secure_boot: Secure Boot V2 verify app signature on update (without Secure boot)
- ESP32 ECO3, ESP32-S2/C3/S3
This commit is contained in:
KonstantinKondrashov
50
components/esp_rom/include/esp32/rom/rsa_pss.h
Normal file
50
components/esp_rom/include/esp32/rom/rsa_pss.h
Normal file
@@ -0,0 +1,50 @@
|
||||
// Copyright 2020 Espressif Systems (Shanghai) PTE LTD
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
#pragma once
|
||||
|
||||
#include "sdkconfig.h"
|
||||
#ifdef CONFIG_ESP32_REV_MIN_3
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdbool.h>
|
||||
#include <stddef.h>
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define ETS_SIG_LEN 384 /* Bytes */
|
||||
#define ETS_DIGEST_LEN 32 /* SHA-256, bytes */
|
||||
|
||||
/* Secure Boot Version 2 - Public Key format */
|
||||
typedef struct {
|
||||
uint8_t n[384]; /* Public key modulus */
|
||||
uint32_t e; /* Public key exponent */
|
||||
uint8_t rinv[384];
|
||||
uint32_t mdash;
|
||||
} ets_rsa_pubkey_t;
|
||||
|
||||
|
||||
bool ets_rsa_pss_verify(const ets_rsa_pubkey_t *key, const uint8_t *sig, const uint8_t *digest, uint8_t *verified_digest);
|
||||
|
||||
void ets_mgf1_sha256(const uint8_t *mgfSeed, size_t seedLen, size_t maskLen, uint8_t *mask);
|
||||
|
||||
bool ets_emsa_pss_verify(const uint8_t *encoded_message, const uint8_t *mhash, uint8_t *verified_digest);
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif // CONFIG_ESP32_REV_MIN_3
|
||||
@@ -18,6 +18,7 @@
|
||||
#define _ROM_SECURE_BOOT_H_
|
||||
|
||||
#include <stdint.h>
|
||||
#include "ets_sys.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
@@ -42,21 +43,22 @@ bool ets_secure_boot_check_start(uint8_t abs_index, uint32_t iv_addr);
|
||||
int ets_secure_boot_check_finish(uint32_t *abstract);
|
||||
|
||||
#ifdef CONFIG_ESP32_REV_MIN_3
|
||||
#include "rsa_pss.h"
|
||||
|
||||
#define SECURE_BOOT_NUM_BLOCKS 1
|
||||
|
||||
#define CRC_SIGN_BLOCK_LEN 1196
|
||||
#define SIG_BLOCK_PADDING 4096
|
||||
#define ETS_SECURE_BOOT_V2_SIGNATURE_MAGIC 0xE7
|
||||
|
||||
// Anti-FI measure: use full words for success/fail internally, instead of 0/non-zero
|
||||
typedef enum {
|
||||
SBV2_SUCCESS = 0x3A5A5AA5,
|
||||
SB_SUCCESS = 0x3A5A5AA5,
|
||||
SBV2_FAILED = 0xA533885A,
|
||||
SB_FAILED = 0xA533885A,
|
||||
} secure_boot_v2_status_t;
|
||||
|
||||
/* Secure Boot Version 2 - Public Key format */
|
||||
typedef struct {
|
||||
uint8_t n[384]; /* Public key modulus */
|
||||
uint32_t e; /* Public key exponent */
|
||||
uint8_t rinv[384];
|
||||
uint32_t mdash;
|
||||
} ets_rsa_pubkey_t;
|
||||
|
||||
/* Secure Boot Version 2 signature format for ESP32 ECO3 */
|
||||
typedef struct {
|
||||
uint8_t magic_byte;
|
||||
@@ -69,20 +71,28 @@ typedef struct {
|
||||
uint32_t block_crc;
|
||||
uint8_t _padding[16];
|
||||
} ets_secure_boot_sig_block_t;
|
||||
_Static_assert(sizeof(ets_secure_boot_sig_block_t) == 1216, "invalid sig block size");
|
||||
|
||||
#define MAX_APPENDED_SIGN_BLOCKS_TO_IMAGE 3
|
||||
|
||||
/* Multiple key block support */
|
||||
struct ets_secure_boot_signature {
|
||||
ets_secure_boot_sig_block_t block[SECURE_BOOT_NUM_BLOCKS];
|
||||
uint8_t _padding[4096 - (sizeof(ets_secure_boot_sig_block_t) * SECURE_BOOT_NUM_BLOCKS)];
|
||||
};
|
||||
typedef struct ets_secure_boot_signature ets_secure_boot_signature_t;
|
||||
typedef struct {
|
||||
ets_secure_boot_sig_block_t block[MAX_APPENDED_SIGN_BLOCKS_TO_IMAGE];
|
||||
uint8_t _padding[4096 - (sizeof(ets_secure_boot_sig_block_t) * MAX_APPENDED_SIGN_BLOCKS_TO_IMAGE)];
|
||||
} ets_secure_boot_signature_t;
|
||||
|
||||
_Static_assert(sizeof(ets_secure_boot_signature_t) == 4096, "invalid sig sector size");
|
||||
|
||||
typedef struct {
|
||||
const void *key_digests[SECURE_BOOT_NUM_BLOCKS];
|
||||
} ets_secure_boot_key_digests_t;
|
||||
|
||||
/** @brief Verifies the signature block appended to a firmware image. Implemented in the ROM.
|
||||
*
|
||||
* This function is used to verify the bootloader before burning its public key hash into Efuse.
|
||||
* Also, it is used to verify the app on loading the image on boot and on OTA.
|
||||
*
|
||||
* @param sig The signature block flashed aligned 4096 bytes from the firmware.
|
||||
* @param sig The signature block flashed aligned 4096 bytes from the firmware. (ROM implementation expects 3 blocks, sig->block[3]).
