partition table
partfile = tempfile.mktemp()
self.assertEqual(rge([partfile]), b'Parsing CSV input...\nVerifying table...')
os.remove(partfile)
# Failure case 1, incorrect ota_0 partition size
self.assertEqual(rge(['-q', '--secure', 'v1']),
b'Partition ota_0 invalid: Size 0x101000 is not aligned to 0x10000')
# Failure case 2, incorrect ota_1 partition size
self.assertEqual(rge(['-q', '--secure', 'v2']),
b'Partition ota_1 invalid: Size 0x100800 is not aligned to 0x1000')
def test_bad_alignment(self):
csv = """
# Name,Type, SubType,Offset,Size