Calculate end of bootloader to update SHA256 #716
+32
−6
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
chris-subtlebytes
force-pushed
the
main
branch
from
88a72ae to
e767ecd
Compare
chris-subtlebytes
force-pushed
the
main
branch
from
e767ecd to
db05d51
Compare
|
I left some print statements in there mostly to illustrate the issue. Do you want those removed? Are there any plans to add logging crates? I briefly looked into creating some tests. Are there any existing test |
chris-subtlebytes
force-pushed
the
main
branch
from
db05d51 to
0ba42b5
Compare
Not sure what you mean, |
chris-subtlebytes
force-pushed
the
main
branch
from
0ba42b5 to
eab6916
Compare
chris-subtlebytes
force-pushed
the
main
branch
from
eab6916 to
83159a9
Compare
|
log line added: |
The current implementation uses the last 32 bytes of the bootloader file. When Secure Boot V2 is enabled, the bootloader is padded. The new implementation walks through the segments to find the end and adds the 16-byte aligned 1-byte checksum to update the SHA256 instead of incorrectly updating the padding. Closes esp-rs#715
chris-subtlebytes
force-pushed
the
main
branch
from
83159a9 to
7a83fc7
Compare
| let hash = hasher.finalize(); | ||
| bootloader.to_mut()[bootloader_len - 32..].copy_from_slice(&hash); | ||
| log::info!( |
There was a problem hiding this comment.
This is more a debug log to me
Suggested change
| log::info!( | |
| debug!( |
| @@ -4,6 +4,7 @@ use std::{borrow::Cow, io::Write, iter::once, mem::size_of}; | |||
|
|
|||
| use bytemuck::{bytes_of, from_bytes, Pod, Zeroable}; | |||
| use esp_idf_part::{Partition, PartitionTable, Type}; | |||
| use log; | |||
There was a problem hiding this comment.
Suggested change
| use log; | |
| use log::debug; |
To be consisten with other places of the code.
Comment on lines
+172
to
+174
| // the hash is at the end of the bootloader, but the bootloader bytes are padded. | ||
| // the real end of the bootloader is the end of the segments plus the 16-byte aligned 1-byte checksum. | ||
| // the checksum is stored in the last byte so that the file is a multiple of 16 bytes. |
There was a problem hiding this comment.
Is there any documentation/esptool source code links that we could add here?
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The current implementation uses the last 32 bytes of the bootloader file. When Secure Boot V2 is enabled, the bootloader is padded. The new implementation walks through the segments to find the end and adds the 16-byte aligned 1-byte checksum to update the SHA256 instead of incorrectly updating the padding.
Closes #715