alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-01-19 21:04:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(bootloader): fix signature verification skip in deep sleep scenario

Browse Source 
For CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP enabled and exit from
deep sleep case the secure boot signature verification must be skipped
to improve the wakeup performance.

Closes https://github.com/espressif/esp-idf/issues/15590
This commit is contained in:
Mahavir Jain
2025-11-19 11:17:46 +05:30
parent d66ebb86d2
commit ac8b73bda1
1 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
components/bootloader_support/src/esp_image_format.c
View File

@@ -24,6 +24,7 @@
#include "hal/cache_ll.h"
#include "spi_flash_mmap.h"
#include "hal/efuse_hal.h"
#include "sdkconfig.h"
#define ALIGN_UP(num, align) (((num) + ((align) - 1)) & ~((align) - 1))
@@ -141,6 +142,22 @@ static bool is_bootloader(uint32_t offset)
);
}
#if BOOTLOADER_BUILD && (SECURE_BOOT_CHECK_SIGNATURE == 1)
#if CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP
static bool skip_verify(esp_image_load_mode_t mode, bool verify_sha)
{
// Multi level check to ensure that its a legit exit from deep sleep case
return (esp_rom_get_reset_reason(0) == RESET_REASON_CORE_DEEP_SLEEP &&
mode == ESP_IMAGE_LOAD_NO_VALIDATE &&
!verify_sha) ? true : false;
}
#else
#define skip_verify(mode, verify_sha) (false)
#endif
#endif // BOOTLOADER_BUILD && (SECURE_BOOT_CHECK_SIGNATURE == 1)
static esp_err_t image_load(esp_image_load_mode_t mode, const esp_partition_pos_t *part, esp_image_metadata_t *data)
{
#ifdef BOOTLOADER_BUILD
@@ -236,9 +253,9 @@ static esp_err_t image_load(esp_image_load_mode_t mode, const esp_partition_pos_
"only verify signature in bootloader" into the macro so it's tested multiple times.
*/
#if CONFIG_SECURE_BOOT_V2_ENABLED
ESP_FAULT_ASSERT(!esp_secure_boot_enabled() || memcmp(image_digest, verified_digest, ESP_SECURE_BOOT_DIGEST_LEN) == 0);
ESP_FAULT_ASSERT(!esp_secure_boot_enabled() || skip_verify(mode, verify_sha) || memcmp(image_digest, verified_digest, ESP_SECURE_BOOT_DIGEST_LEN) == 0);
#else // Secure Boot V1 on ESP32, only verify signatures for apps not bootloaders
ESP_FAULT_ASSERT(is_bootloader(data->start_addr) || memcmp(image_digest, verified_digest, HASH_LEN) == 0);
ESP_FAULT_ASSERT(is_bootloader(data->start_addr) || skip_verify(mode, verify_sha) || memcmp(image_digest, verified_digest, HASH_LEN) == 0);
#endif
#endif // SECURE_BOOT_CHECK_SIGNATURE