alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-10-12 15:42:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

change(bootloader_support/secure_boot): Allow NULL as verified_digest for app build

Browse Source 
The esp_secure_boot_verify_sbv2_signature_block() and esp_secure_boot_verify_rsa_signature_block()
APIs need and use the verified_digest argument only for BOOTLOADER_BUILD, but the argument is
not used in the application code, and the value present in verified_digest is considered invalid.
Thus, allow passing NULL as the verified_digest parameter to help some save space.
This commit is contained in:
harshal.patil
2025-04-23 15:49:28 +05:30
parent 3f9ab5d5e7
commit 03ea07155a
1 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_app.c
View File

@@ -185,7 +185,6 @@ static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t
esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length) esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
{ {
uint8_t digest[ESP_SECURE_BOOT_DIGEST_LEN] = {0}; uint8_t digest[ESP_SECURE_BOOT_DIGEST_LEN] = {0};
uint8_t verified_digest[ESP_SECURE_BOOT_DIGEST_LEN] = {0};
/* Rounding off length to the upper 4k boundary */ /* Rounding off length to the upper 4k boundary */
uint32_t padded_length = ALIGN_UP(length, FLASH_SECTOR_SIZE); uint32_t padded_length = ALIGN_UP(length, FLASH_SECTOR_SIZE);
@@ -203,7 +202,7 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
return ESP_FAIL; return ESP_FAIL;
} }
err = esp_secure_boot_verify_sbv2_signature_block(sig_block, digest, verified_digest); err = esp_secure_boot_verify_sbv2_signature_block(sig_block, digest, NULL);
if (err != ESP_OK) { if (err != ESP_OK) {
ESP_LOGE(TAG, "Secure Boot V2 verification failed."); ESP_LOGE(TAG, "Secure Boot V2 verification failed.");
} }
@@ -218,9 +217,11 @@ esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_sign
{ {
bool any_trusted_key = false; bool any_trusted_key = false;
/* Note: in IDF verification we don't add any fault injection resistance, as we don't expect this to be called if (verified_digest != NULL) {
during boot-time verification. */ /* Note: in IDF verification we don't add any fault injection resistance, as we don't expect this to be called
memset(verified_digest, 0, ESP_SECURE_BOOT_DIGEST_LEN); during boot-time verification. */
memset(verified_digest, 0, ESP_SECURE_BOOT_DIGEST_LEN);
}
esp_image_sig_public_key_digests_t trusted = {0}; esp_image_sig_public_key_digests_t trusted = {0};