From ce634ef221cc919ca94f62ab99e6d06912613969 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 13 Jul 2018 15:21:07 +1000 Subject: [PATCH 1/3] bootloader: Fix secure boot & flash encryption functionality Fixes regression in 3e0ac4db79. --- .../subproject/main/esp32.bootloader.ld | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/components/bootloader/subproject/main/esp32.bootloader.ld b/components/bootloader/subproject/main/esp32.bootloader.ld index 2c5778c39c..b89bba1248 100644 --- a/components/bootloader/subproject/main/esp32.bootloader.ld +++ b/components/bootloader/subproject/main/esp32.bootloader.ld @@ -36,19 +36,25 @@ SECTIONS *(.iram1 .iram1.*) /* catch stray IRAM_ATTR */ *liblog.a:(.literal .text .literal.* .text.*) *libgcc.a:(.literal .text .literal.* .text.*) - *libbootloader_support.a:bootloader_utility.o(.literal .text .literal.* .text.*) - *libbootloader_support.a:esp_image_format.o(.literal .text .literal.* .text.*) - *libbootloader_support.a:bootloader_random.o(.literal .text .literal.* .text.*) *libbootloader_support.a:bootloader_flash.o(.literal .text .literal.* .text.*) - *libbootloader_support.a:flash_partitions.o(.literal .text .literal.* .text.*) + *libbootloader_support.a:bootloader_random.o(.literal .text .literal.* .text.*) + *libbootloader_support.a:bootloader_utility.o(.literal .text .literal.* .text.*) *libbootloader_support.a:bootloader_sha.o(.literal .text .literal.* .text.*) + *libbootloader_support.a:efuse.o(.literal .text .literal.* .text.*) + *libbootloader_support.a:esp_image_format.o(.literal .text .literal.* .text.*) + *libbootloader_support.a:flash_encrypt.o(.literal .text .literal.* .text.*) + *libbootloader_support.a:flash_partitions.o(.literal .text .literal.* .text.*) + *libbootloader_support.a:secure_boot.o(.literal .text .literal.* .text.*) + *libbootloader_support.a:secure_boot_signatures.o(.literal .text .literal.* .text.*) + *libmicro-ecc.a:*.o(.literal .text .literal.* .text.*) + *libspi_flash.a:*.o(.literal .text .literal.* .text.*) *(.fini.literal) *(.fini) *(.gnu.version) _text_end = ABSOLUTE(.); _etext = .; } > iram_loader_seg - + .iram.text : { . = ALIGN (16); From ec73cebb5929dc9cc5fe241a281cca3ef3773fb5 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 13 Jul 2018 15:23:04 +1000 Subject: [PATCH 2/3] bootloader: Don't verify Partition Table as part of Secure Boot Partition Tables are still signed for backwards compatibility, but signature is no longer checked as part of bootloader. Closes https://github.com/espressif/esp-idf/issues/1641 --- .../include/esp_flash_partitions.h | 11 +++++++++-- .../bootloader_support/src/bootloader_common.c | 14 +------------- .../bootloader_support/src/bootloader_utility.c | 14 +------------- components/bootloader_support/src/flash_encrypt.c | 2 +- .../bootloader_support/src/flash_partitions.c | 2 +- 5 files changed, 13 insertions(+), 30 deletions(-) diff --git a/components/bootloader_support/include/esp_flash_partitions.h b/components/bootloader_support/include/esp_flash_partitions.h index 24b6f25d2d..b5f37aa5fc 100644 --- a/components/bootloader_support/include/esp_flash_partitions.h +++ b/components/bootloader_support/include/esp_flash_partitions.h @@ -27,7 +27,7 @@ #define ESP_PARTITION_TABLE_MAX_LEN 0xC00 /* Maximum length of partition table data */ #define ESP_PARTITION_TABLE_MAX_ENTRIES (ESP_PARTITION_TABLE_MAX_LEN / sizeof(esp_partition_info_t)) /* Maximum length of partition table data, including terminating entry */ -/* @brief Verify the partition table (does not include verifying secure boot cryptographic signature) +/* @brief Verify the partition table * * @param partition_table Pointer to at least ESP_PARTITION_TABLE_MAX_ENTRIES of potential partition table data. (ESP_PARTITION_TABLE_MAX_LEN bytes.) * @param log_errors Log errors if the partition table is invalid. @@ -35,6 +35,13 @@ * * @return ESP_OK on success, ESP_ERR_INVALID_STATE if partition table is not valid. */ -esp_err_t esp_partition_table_basic_verify(const esp_partition_info_t *partition_table, bool log_errors, int *num_partitions); +esp_err_t esp_partition_table_verify(const esp_partition_info_t *partition_table, bool log_errors, int *num_partitions); + + +/* This function is included for compatibility with the ESP-IDF v3.x API */ +inline static __attribute__((deprecated)) esp_err_t esp_partition_table_basic_verify(const esp_partition_info_t *partition_table, bool log_errors, int *num_partitions) +{ + return esp_partition_table_verify(partition_table, log_errors, num_partitions); +} #endif diff --git a/components/bootloader_support/src/bootloader_common.c b/components/bootloader_support/src/bootloader_common.c index 98e5606ede..36b4b8ba2d 100644 --- a/components/bootloader_support/src/bootloader_common.c +++ b/components/bootloader_support/src/bootloader_common.c @@ -100,18 +100,6 @@ bool bootloader_common_erase_part_type_data(const char *list_erase, bool