From 633b63d6fd75fa8fab8d0ab78898332b88b34114 Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Wed, 22 Nov 2023 15:14:52 +0530 Subject: [PATCH] fix(bootloader_support): Fix image_length calculation when secure boot v1 is enabled Fixed the value of the image_length field of the image metadata populated by esp_image_verfiy() to include the size of the signature sector when Secure Boot V1 is enabled. --- components/bootloader_support/src/esp_image_format.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/components/bootloader_support/src/esp_image_format.c b/components/bootloader_support/src/esp_image_format.c index aa728079b0a..b36ef65559e 100644 --- a/components/bootloader_support/src/esp_image_format.c +++ b/components/bootloader_support/src/esp_image_format.c @@ -980,9 +980,13 @@ static esp_err_t verify_secure_boot_signature(bootloader_sha256_handle_t sha_han return ESP_ERR_IMAGE_INVALID; } -#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME // Adjust image length result to include the appended signature +#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME data->image_len = end - data->start_addr + sizeof(ets_secure_boot_signature_t); +#elif defined(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME) + if (data->start_addr != ESP_BOOTLOADER_OFFSET) { + data->image_len = end - data->start_addr + sizeof(esp_secure_boot_sig_block_t); + } #endif #endif // SECURE_BOOT_CHECK_SIGNATURE