-
Notifications
You must be signed in to change notification settings - Fork 7.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[TW#18644] Secure Boot enabled before checking partition table signature #1641
Comments
It looks like partition table is not checked esp-idf/components/bootloader/subproject/main/bootloader_start.c Lines 148 to 151 in f8bda32
But app image is checked esp-idf/components/bootloader_support/src/esp_image_format.c Lines 103 to 104 in 98e5c47
esp-idf/components/bootloader_support/src/esp_image_format.c Lines 169 to 171 in 98e5c47
|
Hi @catalinio , Sorry for the delay in getting back to you. I believe @negativekelvin is right here. The app signature is checked on the first boot before secure boot is enabled, but the partition table signature is not checked until the second boot after secure boot is enabled (only basic partition table integrity is checked on the first boot). If someone accidentally flashes an unsigned but otherwise valid partition table and enables flash encryption, they can be left with an unbootable ESP32. As it happens, we've recently discussed removing the partition table signature check entirely to speed up boot times when secure boot is on. Any hypothetical attacker who can rewrite the partition table is able to make arbitrary flash writes, so they can always rewrite existing partition contents instead.[*]. So we will probably solve this by removing the partition table signature check entirely (improving the boot time when secure boot is enabled). [*] Previously there may have been a hypothetical weakness if an attacker could write to but not erase arbitrary flash. They could hypothetically extend an unsigned partition table rather than rewriting it. However the new MD5 appended to the partition table fixes this as it's impossible to repurpose that entry without erasing first. |
@projectgus while you are in there, what about write protect flash_crypt_cnt automatically when secure boot and non-reflashable bootloader selected? |
@negativekelvin That seems reasonable. FWIW I don't think there's a situation where this can lead to permanent problems, though (even if it's accidentally burned again to disable encryption, you can always burn it one more time to get encryption back on.) |
Unless it is burned to 0xff. Probably not a big concern but someone could permanently disable a device that way. |
Fair enough, will change this. Although please note that if a hypothetical malicious attacker is in a position to burn arbitrary efuses, they have lot of ways to permanently disable the device (via efuses and via other means.) |
That is true, other efuses would need to have write protect set but that could be done before first boot. Yes someone could still corrupt the flash chip, but at least we can take all reasonable measures. What is EFUSE_ABS_DONE_1 for and what do bits 4&11 of efuse_wr_disable do? |
@projectgus these changes didn't make it into bootloader refactor? |
@negativekelvin No, those were separate changes. But we haven't forgotten about this. |
Partition Tables are still signed for backwards compatibility, but signature is no longer checked as part of bootloader. Closes #1641
Partition Tables are still signed for backwards compatibility, but signature is no longer checked as part of bootloader. Closes espressif/esp-idf#1641
Partition Tables are still signed for backwards compatibility, but signature is no longer checked as part of bootloader. Closes espressif/esp-idf#1641
…1641) EEPROM.h uses data types which are declared through Arduino.h but that file does not contain an #include directive for Arduino.h. This does not cause any problems when the EEPROM library is #included from a .ino file because the Arduino IDE automatically adds an #include directive for Arduino.h but this is not the case for .cpp files. If a .cpp file has an #include directive for EEPROM.h that does not follow an #include directive for Arduino.h then compilation fails: E:\arduino\hardware\espressif\esp32\libraries\EEPROM/EEPROM.h:91:5: error: 'float_t' does not name a type float_t readFloat(int address); ^ E:\arduino\hardware\espressif\esp32\libraries\EEPROM/EEPROM.h:92:5: error: 'double_t' does not name a type double_t readDouble(int address); ^ E:\arduino\hardware\espressif\esp32\libraries\EEPROM/EEPROM.h:95:5: error: 'String' does not name a type String readString(int address); ^ E:\arduino\hardware\espressif\esp32\libraries\EEPROM/EEPROM.h:110:36: error: 'float_t' has not been declared size_t writeFloat(int address, float_t value); ^ E:\arduino\hardware\espressif\esp32\libraries\EEPROM/EEPROM.h:111:37: error: 'double_t' has not been declared size_t writeDouble(int address, double_t value); ^ E:\arduino\hardware\espressif\esp32\libraries\EEPROM/EEPROM.h:114:37: error: 'String' has not been declared size_t writeString(int address, String value);
Hi,
In the SecureBoot description there is this paragraph:
After I've checked the code from bootloader_start.c, it seems that if I flash: bootloader(with Secure Boot enabled), partitions.bin and application.bin; then the SecureBoot efuse (ABS_DONE_0) is set, even if partitions and application are not signed (or wrong SHA digest).
Basically, what happens:
Solution here, would be to re-sign partition and application and re-flash them on serial.
More tragic, is that if Flash Encryption is enabled, all the partitions (bootloader, parition table, factory app) are encrypted (with the secret efuse key). I guess, the esp32 chip is bricked; can't even use OTA for updating.
The text was updated successfully, but these errors were encountered: