From fe4860a98c67f124cb3d457db07cbc2f1e1627bf Mon Sep 17 00:00:00 2001
From: Catalin Ioana <catalin.ioana@pycom.io>
Date: Fri, 16 Mar 2018 11:27:02 +0200
Subject: [PATCH 1/4] Features/secure boot enabling (#5)
components/bootloader_support: Enabled Secure Boot with re-flashable bootloader in wifi_scan project, add default a real key for signing partitions, workaround for an IDF bug, debug has to enabled for reflashable bootloader
---
.../subproject/signature_verification_key.bin | 1 +
.../bootloader_support/src/esp_image_format.c | 20 +++++++++++--------
examples/wifi/scan/sdkconfig | 7 ++++++-
.../wifi/scan/secure_boot_signing_key.pem | 5 +++++
.../wifi/scan/signature_verification_key.bin | 1 +
5 files changed, 25 insertions(+), 9 deletions(-)
create mode 100644 components/bootloader/subproject/signature_verification_key.bin
create mode 100644 examples/wifi/scan/secure_boot_signing_key.pem
create mode 100644 examples/wifi/scan/signature_verification_key.bin
diff --git a/components/bootloader/subproject/signature_verification_key.bin b/components/bootloader/subproject/signature_verification_key.bin
new file mode 100644
index 0000000000..7585540015
--- /dev/null
+++ b/components/bootloader/subproject/signature_verification_key.bin
@@ -0,0 +1 @@
+Y��IA))��->!��Pb4k���J�ʬHe���t�oȡ���K�/��؆��r���fM����D;��|(E
\ No newline at end of file
diff --git a/components/bootloader_support/src/esp_image_format.c b/components/bootloader_support/src/esp_image_format.c
index f053a20692..0f29ab054d 100644
--- a/components/bootloader_support/src/esp_image_format.c
+++ b/components/bootloader_support/src/esp_image_format.c
@@ -18,6 +18,7 @@
#include <soc/cpu.h>
#include <esp_image_format.h>
#include <esp_secure_boot.h>
+#define LOG_LOCAL_LEVEL ESP_LOG_ERROR
#include <esp_log.h>
#include <bootloader_flash.h>
#include <bootloader_random.h>
@@ -166,15 +167,18 @@ goto err;
rewritten the header - rely on esptool.py having verified the bootloader at flashing time, instead.
*/
if (!is_bootloader) {
-#ifdef CONFIG_SECURE_BOOT_ENABLED
- // secure boot images have a signature appended
- err = verify_secure_boot_signature(sha_handle, data);
-#else
- // No secure boot, but SHA-256 can be appended for basic corruption detection
- if (sha_handle != NULL) {
- err = verify_simple_hash(sha_handle, data);
+//#ifdef CONFIG_SECURE_BOOT_ENABLED
+ if (esp_secure_boot_enabled()) {
+ // secure boot images have a signature appended
+ err = verify_secure_boot_signature(sha_handle, data);
+//#else
+ } else {
+ // No secure boot, but SHA-256 can be appended for basic corruption detection
+ if (sha_handle != NULL) {
+ err = verify_simple_hash(sha_handle, data);
+ }
}
-#endif // CONFIG_SECURE_BOOT_ENABLED
+//#endif // CONFIG_SECURE_BOOT_ENABLED
} else { // is_bootloader
// bootloader may still have a sha256 digest handle open
if (sha_handle != NULL) {
diff --git a/examples/wifi/scan/sdkconfig b/examples/wifi/scan/sdkconfig
index ffd0b95b12..f7b174fb91 100644
--- a/examples/wifi/scan/sdkconfig
+++ b/examples/wifi/scan/sdkconfig
@@ -26,7 +26,12 @@ CONFIG_BOOTLOADER_VDDSDIO_BOOST=y
#
# Security features
#
-CONFIG_SECURE_BOOT_ENABLED=
+CONFIG_SECURE_BOOT_ENABLED=y
+CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH=
+CONFIG_SECURE_BOOTLOADER_REFLASHABLE=y
+CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=y
+CONFIG_SECURE_BOOT_SIGNING_KEY="secure_boot_signing_key.pem"
+CONFIG_SECURE_BOOT_INSECURE=
CONFIG_FLASH_ENCRYPTION_ENABLED=
#
diff --git a/examples/wifi/scan/secure_boot_signing_key.pem b/examples/wifi/scan/secure_boot_signing_key.pem
new file mode 100644
index 0000000000..13e6fc7958
--- /dev/null
+++ b/examples/wifi/scan/secure_boot_signing_key.pem
@@ -0,0 +1,5 @@
+-----BEGIN EC PRIVATE KEY-----
+MHcCAQEEICMyAIK9+SQEoSM06ju1q2PHfyQf34uN0J6WS0OFwP9OoAoGCCqGSM49
+AwEHoUQDQgAEWc/nSUEpKYnULT4h7AVQYjRr6AK5SpzKrEhlgpmjdBBvyKHFBopL
+oS+5nNiGlPdym8YYZk3THReXRDv+/3woRQ==
+-----END EC PRIVATE KEY-----
diff --git a/examples/wifi/scan/signature_verification_key.bin b/examples/wifi/scan/signature_verification_key.bin
new file mode 100644
index 0000000000..7585540015
--- /dev/null
+++ b/examples/wifi/scan/signature_verification_key.bin
@@ -0,0 +1 @@
+Y��IA))��->!��Pb4k���J�ʬHe���t�oȡ���K�/��؆��r���fM����D;��|(E
\ No newline at end of file
From 2a13d2316c621778802da8a6aaa2c4e67c08812d Mon Sep 17 00:00:00 2001
From: Catalin Ioana <catalin.ioana@pycom.io>
Date: Fri, 16 Mar 2018 16:15:40 +0200
Subject: [PATCH 2/4] examples/wifi/scan: disabled Secure Boot, by default;
prevent compiling the checking of bootloader signature
---
components/bootloader_support/src/esp_image_format.c | 5 ++---
examples/wifi/scan/sdkconfig | 7 +------
2 files changed, 3 insertions(+), 9 deletions(-)
diff --git a/components/bootloader_support/src/esp_image_format.c b/components/bootloader_support/src/esp_image_format.c
index 0f29ab054d..9351c7ad91 100644
--- a/components/bootloader_support/src/esp_image_format.c
+++ b/components/bootloader_support/src/esp_image_format.c
@@ -167,18 +167,17 @@ goto err;
rewritten the header - rely on esptool.py having verified the bootloader at flashing time, instead.
