alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-10 20:54:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

paritition_table: Verify the partition table md5sum when loading the app

Browse Source 
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).

The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
This commit is contained in:
Angus Gratton
2021-02-04 11:12:04 +11:00
committed by bot
parent f1caa2971d
commit ede477ea65
9 changed files with 128 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
components/bootloader_support/src/flash_partitions.c
View File

@@ -60,7 +60,7 @@ esp_err_t esp_partition_table_verify(const esp_partition_info_t *partition_table
esp_rom_md5_update(&context, (unsigned char *) partition_table, num_parts * sizeof(esp_partition_info_t));
esp_rom_md5_final(digest, &context);
unsigned char *md5sum = ((unsigned char *) part) + 16; // skip the 2B magic number and the 14B fillup bytes
unsigned char *md5sum = ((unsigned char *) part) + ESP_PARTITION_MD5_OFFSET;
if (memcmp(md5sum, digest, sizeof(digest)) != 0) {
if (log_errors) {