partition_table: Optionally disable the MD5 checksum in partition tables

components/partition_table/Kconfig.projbuild

@@ -62,6 +62,15 @@ config PHY_DATA_OFFSET
        default PARTITION_TABLE_CUSTOM_PHY_DATA_OFFSET if PARTITION_TABLE_CUSTOM
        default 0xf000 # this is the factory app offset used by the default tables
 
+config PARTITION_TABLE_MD5
+    bool "Generate an MD5 checksum for the partition table"
+    default y
+    help
+        Generate an MD5 checksum for the partition table for protecting the
+        integrity of the table. The generation should be turned off for legacy
+        bootloaders which cannot recognize the MD5 checksum in the partition
+        table.
+
 endmenu
 
 

components/partition_table/Makefile.projbuild

@@ -8,8 +8,12 @@
 #
 .PHONY: partition_table partition_table-flash partition_table-clean
 
+ifneq ("$(CONFIG_PARTITION_TABLE_MD5)", "y")
+MD5_OPT ?= "--disable-md5sum"
+endif
+
 # NB: gen_esp32part.py lives in the sdk/bin/ dir not component dir
-GEN_ESP32PART := $(PYTHON) $(COMPONENT_PATH)/gen_esp32part.py -q
+GEN_ESP32PART := $(PYTHON) $(COMPONENT_PATH)/gen_esp32part.py -q $(MD5_OPT)
 
 # Has a matching value in bootloader_support esp_flash_partitions.h
 PARTITION_TABLE_OFFSET := 0x8000

components/partition_table/gen_esp32part.py

@@ -35,6 +35,7 @@ MD5_PARTITION_BEGIN = b"\xEB\xEB" + b"\xFF" * 14 # The first 2 bytes are like ma
 __version__ = '1.0'
 
 quiet = False
+md5sum = True
 
 def status(msg):
     """ Print status message to stderr """
@@ -123,7 +124,7 @@ class PartitionTable(list):
                 raise InputError("Partition table length must be a multiple of 32 bytes")
             if data == b'\xFF'*32:
                 return result  # got end marker
-            if data[:2] == MD5_PARTITION_BEGIN[:2]: #check only the magic number part
+            if md5sum and data[:2] == MD5_PARTITION_BEGIN[:2]: #check only the magic number part
                 if data[16:] == md5.digest():
                     continue # the next iteration will check for the end marker
                 else:
@@ -135,7 +136,8 @@ class PartitionTable(list):
 
     def to_binary(self):
         result = b"".join(e.to_binary() for e in self)
-        result += MD5_PARTITION_BEGIN + hashlib.md5(result).digest()
+        if md5sum:
+            result += MD5_PARTITION_BEGIN + hashlib.md5(result).digest()
         if len(result )>= MAX_PARTITION_LENGTH:
             raise InputError("Binary partition table length (%d) longer than max" % len(result))
         result += b"\xFF" * (MAX_PARTITION_LENGTH - len(result))  # pad the sector, for signing
@@ -345,8 +347,10 @@ def parse_int(v, keywords={}):
 
 def main():
     global quiet
+    global md5sum
     parser = argparse.ArgumentParser(description='ESP32 partition table utility')
 
+    parser.add_argument('--disable-md5sum', help='Disable md5 checksum for the partition table', default=False, action='store_true')
     parser.add_argument('--verify', '-v', help='Verify partition table fields', default=True, action='store_false')
     parser.add_argument('--quiet', '-q', help="Don't print status messages to stderr", action='store_true')
 
@@ -358,6 +362,7 @@ def main():
     args = parser.parse_args()
 
     quiet = args.quiet
+    md5sum = not args.disable_md5sum
     input = args.input.read()
     input_is_binary = input[0:2] == PartitionDefinition.MAGIC_BYTES
     if input_is_binary:

docs/api-guides/partition-tables.rst

@@ -153,6 +153,8 @@ MD5 checksum
 
 The binary format of the partition table contains an MD5 checksum computed based on the partition table. This checksum is used for checking the integrity of the partition table during the boot.
 
+The MD5 checksum generation can be disabled by the ``--disable-md5sum`` option of ``gen_esp32part.py`` or by the :ref:`CONFIG_PARTITION_TABLE_MD5` option. This is useful for example when one uses a legacy bootloader which cannot process MD5 checksums and the boot fails with the error message ``invalid magic number 0xebeb``.
+
 Flashing the partition table
 ----------------------------