alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-12 13:27:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

secure_boot/SIGNED_ON_UPDATE_NO_SECURE_BOOT: Only the first position of signature blocks is used to verify any update

Browse Source
This commit is contained in:
KonstantinKondrashov
2021-03-23 19:45:17 +08:00
committed by bot
parent aff0235e47
commit 7f40717eb2
3 changed files with 14 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
components/bootloader_support/src/secure_boot.c
View File

@@ -163,6 +163,11 @@ static void rsa_check_signature_on_update_check(void)
ESP_LOGE(TAG, "This app is not signed, but check signature on update is enabled in config. It won't be possible to verify any update.");
abort();
}
#if CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT && SECURE_BOOT_NUM_BLOCKS > 1
if (digests.num_digests > 1) {
ESP_LOGW(TAG, "App has %d signatures. Only the first position of signature blocks is used to verify any update", digests.num_digests);
}
#endif
}
#endif // CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT