alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-10 12:53:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

bootloader: Add fault injection resistance to Secure Boot bootloader verification

Browse Source 
Goal is that multiple faults would be required to bypass a boot-time signature check.

- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32

Add some additional checks for invalid sections:

- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
This commit is contained in:
Angus Gratton
2020-02-16 16:51:42 +11:00
committed by Mahavir Jain
parent 0dacff4df4
commit d40c69375c
21 changed files with 712 additions and 119 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/bootloader_support/src/esp32/flash_encrypt.c
View File

@@ -366,4 +366,4 @@ esp_err_t esp_flash_encrypt_region(uint32_t src_addr, size_t data_length)
flash_failed:
ESP_LOGE(TAG, "flash operation failed: 0x%x", err);
return err;
}
}