From c33b9e1426121ce8cccf1a94241740be9cff68de Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Mon, 19 Feb 2024 12:26:08 +0530 Subject: [PATCH] fix(bootloader_support): check the secure version only for app image Secure version in the image header is only available for the application image. However, for certain security workflows, bootloader verifies itself (own image) and hence the secure version check during that must be avoided. Regression introduced in recent commit-id: 3305cb4d Tested that both secure boot and flash-enc workflows work correctly with the anti-rollback scenario. --- components/bootloader_support/src/esp_image_format.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/components/bootloader_support/src/esp_image_format.c b/components/bootloader_support/src/esp_image_format.c index 9016ae296d7..0a26247b56c 100644 --- a/components/bootloader_support/src/esp_image_format.c +++ b/components/bootloader_support/src/esp_image_format.c @@ -688,12 +688,16 @@ static esp_err_t process_segment_data(int segment, intptr_t load_addr, uint32_t #endif } uint32_t *dest = (uint32_t *)load_addr; -#endif +#endif // BOOTLOADER_BUILD const uint32_t *src = data; #if CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK - if (segment == 0) { + // Case I: Bootloader verifying application + // Case II: Bootloader verifying bootloader + // Anti-rollback check should handle only Case I from above. + if (segment == 0 && metadata->start_addr != ESP_BOOTLOADER_OFFSET) { + ESP_LOGD(TAG, "additional anti-rollback check 0x%"PRIx32, data_addr); // The esp_app_desc_t structure is located in DROM and is always in segment #0. size_t len = process_esp_app_desc_data(src, sha_handle, checksum, metadata); data_len -= len;