alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-09-30 19:19:21 +00:00
Code Issues Packages Projects Releases Wiki Activity

esp32h2: add secure boot feature support

Browse Source 
Closes IDF-6281
This commit is contained in:
Mahavir Jain
2023-03-06 16:49:40 +05:30
parent d61f974a3d
commit d4ccdd48f6
6 changed files with 66 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
components/bootloader_support/src/esp32h2/bootloader_sha.c
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -24,7 +24,11 @@ bootloader_sha256_handle_t bootloader_sha256_start()
void bootloader_sha256_data(bootloader_sha256_handle_t handle, const void *data, size_t data_len)
{
assert(handle != NULL);
assert(data_len % 4 == 0);
/* H2 secure boot key field consists of 1 byte of curve identifier and 64 bytes of ECDSA public key.
* While verifying the signature block, we need to calculate the SHA of this key field which is of 65 bytes.
* ets_sha_update handles it cleanly so we can safely remove the check:
* assert(data_len % 4) == 0
*/
ets_sha_update(&ctx, data, data_len, false);
}

16
components/bootloader_support/src/secure_boot_v2/secure_boot.c
View File

@@ -14,22 +14,8 @@
#include "esp_image_format.h"
#include "esp_efuse.h"
#include "esp_efuse_table.h"
#include "secure_boot_signature_priv.h"
#if CONFIG_IDF_TARGET_ESP32
#include "esp32/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S2
#include "esp32s2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C3
#include "esp32c3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S3
#include "esp32s3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32H4
#include "esp32h4/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C2
#include "esp32c2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C6
#include "esp32c6/rom/secure_boot.h"
#endif
/* The following API implementations are used only when called
* from the bootloader code.

2
components/bootloader_support/src/secure_boot_v2/secure_boot_signature_priv.h
View File

@@ -19,6 +19,8 @@
#include "esp32c2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C6
#include "esp32c6/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32H2
#include "esp32h2/rom/secure_boot.h"
#endif
esp_err_t verify_ecdsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block);