alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-09-30 19:19:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(secure_boot): Fix SB verification failure when sig block and key digest mismatch

Browse Source 
- Secure boot V2 verification failed when multiple keys are used to sign the bootloader
  and the application is signed with a key other than the first key that is used to
  sign the bootloader.
- The issue was introduced as a regression from the commit `ff16ce43`.
- Added a QEMU test for recreating the issue.
- Made SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT independent of SECURE_BOOT_BUILD_SIGNED_BINARIES.
This commit is contained in:
harshal.patil
2025-02-27 16:18:47 +05:30
parent afb2154247
commit a6ea9bcd41
12 changed files with 211 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/bootloader/Kconfig.projbuild
View File

@@ -764,7 +764,7 @@ menu "Security features"
config SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT
bool "Flash bootloader along with other artifacts when using the default flash command"
depends on SECURE_BOOT_V2_ENABLED && SECURE_BOOT_BUILD_SIGNED_BINARIES
depends on SECURE_BOOT_V2_ENABLED
default n
help
When Secure Boot V2 is enabled, by default the bootloader is not flashed along with other artifacts