ota_dat int num_partitions; bool ret = true; -#ifdef CONFIG_SECURE_BOOT_ENABLED - if (esp_secure_boot_enabled()) { - ESP_LOGI(TAG, "Verifying partition table signature..."); - err = esp_secure_boot_verify_signature(ESP_PARTITION_TABLE_OFFSET, ESP_PARTITION_TABLE_MAX_LEN); - if (err != ESP_OK) { - ESP_LOGE(TAG, "Failed to verify partition table signature."); - return false; - } - ESP_LOGD(TAG, "Partition table signature verified"); - } -#endif - partitions = bootloader_mmap(ESP_PARTITION_TABLE_OFFSET, ESP_PARTITION_TABLE_MAX_LEN); if (!partitions) { ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", ESP_PARTITION_TABLE_OFFSET, ESP_PARTITION_TABLE_MAX_LEN); @@ -119,7 +107,7 @@ bool bootloader_common_erase_part_type_data(const char *list_erase, bool ota_dat } ESP_LOGD(TAG, "mapped partition table 0x%x at 0x%x", ESP_PARTITION_TABLE_OFFSET, (intptr_t)partitions); - err = esp_partition_table_basic_verify(partitions, true, &num_partitions); + err = esp_partition_table_verify(partitions, true, &num_partitions); if (err != ESP_OK) { ESP_LOGE(TAG, "Failed to verify partition table"); ret = false; diff --git a/components/bootloader_support/src/bootloader_utility.c b/components/bootloader_support/src/bootloader_utility.c index 6ab3e50c51..6b0145a629 100644 --- a/components/bootloader_support/src/bootloader_utility.c +++ b/components/bootloader_support/src/bootloader_utility.c @@ -72,18 +72,6 @@ bool bootloader_utility_load_partition_table(bootloader_state_t* bs) esp_err_t err; int num_partitions; -#ifdef CONFIG_SECURE_BOOT_ENABLED - if(esp_secure_boot_enabled()) { - ESP_LOGI(TAG, "Verifying partition table signature..."); - err = esp_secure_boot_verify_signature(ESP_PARTITION_TABLE_OFFSET, ESP_PARTITION_TABLE_MAX_LEN); - if (err != ESP_OK) { - ESP_LOGE(TAG, "Failed to verify partition table signature."); - return false; - } - ESP_LOGD(TAG, "Partition table signature verified"); - } -#endif - partitions = bootloader_mmap(ESP_PARTITION_TABLE_OFFSET, ESP_PARTITION_TABLE_MAX_LEN); if (!partitions) { ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", ESP_PARTITION_TABLE_OFFSET, ESP_PARTITION_TABLE_MAX_LEN); @@ -91,7 +79,7 @@ bool bootloader_utility_load_partition_table(bootloader_state_t* bs) } ESP_LOGD(TAG, "mapped partition table 0x%x at 0x%x", ESP_PARTITION_TABLE_OFFSET, (intptr_t)partitions); - err = esp_partition_table_basic_verify(partitions, true, &num_partitions); + err = esp_partition_table_verify(partitions, true, &num_partitions); if (err != ESP_OK) { ESP_LOGE(TAG, "Failed to verify partition table"); return false; diff --git a/components/bootloader_support/src/flash_encrypt.c b/components/bootloader_support/src/flash_encrypt.c index 290a02a911..a9e8f8f9ba 100644 --- a/components/bootloader_support/src/flash_encrypt.c +++ b/components/bootloader_support/src/flash_encrypt.c @@ -254,7 +254,7 @@ static esp_err_t encrypt_and_load_partition_table(esp_partition_info_t *partitio ESP_LOGE(TAG, "Failed to read partition table data"); return err; } - if (esp_partition_table_basic_verify(partition_table, false, num_partitions) == ESP_OK) { + if (esp_partition_table_verify(partition_table, false, num_partitions) == ESP_OK) { ESP_LOGD(TAG, "partition table is plaintext. Encrypting..."); esp_err_t err = esp_flash_encrypt_region(ESP_PARTITION_TABLE_OFFSET, FLASH_SECTOR_SIZE); diff --git a/components/bootloader_support/src/flash_partitions.c b/components/bootloader_support/src/flash_partitions.c index f8a24f26c2..6686457338 100644 --- a/components/bootloader_support/src/flash_partitions.c +++ b/components/bootloader_support/src/flash_partitions.c @@ -20,7 +20,7 @@ static const char *TAG = "flash_parts"; -esp_err_t esp_partition_table_basic_verify(const esp_partition_info_t *partition_table, bool log_errors, int *num_partitions) +esp_err_t esp_partition_table_verify(const esp_partition_info_t *partition_table, bool log_errors, int *num_partitions) { int md5_found = 0; int num_parts; From 0b1c461e6328b52d871e94185a0087f577a44a46 Mon Sep 17 00:00:00 2001 From: Angus Gratton Date: Fri, 13 Jul 2018 15:24:11 +1000 Subject: [PATCH 3/3] bootloader: Fix warning building reflashable Secure Boot image --- components/bootloader/Makefile.projbuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/components/bootloader/Makefile.projbuild b/components/bootloader/Makefile.projbuild index 1d569bab3c..11ba9058a4 100644 --- a/components/bootloader/Makefile.projbuild +++ b/components/bootloader/Makefile.projbuild @@ -107,7 +107,7 @@ bootloader: $(BOOTLOADER_DIGEST_BIN) $(BOOTLOADER_DIGEST_BIN): $(BOOTLOADER_BIN) $(SECURE_BOOTLOADER_KEY) @echo "DIGEST $(notdir $@)" - $(Q) $(ESPSECUREPY) digest_secure_bootloader -k $(SECURE_BOOTLOADER_KEY) -o $@ $< + $(ESPSECUREPY) digest_secure_bootloader -k $(SECURE_BOOTLOADER_KEY) -o $@ $< else # CONFIG_SECURE_BOOT_ENABLED && !CONFIG_SECURE_BOOTLOADER_REFLASHABLE && !CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH bootloader: