alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-30 22:05:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

bootloader/esp32c3: Adds secure boot (not yet supported)

Browse Source
This commit is contained in:
KonstantinKondrashov
2020-12-28 21:53:02 +08:00
parent f45c881f82
commit 98f726fa4b
14 changed files with 446 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

71
components/esp_rom/include/esp32c3/rom/secure_boot.h
View File

@@ -17,7 +17,7 @@
#include <stdint.h>
#include <stdbool.h>
#include "ets_sys.h"
#include "rsa_pss.h"
#ifdef __cplusplus
@@ -31,45 +31,66 @@ typedef struct ets_secure_boot_sig_block ets_secure_boot_sig_block_t;
typedef struct ets_secure_boot_signature ets_secure_boot_signature_t;
typedef struct ets_secure_boot_key_digests ets_secure_boot_key_digests_t;
/* Verify bootloader image (reconfigures cache to map,
loads trusted key digests from efuse)
If allow_key_revoke is true and aggressive revoke efuse is set,
any failed signature has its associated key revoked in efuse.
If result is ETS_OK, the "simple hash" of the bootloader
is copied into verified_hash.
/* Anti-FI measure: use full words for success/fail, instead of
0/non-zero
*/
int ets_secure_boot_verify_bootloader(uint8_t *verified_hash, bool allow_key_revoke);
typedef enum {
SB_SUCCESS = 0x3A5A5AA5,
SB_FAILED = 0x7533885E,
} ets_secure_boot_status_t;
/* Verify bootloader image (reconfigures cache to map), with
key digests provided as parameters.)
/* Verify and stage-load the bootloader image
(reconfigures cache to map, loads trusted key digests from efuse,
copies the bootloader into the staging buffer.)
If allow_key_revoke is true and aggressive revoke efuse is set,
any failed signature has its associated key revoked in efuse.
If result is SB_SUCCESS, the "simple hash" of the bootloader
is copied into verified_hash.
*/
ets_secure_boot_status_t ets_secure_boot_verify_stage_bootloader(uint8_t *verified_hash, bool allow_key_revoke);
/* Verify bootloader image (reconfigures cache to map),
with key digests provided as parameters.)
Can be used to verify secure boot status before enabling
secure boot permanently.
If result is ETS_OK, the "simple hash" of the bootloader is
If stage_load parameter is true, bootloader is copied into staging
buffer in RAM at the same time.
If result is SB_SUCCESS, the "simple hash" of the bootloader is
copied into verified_hash.
*/
int ets_secure_boot_verify_bootloader_with_keys(uint8_t *verified_hash, const ets_secure_boot_key_digests_t *trusted_keys);
ets_secure_boot_status_t ets_secure_boot_verify_bootloader_with_keys(uint8_t *verified_hash, const ets_secure_boot_key_digests_t *trusted_keys, bool stage_load);
/* Read key digests from efuse. Any revoked/missing digests will be
marked as NULL
*/
ETS_STATUS ets_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys);
/* Verify supplied signature against supplied digest, using
supplied trusted key digests.
Doesn't reconfigure cache or any other hardware access.
*/
int ets_secure_boot_verify_signature(const ets_secure_boot_signature_t *sig, const uint8_t *image_digest, const ets_secure_boot_key_digests_t *trusted_keys);
Doesn't reconfigure cache or any other hardware access except for RSA peripheral.
/* Read key digests from efuse. Any revoked/missing digests will be
marked as NULL
Returns 0 if at least one valid digest was found.
If result is SB_SUCCESS, the image_digest value is copied into verified_digest.
*/
int ets_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys);
ets_secure_boot_status_t ets_secure_boot_verify_signature(const ets_secure_boot_signature_t *sig, const uint8_t *image_digest, const ets_secure_boot_key_digests_t *trusted_keys, uint8_t *verified_digest);
/* Revoke a public key digest in efuse.
@param index Digest to revoke. Must be 0, 1 or 2.
*/
void ets_secure_boot_revoke_public_key_digest(int index);
#define ETS_SECURE_BOOT_V2_SIGNATURE_MAGIC 0xE7
/* Secure Boot V2 signature block (up to 3 can be appended) */
/* Secure Boot V2 signature block
(Up to 3 in a signature sector are appended to the image)
*/
struct ets_secure_boot_sig_block {
uint8_t magic_byte;
uint8_t version;
@@ -94,8 +115,10 @@ struct ets_secure_boot_signature {
_Static_assert(sizeof(ets_secure_boot_signature_t) == 4096, "invalid sig sector size");
#define MAX_KEY_DIGESTS 3
struct ets_secure_boot_key_digests {
const void *key_digests[3];
const void *key_digests[MAX_KEY_DIGESTS];
bool allow_key_revoke;
};