1 /*
2 * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <string.h>
8 #include "sdkconfig.h"
9 #include "esp_log.h"
10 #include "esp_secure_boot.h"
11 #include "bootloader_flash_priv.h"
12 #include "bootloader_sha.h"
13 #include "bootloader_utility.h"
14 #include "esp_image_format.h"
15 #include "esp_efuse.h"
16 #include "esp_efuse_table.h"
17 #include "secure_boot_signature_priv.h"
18
19
20 /* The following API implementations are used only when called
21 * from the bootloader code.
22 */
23
24 #ifdef CONFIG_SECURE_BOOT_V2_ENABLED
25
26 #define ALIGN_UP(num, align) (((num) + ((align) - 1)) & ~((align) - 1))
27 static const char *TAG = "secure_boot_v2";
28
29 /* A signature block is valid when it has correct magic byte, crc and image digest. */
validate_signature_block(const ets_secure_boot_sig_block_t * block,int block_num,const uint8_t * image_digest)30 static esp_err_t validate_signature_block(const ets_secure_boot_sig_block_t *block, int block_num, const uint8_t *image_digest)
31 {
32 if (block->magic_byte != ETS_SECURE_BOOT_V2_SIGNATURE_MAGIC) {
33 // All signature blocks have been parsed, no new signature block present.
34 ESP_LOGD(TAG, "Signature block(%d) invalid/absent.", block_num);
35 return ESP_FAIL;
36 }
37 if (block->block_crc != esp_rom_crc32_le(0, (uint8_t *)block, CRC_SIGN_BLOCK_LEN)) {
38 ESP_LOGE(TAG, "Magic byte correct but incorrect crc.");
39 return ESP_FAIL;
40 }
41 if (memcmp(image_digest, block->image_digest, ESP_SECURE_BOOT_DIGEST_LEN)) {
42 ESP_LOGE(TAG, "Magic byte & CRC correct but incorrect image digest.");
43 return ESP_FAIL;
44 } else {
45 ESP_LOGD(TAG, "valid signature block(%d) found", block_num);
46 return ESP_OK;
47 }
48 return ESP_FAIL;
49 }
50
51 /* Generates the public key digests of the valid public keys in an image's
52 signature block, verifies each signature, and stores the key digests in the
53 public_key_digests structure.
54
55 @param flash_offset Image offset in flash
56 @param flash_size Image size in flash (not including signature block)
57 @param[out] public_key_digests Pointer to structure to hold the key digests for valid sig blocks
58
59
60 Note that this function doesn't read any eFuses, so it doesn't know if the
61 keys are ultimately trusted by the hardware or not
62
63 @return - ESP_OK if no signatures failed to verify, or if no valid signature blocks are found at all.
64 - ESP_FAIL if there's a valid signature block that doesn't verify using the included public key (unexpected!)
65 */
s_calculate_image_public_key_digests(uint32_t flash_offset,uint32_t flash_size,esp_image_sig_public_key_digests_t * public_key_digests)66 static esp_err_t s_calculate_image_public_key_digests(uint32_t flash_offset, uint32_t flash_size, esp_image_sig_public_key_digests_t *public_key_digests)
67 {
68 esp_err_t ret;
69 uint8_t image_digest[ESP_SECURE_BOOT_DIGEST_LEN] = {0};
70 uint8_t __attribute__((aligned(4))) key_digest[ESP_SECURE_BOOT_DIGEST_LEN] = {0};
71 size_t sig_block_addr = flash_offset + ALIGN_UP(flash_size, FLASH_SECTOR_SIZE);
72
73 ESP_LOGD(TAG, "calculating public key digests for sig blocks of image offset 0x%x (sig block offset 0x%x)", flash_offset, sig_block_addr);
74
75 bzero(public_key_digests, sizeof(esp_image_sig_public_key_digests_t));
76
77 ret = bootloader_sha256_flash_contents(flash_offset, sig_block_addr - flash_offset, image_digest);
78 if (ret != ESP_OK) {
79 ESP_LOGE(TAG, "error generating image digest, %d", ret);
80 return ret;
81 }
82
83 ESP_LOGD(TAG, "reading signature(s)");
84 const ets_secure_boot_signature_t *signatures = bootloader_mmap(sig_block_addr, sizeof(ets_secure_boot_signature_t));
85 if (signatures == NULL) {
86 ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", sig_block_addr, sizeof(ets_secure_boot_signature_t));
87 return ESP_FAIL;
88 }
89
90 /* Validating Signature block */
91 for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
