make bootloader_support depend on IDF_TARGET

1. move chip-specific code(e.g. encryption) into IDF_TARGET directory 2. splict app-only code to idf directory which won't be compiled into bootloader
2025-08-12 13:27:36 +00:00 · 2019-04-16 17:01:31 +08:00
parent 936ee2884b
commit 3f2d6a0891
12 changed files with 208 additions and 133 deletions
--- a/components/bootloader_support/src/esp32/secure_boot_signatures.c
+++ b/components/bootloader_support/src/esp32/secure_boot_signatures.c
@@ -0,0 +1,86 @@
+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include "sdkconfig.h"
+
+#include "bootloader_flash.h"
+#include "bootloader_sha.h"
+#include "esp_log.h"
+#include "esp_image_format.h"
+#include "esp_secure_boot.h"
+#include "esp32/rom/sha.h"
+#include "uECC.h"
+
+typedef SHA_CTX sha_context;
+
+static const char *TAG = "secure_boot";
+
+extern const uint8_t signature_verification_key_start[] asm("_binary_signature_verification_key_bin_start");
+extern const uint8_t signature_verification_key_end[] asm("_binary_signature_verification_key_bin_end");
+
+#define SIGNATURE_VERIFICATION_KEYLEN 64
+
+#define DIGEST_LEN 32
+
+esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
+{
+    uint8_t digest[DIGEST_LEN];
+    const uint8_t *data;
+    const esp_secure_boot_sig_block_t *sigblock;
+
+    ESP_LOGD(TAG, "verifying signature src_addr 0x%x length 0x%x", src_addr, length);
+
+    data = bootloader_mmap(src_addr, length + sizeof(esp_secure_boot_sig_block_t));
+    if (data == NULL) {
+        ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", src_addr, length + sizeof(esp_secure_boot_sig_block_t));
+        return ESP_FAIL;
+    }
+
+    // Calculate digest of main image
+    bootloader_sha256_handle_t handle = bootloader_sha256_start();
+    bootloader_sha256_data(handle, data, length);
+    bootloader_sha256_finish(handle, digest);
+
+    // Map the signature block and verify the signature
+    sigblock = (const esp_secure_boot_sig_block_t *)(data + length);
+    esp_err_t err = esp_secure_boot_verify_signature_block(sigblock, digest);
+    bootloader_munmap(data);
+    return err;
+}
+
+esp_err_t esp_secure_boot_verify_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest)
+{
+    ptrdiff_t keylen;
+
+    keylen = signature_verification_key_end - signature_verification_key_start;
+    if (keylen != SIGNATURE_VERIFICATION_KEYLEN) {
+        ESP_LOGE(TAG, "Embedded public verification key has wrong length %d", keylen);
+        return ESP_FAIL;
+    }
+
+    if (sig_block->version != 0) {
+        ESP_LOGE(TAG, "image has invalid signature version field 0x%08x", sig_block->version);
+        return ESP_FAIL;
+    }
+
+    ESP_LOGD(TAG, "Verifying secure boot signature");
+
+    bool is_valid;
+    is_valid = uECC_verify(signature_verification_key_start,
+                           image_digest,
+                           DIGEST_LEN,
+                           sig_block->signature,
+                           uECC_secp256r1());
+    ESP_LOGD(TAG, "Verification result %d", is_valid);
+    return is_valid ? ESP_OK : ESP_ERR_IMAGE_INVALID;
+}