eaw/esp-idf
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

paritition_table: Verify the partition table md5sum when loading the app

Browse Source 
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).

The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
This commit is contained in:
Angus Gratton
2021-02-04 11:12:04 +11:00
committed by bot
parent 4de9ba152a
commit 58a3e08895
9 changed files with 151 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
components/bootloader_support/include/esp_flash_partitions.h
View File

@@ -42,6 +42,9 @@ extern "C" {
#define PART_FLAG_ENCRYPTED (1<<0)
/* The md5sum value is found this many bytes after the ESP_PARTITION_MAGIC_MD5 offset */
#define ESP_PARTITION_MD5_OFFSET 16
/* Pre-partition table fixed flash offsets */
#define ESP_BOOTLOADER_DIGEST_OFFSET 0x0
#define ESP_BOOTLOADER_OFFSET CONFIG_BOOTLOADER_OFFSET_IN_FLASH /* Offset of bootloader image. Has matching value in bootloader KConfig.projbuild file. */