bootloader_support: don't check signature when JTAG is attached
If an insecure configuration is enabled (no hardware secure boot, just software signature check), skip the signature check in bootloader if JTAG debugger is attached. This allows the debugger to set breakpoints in Flash before the application runs. Closes https://github.com/espressif/esp-idf/issues/4734 Closes https://github.com/espressif/esp-idf/issues/4878
This commit is contained in:
parent
b52ed2d2a5
commit
07bf1e23db
1 changed files with 11 additions and 2 deletions
|
@ -220,8 +220,17 @@ static esp_err_t image_load(esp_image_load_mode_t mode, const esp_partition_pos_
|
||||||
|
|
||||||
#ifdef SECURE_BOOT_CHECK_SIGNATURE
|
#ifdef SECURE_BOOT_CHECK_SIGNATURE
|
||||||
// secure boot images have a signature appended
|
// secure boot images have a signature appended
|
||||||
|
#if defined(BOOTLOADER_BUILD) && !defined(CONFIG_SECURE_BOOT)
|
||||||
|
// If secure boot is not enabled in hardware, then
|
||||||
|
// skip the signature check in bootloader when the debugger is attached.
|
||||||
|
// This is done to allow for breakpoints in Flash.
|
||||||
|
if (!esp_cpu_in_ocd_debug_mode()) {
|
||||||
|
#else // CONFIG_SECURE_BOOT
|
||||||
|
if (true) {
|
||||||
|
#endif // end checking for JTAG
|
||||||
err = verify_secure_boot_signature(sha_handle, data, image_digest, verified_digest);
|
err = verify_secure_boot_signature(sha_handle, data, image_digest, verified_digest);
|
||||||
#else
|
}
|
||||||
|
#else // SECURE_BOOT_CHECK_SIGNATURE
|
||||||
// No secure boot, but SHA-256 can be appended for basic corruption detection
|
// No secure boot, but SHA-256 can be appended for basic corruption detection
|
||||||
if (sha_handle != NULL && !esp_cpu_in_ocd_debug_mode()) {
|
if (sha_handle != NULL && !esp_cpu_in_ocd_debug_mode()) {
|
||||||
err = verify_simple_hash(sha_handle, data);
|
err = verify_simple_hash(sha_handle, data);
|
||||||
|
|
Loading…
Reference in a new issue