|
||||
* @param image_digest The SHA-256 Digest of the firmware to be verified
|
||||
* @param trusted_key_digest The SHA-256 Digest of the public key (ets_rsa_pubkey_t) of a single signature block.
|
||||
* @param verified_digest RSA-PSS signature of image_digest. Pass an uninitialised array.
|
||||
@@ -109,6 +119,9 @@ void ets_secure_boot_verify_boot_bootloader(void);
|
||||
*/
|
||||
bool ets_use_secure_boot_v2(void);
|
||||
|
||||
#else
|
||||
#define SECURE_BOOT_NUM_BLOCKS 0
|
||||
|
||||
#endif /* CONFIG_ESP32_REV_MIN_3 */
|
||||
|
||||
#ifdef __cplusplus
|
||||
|
||||
@@ -85,6 +85,8 @@ ets_secure_boot_status_t ets_secure_boot_verify_signature(const ets_secure_boot_
|
||||
*/
|
||||
void ets_secure_boot_revoke_public_key_digest(int index);
|
||||
|
||||
#define CRC_SIGN_BLOCK_LEN 1196
|
||||
#define SIG_BLOCK_PADDING 4096
|
||||
#define ETS_SECURE_BOOT_V2_SIGNATURE_MAGIC 0xE7
|
||||
|
||||
/* Secure Boot V2 signature block
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
#define _ROM_SECURE_BOOT_H_
|
||||
|
||||
#include <stdint.h>
|
||||
#include "ets_sys.h"
|
||||
#include "rsa_pss.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
@@ -83,6 +84,8 @@ ets_secure_boot_status_t ets_secure_boot_verify_signature(const ets_secure_boot_
|
||||
*/
|
||||
void ets_secure_boot_revoke_public_key_digest(int index);
|
||||
|
||||
#define CRC_SIGN_BLOCK_LEN 1196
|
||||
#define SIG_BLOCK_PADDING 4096
|
||||
#define ETS_SECURE_BOOT_V2_SIGNATURE_MAGIC 0xE7
|
||||
|
||||
/* Secure Boot V2 signature block
|
||||
|
||||
@@ -16,6 +16,7 @@
|
||||
|
||||
#include <stdint.h>
|
||||
#include <stdbool.h>
|
||||
#include "ets_sys.h"
|
||||
#include "rsa_pss.h"
|
||||
|
||||
#ifdef __cplusplus
|
||||
@@ -29,6 +30,14 @@ typedef struct ets_secure_boot_sig_block ets_secure_boot_sig_block_t;
|
||||
typedef struct ets_secure_boot_signature ets_secure_boot_signature_t;
|
||||
typedef struct ets_secure_boot_key_digests ets_secure_boot_key_digests_t;
|
||||
|
||||
/* Anti-FI measure: use full words for success/fail, instead of
|
||||
0/non-zero
|
||||
*/
|
||||
typedef enum {
|
||||
SB_SUCCESS = 0x3A5A5AA5,
|
||||
SB_FAILED = 0x7533885E,
|
||||
} secure_boot_status_t;
|
||||
|
||||
/* Verify bootloader image (reconfigures cache to map,
|
||||
loads trusted key digests from efuse)
|
||||
|
||||
@@ -49,22 +58,24 @@ int ets_secure_boot_verify_bootloader(uint8_t *verified_hash, bool allow_key_rev
|
||||
If result is ETS_OK, the "simple hash" of the bootloader is
|
||||
copied into verified_hash.
|
||||
*/
|
||||
int ets_secure_boot_verify_bootloader_with_keys(uint8_t *verified_hash, const ets_secure_boot_key_digests_t *trusted_keys);
|
||||
secure_boot_status_t ets_secure_boot_verify_bootloader_with_keys(uint8_t *verified_hash, const ets_secure_boot_key_digests_t *trusted_keys, bool stage_load);
|
||||
|
||||
/* Verify supplied signature against supplied digest, using
|
||||
supplied trusted key digests.
|
||||
|
||||
Doesn't reconfigure cache or any other hardware access.
|
||||
*/
|
||||
int ets_secure_boot_verify_signature(const ets_secure_boot_signature_t *sig, const uint8_t *image_digest, const ets_secure_boot_key_digests_t *trusted_keys);
|
||||
secure_boot_status_t ets_secure_boot_verify_signature(const ets_secure_boot_signature_t *sig, const uint8_t *image_digest, const ets_secure_boot_key_digests_t *trusted_keys, uint8_t *verified_digest);
|
||||
|
||||
/* Read key digests from efuse. Any revoked/missing digests will be
|
||||
marked as NULL
|
||||
|
||||
Returns 0 if at least one valid digest was found.
|
||||
*/
|
||||
int ets_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys);
|
||||
ETS_STATUS ets_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys);
|
||||
|
||||
#define CRC_SIGN_BLOCK_LEN 1196
|
||||
#define SIG_BLOCK_PADDING 4096
|
||||
#define ETS_SECURE_BOOT_V2_SIGNATURE_MAGIC 0xE7
|
||||
|
||||
/* Secure Boot V2 signature block (up to 3 can be appended) */
|
||||
@@ -92,8 +103,10 @@ struct ets_secure_boot_signature {
|
||||
|
||||
_Static_assert(sizeof(ets_secure_boot_signature_t) == 4096, "ets_secure_boot_signature_t should occupy 4096 Bytes in memory");
|
||||
|
||||
#define MAX_KEY_DIGESTS 3
|
||||
|
||||
struct ets_secure_boot_key_digests {
|
||||
const void *key_digests[3];
|
||||
const void *key_digests[MAX_KEY_DIGESTS];
|
||||
bool allow_key_revoke;
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user