secure boot: Fix bootloader image verification failure

* Failure prevented secure boot from enabling. * Also adds unit test cases for esp_image_basic_verify() Ref https://esp32.com/viewtopic.php?f=2&t=1602 TW11878
2025-08-09 20:41:14 +00:00 · 2017-04-24 16:21:27 +10:00
parent b540322dc1
commit e2479b46f7
6 changed files with 71 additions and 22 deletions
--- a/components/bootloader_support/src/esp_image_format.c
+++ b/components/bootloader_support/src/esp_image_format.c
@@ -108,16 +108,6 @@ esp_err_t esp_image_basic_verify(uint32_t src_addr, bool log_errors, uint32_t *p
        *p_length = 0;
    }

-    if (src_addr % SPI_FLASH_MMU_PAGE_SIZE != 0) {
-        /* Image must start on a 64KB boundary
-
-           (This is not a technical limitation, only the flash mapped regions need to be 64KB aligned.  But the most
-           consistent way to do this is to have all the offsets internal to the image correctly 64KB aligned, and then
-           start the image on a 64KB boundary also.)
-         */
-        return ESP_ERR_INVALID_ARG;
-    }
-
    err = esp_image_load_header(src_addr, log_errors, &image_header);
    if (err != ESP_OK) {
        return err;
@@ -133,6 +123,21 @@ esp_err_t esp_image_basic_verify(uint32_t src_addr, bool log_errors, uint32_t *p
            return err;
        }

+        uint32_t load_addr = segment_header.load_addr;
+        bool map_segment = (load_addr >= SOC_DROM_LOW && load_addr < SOC_DROM_HIGH)
+            || (load_addr >= SOC_IROM_LOW && load_addr < SOC_IROM_HIGH);
+
+
+        /* Check that flash cache mapped segment aligns correctly from flash it's mapped address,
+           relative to the 64KB page mapping size.
+        */
+        ESP_LOGV(TAG, "segment %d map_segment %d segment_data_offs 0x%x load_addr 0x%x",
+                 i, map_segment, segment_data_offs, load_addr);
+        if (map_segment && ((segment_data_offs % SPI_FLASH_MMU_PAGE_SIZE) != (load_addr % SPI_FLASH_MMU_PAGE_SIZE))) {
+            ESP_LOGE(TAG, "Segment %d has load address 0x%08x, conflict with segment data at 0x%08x",
+                     i, load_addr, segment_data_offs);
+        }
+
        for (int i = 0; i < segment_header.data_len; i += sizeof(buf)) {
            err = bootloader_flash_read(segment_data_offs + i, buf, sizeof(buf), true);
            if (err != ESP_OK) {
--- a/components/bootloader_support/test/component.mk
+++ b/components/bootloader_support/test/component.mk
@@ -0,0 +1,4 @@
+#
+#Component Makefile
+#
+COMPONENT_ADD_LDFLAGS = -Wl,--whole-archive -l$(COMPONENT_NAME) -Wl,--no-whole-archive
--- a/components/bootloader_support/test/test_verify_image.c
+++ b/components/bootloader_support/test/test_verify_image.c
@@ -0,0 +1,37 @@
+/*
+ * Tests for bootloader_support esp_image_basic_verify()
+ */
+
+#include <esp_types.h>
+#include <stdio.h>
+#include "rom/ets_sys.h"
+
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/semphr.h"
+#include "freertos/queue.h"
+#include "freertos/xtensa_api.h"
+#include "unity.h"
+
+#include "esp_partition.h"
+#include "esp_ota_ops.h"
+#include "esp_image_format.h"
+
+TEST_CASE("Verify bootloader image in flash", "[bootloader_support]")
+{
+    uint32_t image_len = 0;
+    TEST_ASSERT_EQUAL_HEX(ESP_OK, esp_image_basic_verify(0x1000, true, &image_len));
+    TEST_ASSERT_NOT_EQUAL(0, image_len);
+}
+
+TEST_CASE("Verify unit test app image", "[bootloader_support]")
+{
+    uint32_t image_len = 0;
+    const esp_partition_t *running = esp_ota_get_running_partition();
+    TEST_ASSERT_NOT_EQUAL(NULL, running);
+
+    TEST_ASSERT_EQUAL_HEX(ESP_OK, esp_image_basic_verify(running->address, true, &image_len));
+    TEST_ASSERT_NOT_EQUAL(0, image_len);
+    TEST_ASSERT_TRUE(image_len <= running->size);
+}
+