From 4573271d2ba7ca66423b27b4d561f51c00f0c1dc Mon Sep 17 00:00:00 2001 From: "harshal.patil" Date: Wed, 22 Nov 2023 15:14:52 +0530 Subject: [PATCH] fix(bootloader_support): Fix image_length calculation when secure boot v1 is enabled Fixed the value of the image_length field of the image metadata populated by esp_image_verfiy() to include the size of the signature sector when Secure Boot V1 is enabled. --- components/bootloader_support/src/esp_image_format.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/components/bootloader_support/src/esp_image_format.c b/components/bootloader_support/src/esp_image_format.c index e45c6c2d7e..12f663013f 100644 --- a/components/bootloader_support/src/esp_image_format.c +++ b/components/bootloader_support/src/esp_image_format.c @@ -932,9 +932,13 @@ static esp_err_t verify_secure_boot_signature(bootloader_sha256_handle_t sha_han return ESP_ERR_IMAGE_INVALID; } -#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME // Adjust image length result to include the appended signature +#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME data->image_len = end - data->start_addr + sizeof(ets_secure_boot_signature_t); +#elif defined(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME) + if (data->start_addr != ESP_BOOTLOADER_OFFSET) { + data->image_len = end - data->start_addr + sizeof(esp_secure_boot_sig_block_t); + } #endif #endif // SECURE_BOOT_CHECK_SIGNATURE