*/
if (!is_bootloader) {
-//#ifdef CONFIG_SECURE_BOOT_ENABLED
if (esp_secure_boot_enabled()) {
+#ifdef CONFIG_SECURE_BOOT_ENABLED
// secure boot images have a signature appended
err = verify_secure_boot_signature(sha_handle, data);
-//#else
+#endif // CONFIG_SECURE_BOOT_ENABLED
} else {
// No secure boot, but SHA-256 can be appended for basic corruption detection
if (sha_handle != NULL) {
err = verify_simple_hash(sha_handle, data);
}
}
-//#endif // CONFIG_SECURE_BOOT_ENABLED
} else { // is_bootloader
// bootloader may still have a sha256 digest handle open
if (sha_handle != NULL) {
diff --git a/examples/wifi/scan/sdkconfig b/examples/wifi/scan/sdkconfig
index f7b174fb91..ffd0b95b12 100644
--- a/examples/wifi/scan/sdkconfig
+++ b/examples/wifi/scan/sdkconfig
@@ -26,12 +26,7 @@ CONFIG_BOOTLOADER_VDDSDIO_BOOST=y
#
# Security features
#
-CONFIG_SECURE_BOOT_ENABLED=y
-CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH=
-CONFIG_SECURE_BOOTLOADER_REFLASHABLE=y
-CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES=y
-CONFIG_SECURE_BOOT_SIGNING_KEY="secure_boot_signing_key.pem"
-CONFIG_SECURE_BOOT_INSECURE=
+CONFIG_SECURE_BOOT_ENABLED=
CONFIG_FLASH_ENCRYPTION_ENABLED=
#
From 4eab4e1b0e47c73b858c6b29d357f3d30a69c074 Mon Sep 17 00:00:00 2001
From: Daniel Campora <daniel@pycom.io>
Date: Sat, 3 Mar 2018 19:00:06 +0100
Subject: [PATCH 3/4] esp32: Place gettimeofday inside IRAM.
---
components/esp32/ld/esp32.spiram.rom-functions-iram.ld | 1 +
1 file changed, 1 insertion(+)
diff --git a/components/esp32/ld/esp32.spiram.rom-functions-iram.ld b/components/esp32/ld/esp32.spiram.rom-functions-iram.ld
index 6f97fb6b15..843d860427 100644
--- a/components/esp32/ld/esp32.spiram.rom-functions-iram.ld
+++ b/components/esp32/ld/esp32.spiram.rom-functions-iram.ld
@@ -47,6 +47,7 @@
*lib_a-mktime.o(.literal .text .literal.* .text.*)
*lib_a-syswrite.o(.literal .text .literal.* .text.*)
*lib_a-tzset_r.o(.literal .text .literal.* .text.*)
+ *lib_a-sysgettod.o(.literal .text .literal.* .text.*)
*lib_a-tzset.o(.literal .text .literal.* .text.*)
*lib_a-toupper.o(.literal .text .literal.* .text.*)
*lib_a-tolower.o(.literal .text .literal.* .text.*)
From 02daf8466f4722bc258a25e22d4b3024412dbc77 Mon Sep 17 00:00:00 2001
From: Julien CHENAVAS <jchenavas@gmail.com>
Date: Wed, 3 Oct 2018 19:53:25 +0200
Subject: [PATCH 4/4] Fix bug xTaskCreate with function ref
---
examples/peripherals/gpio/main/gpio_example_main.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/peripherals/gpio/main/gpio_example_main.c b/examples/peripherals/gpio/main/gpio_example_main.c
index b6e71339ec..4e44edf0bd 100644
--- a/examples/peripherals/gpio/main/gpio_example_main.c
+++ b/examples/peripherals/gpio/main/gpio_example_main.c
@@ -89,7 +89,7 @@ void app_main()
//create a queue to handle gpio event from isr
gpio_evt_queue = xQueueCreate(10, sizeof(uint32_t));
//start gpio task
- xTaskCreate(gpio_task_example, "gpio_task_example", 2048, NULL, 10, NULL);
+ xTaskCreate(&gpio_task_example, "gpio_task_example", 2048, NULL, 10, NULL);
//install gpio isr service
gpio_install_isr_service(ESP_INTR_FLAG_DEFAULT);