Merge branch 'feat/secure_boot_ecdsa_p384' into 'master'

Support Secure Boot using ECDSA-P384 curve Closes IDF-10016, IDF-10221, and IDF-12990 See merge request espressif/esp-idf!38517
2025-10-05 04:49:21 +00:00 · 2025-07-24 11:59:59 +05:30
parent 1f82b347a6 b615ab5a40
commit 22adc7ed75
42 changed files with 1049 additions and 289 deletions
--- a/components/esp_rom/esp32c5/include/esp32c5/rom/ecdsa.h
+++ b/components/esp_rom/esp32c5/include/esp32c5/rom/ecdsa.h
@@ -16,7 +16,8 @@ extern "C" {

 typedef enum {
    ECDSA_CURVE_P192 = 1,
-    ECDSA_CURVE_P256 = 2
+    ECDSA_CURVE_P256 = 2,
+    ECDSA_CURVE_P384 = 3
 } ECDSA_CURVE;

 int ets_ecdsa_verify(const uint8_t *key, const uint8_t *sig, ECDSA_CURVE curve_id, const uint8_t *digest, uint8_t *verified_digest);
--- a/components/esp_rom/esp32c5/include/esp32c5/rom/secure_boot.h
+++ b/components/esp_rom/esp32c5/include/esp32c5/rom/secure_boot.h
@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@@ -88,6 +88,25 @@ struct ets_secure_boot_sig_block {

 #elif CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME

+#if CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_384_BITS
+struct __attribute((packed)) ets_secure_boot_sig_block {
+    uint8_t magic_byte;
+    uint8_t version;
+    uint8_t sha_version;
+    uint8_t _reserved2;
+    uint8_t image_digest[48];
+    struct {
+        struct {
+            uint8_t curve_id; /* ETS_ECDSA_CURVE_P192 / ETS_ECDSA_CURVE_P256 */
+            uint8_t point[96]; /* X followed by Y (both little-endian), plus zero bytes if P192 */
+        } key;
+        uint8_t signature[96]; /* r followed by s (both little-endian) */
+        uint8_t padding[951];
+    } ecdsa;
+    uint32_t block_crc; /* note: crc covers all bytes in the structure before it, regardless of version field */
+    uint8_t _padding[16];
+};
+#else
 struct __attribute((packed)) ets_secure_boot_sig_block {
    uint8_t magic_byte;
    uint8_t version;
@@ -105,6 +124,7 @@ struct __attribute((packed)) ets_secure_boot_sig_block {
    uint32_t block_crc; /* note: crc covers all bytes in the structure before it, regardless of version field */
    uint8_t _padding[16];
 };
+#endif /* CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_384_BITS */
 #endif

 ESP_STATIC_ASSERT(sizeof(ets_secure_boot_sig_block_t) == 1216, "invalid sig block size");