From 7f40717eb2a05202f21c81131536f2a8ff0dd4db Mon Sep 17 00:00:00 2001 From: KonstantinKondrashov Date: Tue, 23 Mar 2021 19:45:17 +0800 Subject: [PATCH] secure_boot/SIGNED_ON_UPDATE_NO_SECURE_BOOT: Only the first position of signature blocks is used to verify any update --- components/bootloader_support/src/secure_boot.c | 5 +++++ .../src/secure_boot_v2/secure_boot_signatures_app.c | 10 ++++++++-- docs/en/security/secure-boot-v2.rst | 2 +- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/components/bootloader_support/src/secure_boot.c b/components/bootloader_support/src/secure_boot.c index 9806b5c864..2765b62feb 100644 --- a/components/bootloader_support/src/secure_boot.c +++ b/components/bootloader_support/src/secure_boot.c @@ -163,6 +163,11 @@ static void rsa_check_signature_on_update_check(void) ESP_LOGE(TAG, "This app is not signed, but check signature on update is enabled in config. It won't be possible to verify any update."); abort(); } +#if CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT && SECURE_BOOT_NUM_BLOCKS > 1 + if (digests.num_digests > 1) { + ESP_LOGW(TAG, "App has %d signatures. Only the first position of signature blocks is used to verify any update", digests.num_digests); + } +#endif } #endif // CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT diff --git a/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c b/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c index 6bc837a23c..6fecadc251 100644 --- a/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c +++ b/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c @@ -198,7 +198,13 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa goto exit; } - for (unsigned app_blk_idx = 0; app_blk_idx < SECURE_BOOT_NUM_BLOCKS; app_blk_idx++) { +#ifdef CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT + const unsigned secure_boot_num_blocks = 1; +#else + const unsigned secure_boot_num_blocks = SECURE_BOOT_NUM_BLOCKS; +#endif + + for (unsigned app_blk_idx = 0; app_blk_idx < secure_boot_num_blocks; app_blk_idx++) { uint8_t app_blk_digest[ESP_SECURE_BOOT_DIGEST_LEN] = { 0 }; const ets_secure_boot_sig_block_t *app_blk = &sig_block->block[app_blk_idx]; const ets_secure_boot_sig_block_t *trusted_block = NULL; @@ -213,7 +219,7 @@ esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signa bootloader_sha256_finish(sig_block_sha, app_blk_digest); /* Check if the key is one we trust */ - for (unsigned trusted_key_idx = 0; trusted_key_idx < SECURE_BOOT_NUM_BLOCKS; trusted_key_idx++) { + for (unsigned trusted_key_idx = 0; trusted_key_idx < secure_boot_num_blocks; trusted_key_idx++) { if (memcmp(app_blk_digest, trusted.key_digests[trusted_key_idx], ESP_SECURE_BOOT_DIGEST_LEN) == 0) { ESP_LOGI(TAG, "#%d app key digest == #%d trusted key digest", app_blk_idx, trusted_key_idx); trusted_block = app_blk; diff --git a/docs/en/security/secure-boot-v2.rst b/docs/en/security/secure-boot-v2.rst index 512e3a7690..98c6bf86d8 100644 --- a/docs/en/security/secure-boot-v2.rst +++ b/docs/en/security/secure-boot-v2.rst @@ -337,7 +337,7 @@ This may be desirable in cases where the delay of Secure Boot verification on st In this mode, any public key which is present in the signature block of the currently running app will be used to verify the signature of a newly updated app. (The signature on the running app isn't verified during the update process, it's assumed to be valid.) In this way the system creates a chain of trust from the running app to the newly updated app. -For this reason, it's essential that the initial app flashed to the device is also signed. A check is run on app startup and the app will abort if no signatures are found. This is to try and prevent a situation where no update is possible. Note again that, unlike hardware Secure Boot V2, the signature of the running app isn't verified on boot. The system only checks that at least one public key can be found there, in order to not prevent an update. +For this reason, it's essential that the initial app flashed to the device is also signed. A check is run on app startup and the app will abort if no signatures are found. This is to try and prevent a situation where no update is possible. The app should have only one valid signature block in the first position. Note again that, unlike hardware Secure Boot V2, the signature of the running app isn't verified on boot.The system only verifies a signature block in the first position and ignores the other (2) appended signatures. .. note::