diff --git a/components/bootloader_support/include/esp_flash_partitions.h b/components/bootloader_support/include/esp_flash_partitions.h index 24b6f25d2..b5f37aa5f 100644 --- a/components/bootloader_support/include/esp_flash_partitions.h +++ b/components/bootloader_support/include/esp_flash_partitions.h @@ -27,7 +27,7 @@ #define ESP_PARTITION_TABLE_MAX_LEN 0xC00 /* Maximum length of partition table data */ #define ESP_PARTITION_TABLE_MAX_ENTRIES (ESP_PARTITION_TABLE_MAX_LEN / sizeof(esp_partition_info_t)) /* Maximum length of partition table data, including terminating entry */ -/* @brief Verify the partition table (does not include verifying secure boot cryptographic signature) +/* @brief Verify the partition table * * @param partition_table Pointer to at least ESP_PARTITION_TABLE_MAX_ENTRIES of potential partition table data. (ESP_PARTITION_TABLE_MAX_LEN bytes.) * @param log_errors Log errors if the partition table is invalid. @@ -35,6 +35,13 @@ * * @return ESP_OK on success, ESP_ERR_INVALID_STATE if partition table is not valid. */ -esp_err_t esp_partition_table_basic_verify(const esp_partition_info_t *partition_table, bool log_errors, int *num_partitions); +esp_err_t esp_partition_table_verify(const esp_partition_info_t *partition_table, bool log_errors, int *num_partitions); + + +/* This function is included for compatibility with the ESP-IDF v3.x API */ +inline static __attribute__((deprecated)) esp_err_t esp_partition_table_basic_verify(const esp_partition_info_t *partition_table, bool log_errors, int *num_partitions) +{ + return esp_partition_table_verify(partition_table, log_errors, num_partitions); +} #endif diff --git a/components/bootloader_support/src/bootloader_common.c b/components/bootloader_support/src/bootloader_common.c index 98e5606ed..36b4b8ba2 100644 --- a/components/bootloader_support/src/bootloader_common.c +++ b/components/bootloader_support/src/bootloader_common.c @@ -100,18 +100,6 @@ bool bootloader_common_erase_part_type_data(const char *list_erase, bool ota_dat int num_partitions; bool ret = true; -#ifdef CONFIG_SECURE_BOOT_ENABLED - if (esp_secure_boot_enabled()) { - ESP_LOGI(TAG, "Verifying partition table signature..."); - err = esp_secure_boot_verify_signature(ESP_PARTITION_TABLE_OFFSET, ESP_PARTITION_TABLE_MAX_LEN); - if (err != ESP_OK) { - ESP_LOGE(TAG, "Failed to verify partition table signature."); - return false; - } - ESP_LOGD(TAG, "Partition table signature verified"); - } -#endif - partitions = bootloader_mmap(ESP_PARTITION_TABLE_OFFSET, ESP_PARTITION_TABLE_MAX_LEN); if (!partitions) { ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", ESP_PARTITION_TABLE_OFFSET, ESP_PARTITION_TABLE_MAX_LEN); @@ -119,7 +107,7 @@ bool bootloader_common_erase_part_type_data(const char *list_erase, bool ota_dat } ESP_LOGD(TAG, "mapped partition table 0x%x at 0x%x", ESP_PARTITION_TABLE_OFFSET, (intptr_t)partitions); - err = esp_partition_table_basic_verify(partitions, true, &num_partitions); + err = esp_partition_table_verify(partitions, true, &num_partitions); if (err != ESP_OK) { ESP_LOGE(TAG, "Failed to verify partition table"); ret = false; diff --git a/components/bootloader_support/src/bootloader_utility.c b/components/bootloader_support/src/bootloader_utility.c index 6ab3e50c5..6b0145a62 100644 --- a/components/bootloader_support/src/bootloader_utility.c +++ b/components/bootloader_support/src/bootloader_utility.c @@ -72,18 +72,6 @@ bool bootloader_utility_load_partition_table(bootloader_state_t* bs) esp_err_t err; int num_partitions; -#ifdef CONFIG_SECURE_BOOT_ENABLED - if(esp_secure_boot_enabled()) { - ESP_LOGI(TAG, "Verifying partition table signature..."); - err = esp_secure_boot_verify_signature(ESP_PARTITION_TABLE_OFFSET, ESP_PARTITION_TABLE_MAX_LEN); - if (err != ESP_OK) { - ESP_LOGE(TAG, "Failed to verify partition table signature."); - return false; - } - ESP_LOGD(TAG, "Partition table signature verified"); - } -#endif - partitions = bootloader_mmap(ESP_PARTITION_TABLE_OFFSET, ESP_PARTITION_TABLE_MAX_LEN); if (!partitions) { ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", ESP_PARTITION_TABLE_OFFSET, ESP_PARTITION_TABLE_MAX_LEN); @@ -91,7 +79,7 @@ bool bootloader_utility_load_partition_table(bootloader_state_t* bs) } ESP_LOGD(TAG, "mapped partition table 0x%x at 0x%x", ESP_PARTITION_TABLE_OFFSET, (intptr_t)partitions); - err = esp_partition_table_basic_verify(partitions, true, &num_partitions); + err = esp_partition_table_verify(partitions, true, &num_partitions); if (err != ESP_OK) { ESP_LOGE(TAG, "Failed to verify partition table"); return false; diff --git a/components/bootloader_support/src/flash_encrypt.c b/components/bootloader_support/src/flash_encrypt.c index 290a02a91..a9e8f8f9b 100644 --- a/components/bootloader_support/src/flash_encrypt.c +++ b/components/bootloader_support/src/flash_encrypt.c @@ -254,7 +254,7 @@ static esp_err_t encrypt_and_load_partition_table(esp_partition_info_t *partitio ESP_LOGE(TAG, "Failed to read partition table data"); return err; } - if (esp_partition_table_basic_verify(partition_table, false, num_partitions) == ESP_OK) { + if (esp_partition_table_verify(partition_table, false, num_partitions) == ESP_OK) { ESP_LOGD(TAG, "partition table is plaintext. Encrypting..."); esp_err_t err = esp_flash_encrypt_region(ESP_PARTITION_TABLE_OFFSET, FLASH_SECTOR_SIZE); diff --git a/components/bootloader_support/src/flash_partitions.c b/components/bootloader_support/src/flash_partitions.c index f8a24f26c..668645733 100644 --- a/components/bootloader_support/src/flash_partitions.c +++ b/components/bootloader_support/src/flash_partitions.c @@ -20,7 +20,7 @@ static const char *TAG = "flash_parts"; -esp_err_t esp_partition_table_basic_verify(const esp_partition_info_t *partition_table, bool log_errors, int *num_partitions) +esp_err_t esp_partition_table_verify(const esp_partition_info_t *partition_table, bool log_errors, int *num_partitions) { int md5_found = 0; int num_parts;