57b601ab7f
Because address space is mapped in 64KB pages, it was possible for unauthenticated data after the app .bin to become mapped into the flash cache address space. This problem is solved by 2 changes: * "esptool elf2image --secure-pad" will pad the image so that the signature block ends close to the 64KB boundary. Due to alignment constraints it will be 12 bytes too short after signing (but with flash encryption, these 12 bytes are still encrypted as part of the last block and can't be arbitrarily changed). * By default, secure boot now requires all app partitions to be a multiple of 64KB in size. |
||
|---|---|---|
| .. | ||
| include | ||
| include_priv | ||
| src | ||
| test | ||
| component.mk | ||
| Makefile.projbuild | ||
| README.rst | ||
Bootloader Support Component ============================ Overview -------- "Bootloader support" contains APIs which are used by the bootloader but are also needed for the main app. Code in this component needs to be aware of being executed in a bootloader environment (no RTOS available, BOOTLOADER_BUILD macro set) or in an esp-idf app environment (RTOS running, need locking support.)