92 const ets_secure_boot_sig_block_t *block = &signatures->block[i];
93
94 ret = validate_signature_block(block, i, image_digest);
95 if (ret != ESP_OK) {
96 ret = ESP_OK; // past the last valid signature block
97 break;
98 }
99
100 /* Generating the SHA of the public key components in the signature block */
101 bootloader_sha256_handle_t sig_block_sha;
102 sig_block_sha = bootloader_sha256_start();
103 #if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME
104 bootloader_sha256_data(sig_block_sha, &block->key, sizeof(block->key));
105 #elif CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME
106 bootloader_sha256_data(sig_block_sha, &block->ecdsa.key, sizeof(block->ecdsa.key));
107 #endif
108 bootloader_sha256_finish(sig_block_sha, key_digest);
109
110 // Check we can verify the image using this signature and this key
111 uint8_t temp_verified_digest[ESP_SECURE_BOOT_DIGEST_LEN];
112 #if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME
113 bool verified = ets_rsa_pss_verify(&block->key, block->signature, image_digest, temp_verified_digest);
114 #elif CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME
115 bool verified = ets_ecdsa_verify(&block->ecdsa.key.point[0], block->ecdsa.signature, block->ecdsa.key.curve_id, image_digest, temp_verified_digest);
116 #endif
117
118 if (!verified) {
119 /* We don't expect this: the signature blocks before we enable secure boot should all be verifiable or invalid,
120 so this is a fatal error
121 */
122 ret = ESP_FAIL;
123 ESP_LOGE(TAG, "Secure boot key (%d) verification failed.", i);
124 break;
125 }
126 ESP_LOGD(TAG, "Signature block (%d) is verified", i);
127 /* Copy the key digest to the buffer provided by the caller */
128 memcpy((void *)public_key_digests->key_digests[i], key_digest, ESP_SECURE_BOOT_DIGEST_LEN);
129 public_key_digests->num_digests++;
130 }
131
132 if (ret == ESP_OK && public_key_digests->num_digests > 0) {
133 ESP_LOGI(TAG, "Digests successfully calculated, %d valid signatures (image offset 0x%x)",
134 public_key_digests->num_digests, flash_offset);
135 }
136
137 bootloader_munmap(signatures);
138 return ret;
139 }
140
check_and_generate_secure_boot_keys(const esp_image_metadata_t * image_data)141 static esp_err_t check_and_generate_secure_boot_keys(const esp_image_metadata_t *image_data)
142 {
143 esp_err_t ret;
144 #ifdef CONFIG_IDF_TARGET_ESP32
145 esp_efuse_coding_scheme_t coding_scheme = esp_efuse_get_coding_scheme(EFUSE_BLK_SECURE_BOOT);
146 if (coding_scheme != EFUSE_CODING_SCHEME_NONE) {
147 ESP_LOGE(TAG, "No coding schemes are supported in secure boot v2.(Detected scheme: 0x%x)", coding_scheme);
148 return ESP_ERR_NOT_SUPPORTED;
149 }
150 #endif // CONFIG_IDF_TARGET_ESP32
151
152 esp_efuse_purpose_t secure_boot_key_purpose[SECURE_BOOT_NUM_BLOCKS] = {
153 #if SECURE_BOOT_NUM_BLOCKS == 1
154 ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2,
155 #else
156 ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST0,
157 ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST1,
158 ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST2,
159 #endif
160 };
161
162 /* Verify the bootloader */
163 esp_image_metadata_t bootloader_data = { 0 };
164 ret = esp_image_verify_bootloader_data(&bootloader_data);
165 if (ret != ESP_OK) {
166 ESP_LOGE(TAG, "bootloader image appears invalid! error %d", ret);
167 return ret;
168 }
169
170 /* Initialize all efuse block entries to invalid (max) value */
171 esp_efuse_block_t blocks[SECURE_BOOT_NUM_BLOCKS] = {[0 ... SECURE_BOOT_NUM_BLOCKS-1] = EFUSE_BLK_KEY_MAX};
172 /* Check if secure boot digests are present */
173 bool has_secure_boot_digest = false;
174 for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
175 bool tmp_has_key = esp_efuse_find_purpose(secure_boot_key_purpose[i], &blocks[i]);
176 if (tmp_has_key) { // For ESP32: esp_efuse_find_purpose() always returns True, need to check whether the key block is used or not.
177 tmp_has_key &= !esp_efuse_key_block_unused(blocks[i]);
178 }
179 has_secure_boot_digest |= tmp_has_key;
180 }
181
182 esp_image_sig_public_key_digests_t boot_key_digests = {0};
183 esp_image_sig_public_key_digests_t app_key_digests = {0};
184 ESP_LOGI(TAG, "Secure boot digests %s", has_secure_boot_digest ? "already present":"absent, generating..");
185
186 if (!has_secure_boot_digest) {
187 /* Generate the bootloader public key digests */
188 ret = s_calculate_image_public_key_digests(bootloader_data.start_addr, bootloader_data.image_len - SIG_BLOCK_PADDING, &boot_key_digests);
189 if (ret != ESP_OK) {
190 ESP_LOGE(TAG, "Bootloader signature block is invalid");
191 return ret;
192 }
193
194 if (boot_key_digests.num_digests == 0) {
195 ESP_LOGE(TAG, "No valid bootloader signature blocks found.");
196 return ESP_FAIL;
197 }
198 ESP_LOGI(TAG, "%d signature block(s) found appended to the bootloader.", boot_key_digests.num_digests);
199
200 ESP_LOGI(TAG, "Burning public key hash to eFuse");
201 ret = esp_efuse_write_keys(secure_boot_key_purpose, boot_key_digests.key_digests, boot_key_digests.num_digests);
202 if (ret != ESP_OK) {
203 if (ret == ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS) {
204 ESP_LOGE(TAG, "Bootloader signatures(%d) more than available key slots.", boot_key_digests.num_digests);
205 } else {
206 ESP_LOGE(TAG, "Failed to write efuse block with purpose (err=0x%x). Can't continue.", ret);
207 }
208 return ret;
209 }
210 } else {
211 for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
212 /* Check if corresponding digest slot is used or not */
213 if (blocks[i] == EFUSE_BLK_KEY_MAX) {
214 ESP_LOGD(TAG, "SECURE_BOOT_DIGEST%d slot is not used", i);
215 continue;
216 }
217
218 #if SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS
219 if (esp_efuse_get_digest_revoke(i)) {
220 continue;
221 }
222 #endif
223 #ifndef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
224 if (esp_efuse_get_key_dis_read(blocks[i])) {
225 ESP_LOGE(TAG, "Key digest (BLK%d) read protected, aborting...", blocks[i]);
226 return ESP_FAIL;
227 }
228 #endif
229 if (esp_efuse_block_is_empty(blocks[i])) {
230 ESP_LOGE(TAG, "%d eFuse block is empty, aborting...", blocks[i]);
231 return ESP_FAIL;
232 }
233 esp_efuse_set_key_dis_write(blocks[i]);
234 #ifdef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
235 size_t offset = 128;
236 #else
237 size_t offset = 0;
238 #endif
239 ret = esp_efuse_read_block(blocks[i], boot_key_digests.key_digests[boot_key_digests.num_digests], offset,
240 ESP_SECURE_BOOT_KEY_DIGEST_LEN * 8);
241 if (ret) {
242 ESP_LOGE(TAG, "Error during reading %d eFuse block (err=0x%x)", blocks[i], ret);
243 return ret;
244 }
245 boot_key_digests.num_digests++;
246 }
247 if (boot_key_digests.num_digests == 0) {
248 ESP_LOGE(TAG, "No valid pre-loaded public key digest in eFuse");
249 return ESP_FAIL;
250 }
251 ESP_LOGW(TAG, "Using pre-loaded public key digest in eFuse");
252 }
253
254 /* Generate the application public key digests */
255 ret = s_calculate_image_public_key_digests(image_data->start_addr, image_data->image_len - SIG_BLOCK_PADDING, &app_key_digests);
256 if (ret != ESP_OK) {
257 ESP_LOGE(TAG, "Application signature block is invalid.");
258 return ret;
259 }
260
261 if (app_key_digests.num_digests == 0) {
262 ESP_LOGE(TAG, "No valid applications signature blocks found.");
263 return ESP_FAIL;
264 }
265
266 ESP_LOGI(TAG, "%d signature block(s) found appended to the app.", app_key_digests.num_digests);
267 if (app_key_digests.num_digests > boot_key_digests.num_digests) {
268 ESP_LOGW(TAG, "App has %d signature blocks but bootloader only has %d. Some keys missing from bootloader?", app_key_digests.num_digests, boot_key_digests.num_digests);
269 }
270
271 /* Confirm if at least one public key from the application matches a public key in the bootloader
272 (Also, ensure if that public revoke bit is not set for the matched key) */
273 bool match = false;
274
275 for (unsigned i = 0; i < boot_key_digests.num_digests; i++) {
276 #if SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS
277 if (esp_efuse_get_digest_revoke(i)) {
278 ESP_LOGI(TAG, "Key block(%d) has been revoked.", i);
279 continue; // skip if the key block is revoked
280 }
281 #endif // SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS
282 for (unsigned j = 0; j < app_key_digests.num_digests; j++) {
283 if (!memcmp(boot_key_digests.key_digests[i], app_key_digests.key_digests[j], ESP_SECURE_BOOT_KEY_DIGEST_LEN)) {
284 ESP_LOGI(TAG, "Application key(%d) matches with bootloader key(%d).", j, i);
285 match = true;
286 }
287 }
288 }
289
290 if (match == false) {
291 ESP_LOGE(TAG, "No application key digest matches the bootloader key digest.");
292 return ESP_FAIL;
293 }
294
295 #if SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS
296 /* Revoke the empty signature blocks */
297 if (boot_key_digests.num_digests < SECURE_BOOT_NUM_BLOCKS) {
298 /* The revocation index can be 0, 1, 2. Bootloader count can be 1,2,3. */
299 for (unsigned i = boot_key_digests.num_digests; i < SECURE_BOOT_NUM_BLOCKS; i++) {
300 ESP_LOGI(TAG, "Revoking empty key digest slot (%d)...", i);
301 esp_efuse_set_digest_revoke(i);
302 }
303 }
304 #endif // SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS
305 return ESP_OK;
306 }
307
esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t * image_data)308 esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *image_data)
309 {
310 ESP_LOGI(TAG, "enabling secure boot v2...");
311
312 if (esp_secure_boot_enabled()) {
313 ESP_LOGI(TAG, "secure boot v2 is already enabled, continuing..");
314 return ESP_OK;
315 }
316
317 esp_efuse_batch_write_begin(); /* Batch all efuse writes at the end of this function */
318
319 esp_err_t err;
320 err = check_and_generate_secure_boot_keys(image_data);
321 if (err != ESP_OK) {
322 esp_efuse_batch_write_cancel();
323 return err;
324 }
325
326 ESP_LOGI(TAG, "blowing secure boot efuse...");
327 err = esp_secure_boot_enable_secure_features();
328 if (err != ESP_OK) {
329 esp_efuse_batch_write_cancel();
330 return err;
331 }
332
333 err = esp_efuse_batch_write_commit();
334 if (err != ESP_OK) {
335 ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err);
336 return err;
337 }
338
339 #ifdef CONFIG_SECURE_BOOT_ENABLE_AGGRESSIVE_KEY_REVOKE
340 assert(esp_efuse_read_field_bit(ESP_EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE));
341 #endif
342
343 #ifndef CONFIG_SECURE_BOOT_FLASH_ENC_KEYS_BURN_TOGETHER
344 assert(esp_secure_boot_enabled());
345 ESP_LOGI(TAG, "Secure boot permanently enabled");
346 #endif
347
348 return ESP_OK;
349 }
350
351 #endif // CONFIG_SECURE_BOOT_V2_ENABLED
352