OVMS3-idf

Crash_Override/OVMS3-idf

Fork 0

Commit graph

Author	SHA1	Message	Date
Angus Gratton	f2d310fea7	secure boot: Fix anti-fault value if hash is shorter than curve (Not actually a problem with SBV1 anti-fault as hash size == curve size in this case.)	2020-03-11 17:17:20 +11:00
Angus Gratton	d40c69375c	bootloader: Add fault injection resistance to Secure Boot bootloader verification Goal is that multiple faults would be required to bypass a boot-time signature check. - Also strengthens some address range checks for safe app memory addresses - Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32 Add some additional checks for invalid sections: - Sections only partially in DRAM or IRAM are invalid - If a section is in D/IRAM, allow the possibility only some is in D/IRAM - Only pass sections that are entirely in the same type of RTC memory region	2020-02-27 14:37:19 +05:30

Author

SHA1

Message

Date

Angus Gratton

f2d310fea7

secure boot: Fix anti-fault value if hash is shorter than curve

(Not actually a problem with SBV1 anti-fault as hash size == curve size in this case.)

2020-03-11 17:17:20 +11:00

Angus Gratton

d40c69375c

bootloader: Add fault injection resistance to Secure Boot bootloader verification

Goal is that multiple faults would be required to bypass a boot-time signature check.

- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32

Add some additional checks for invalid sections:

- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region

2020-02-27 14:37:19 +05:30

2 commits