feat(esp_https_ota): added check for revision check while performing OTA

This commit added check to verify revision while performing OTA process. OTA with version greater than chip revision will be prohibited.
2025-08-08 04:02:27 +00:00 · 2025-02-25 16:46:22 +05:30
parent bf51415d86
commit 714ebfc0d1
5 changed files with 33 additions and 0 deletions
--- a/components/esp_https_ota/include/esp_https_ota.h
+++ b/components/esp_https_ota/include/esp_https_ota.h
@@ -29,6 +29,7 @@ typedef enum {
    ESP_HTTPS_OTA_CONNECTED,                /*!< Connected to server */
    ESP_HTTPS_OTA_GET_IMG_DESC,             /*!< Read app/bootloader description from image header */
    ESP_HTTPS_OTA_VERIFY_CHIP_ID,           /*!< Verify chip id of new image */
+    ESP_HTTPS_OTA_VERIFY_CHIP_REVISION,     /*!< Verify chip revision of new image */
    ESP_HTTPS_OTA_DECRYPT_CB,               /*!< Callback to decrypt function */
    ESP_HTTPS_OTA_WRITE_FLASH,              /*!< Flash write operation */
    ESP_HTTPS_OTA_UPDATE_BOOT_PARTITION,    /*!< Boot partition update after successful ota update */
--- a/components/esp_https_ota/src/esp_https_ota.c
+++ b/components/esp_https_ota/src/esp_https_ota.c
@@ -14,6 +14,7 @@
 #include <sys/param.h>
 #include <inttypes.h>
 #include "esp_check.h"
+#include "hal/efuse_hal.h"

 ESP_EVENT_DEFINE_BASE(ESP_HTTPS_OTA_EVENT);

@@ -203,6 +204,7 @@ static const char* ota_event_name_table[] = {
    "ESP_HTTPS_OTA_CONNECTED",
    "ESP_HTTPS_OTA_GET_IMG_DESC",
    "ESP_HTTPS_OTA_VERIFY_CHIP_ID",
+    "ESP_HTTPS_OTA_VERIFY_CHIP_REVISION",
    "ESP_HTTPS_OTA_DECRYPT_CB",
    "ESP_HTTPS_OTA_WRITE_FLASH",
    "ESP_HTTPS_OTA_UPDATE_BOOT_PARTITION",
@@ -624,6 +626,20 @@ static esp_err_t esp_ota_verify_chip_id(const void *arg)
    return ESP_OK;
 }

+static esp_err_t esp_ota_verify_chip_revision(const void *arg)
+{
+    esp_image_header_t *data = (esp_image_header_t *)(arg);
+    esp_https_ota_dispatch_event(ESP_HTTPS_OTA_VERIFY_CHIP_REVISION, (void *)(&data->min_chip_rev_full), sizeof(uint16_t));
+
+    uint16_t ota_img_revision = data->min_chip_rev_full;
+    uint32_t chip_revision = efuse_hal_chip_revision();
+    if (ota_img_revision > chip_revision) {
+        ESP_LOGE(TAG, "Image requires chip rev >= v%d.%d, but chip is v%d.%d", ota_img_revision / 100, ota_img_revision % 100, chip_revision / 100, chip_revision % 100);
+        return ESP_ERR_INVALID_VERSION;
+    }
+    return ESP_OK;
+}
+
 esp_err_t esp_https_ota_perform(esp_https_ota_handle_t https_ota_handle)
 {
    esp_https_ota_t *handle = (esp_https_ota_t *)https_ota_handle;
@@ -685,6 +701,11 @@ esp_err_t esp_https_ota_perform(esp_https_ota_handle_t https_ota_handle)
                if (err != ESP_OK) {
                    return err;
                }
+
+                err = esp_ota_verify_chip_revision(data_buf);
+                if (err != ESP_OK) {
+                    return err;
+                }
            }
            return _ota_write(handle, data_buf, binary_file_len);
        case ESP_HTTPS_OTA_RESUME: