From 32b5c2ae147a9a0b4964cdcd1bd63f91ae4bf543 Mon Sep 17 00:00:00 2001 From: Mahavir Jain Date: Wed, 19 Nov 2025 11:17:46 +0530 Subject: [PATCH] fix(bootloader): fix signature verification skip in deep sleep scenario For CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP enabled and exit from deep sleep case the secure boot signature verification must be skipped to improve the wakeup performance. Closes https://github.com/espressif/esp-idf/issues/15590 --- .../bootloader_support/src/esp_image_format.c | 21 +++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/components/bootloader_support/src/esp_image_format.c b/components/bootloader_support/src/esp_image_format.c index bb2c1ccb641..9f3280733a4 100644 --- a/components/bootloader_support/src/esp_image_format.c +++ b/components/bootloader_support/src/esp_image_format.c @@ -23,6 +23,7 @@ #include "soc/soc_caps.h" #include "hal/cache_ll.h" #include "spi_flash_mmap.h" +#include "sdkconfig.h" #define ALIGN_UP(num, align) (((num) + ((align) - 1)) & ~((align) - 1)) @@ -108,6 +109,22 @@ static esp_err_t process_checksum(bootloader_sha256_handle_t sha_handle, uint32_ static esp_err_t __attribute__((unused)) verify_secure_boot_signature(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data, uint8_t *image_digest, uint8_t *verified_digest); static esp_err_t __attribute__((unused)) verify_simple_hash(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data); +#if BOOTLOADER_BUILD && (SECURE_BOOT_CHECK_SIGNATURE == 1) +#if CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP +static bool skip_verify(esp_image_load_mode_t mode, bool verify_sha) +{ + // Multi level check to ensure that its a legit exit from deep sleep case + return (esp_rom_get_reset_reason(0) == RESET_REASON_CORE_DEEP_SLEEP && + mode == ESP_IMAGE_LOAD_NO_VALIDATE && + !verify_sha) ? true : false; +} +#else + +#define skip_verify(mode, verify_sha) (false) + +#endif +#endif // BOOTLOADER_BUILD && (SECURE_BOOT_CHECK_SIGNATURE == 1) + static esp_err_t image_load(esp_image_load_mode_t mode, const esp_partition_pos_t *part, esp_image_metadata_t *data) { #ifdef BOOTLOADER_BUILD @@ -203,9 +220,9 @@ static esp_err_t image_load(esp_image_load_mode_t mode, const esp_partition_pos_ "only verify signature in bootloader" into the macro so it's tested multiple times. */ #if CONFIG_SECURE_BOOT_V2_ENABLED - ESP_FAULT_ASSERT(!esp_secure_boot_enabled() || memcmp(image_digest, verified_digest, HASH_LEN) == 0); + ESP_FAULT_ASSERT(!esp_secure_boot_enabled() || skip_verify(mode, verify_sha)|| memcmp(image_digest, verified_digest, HASH_LEN) == 0); #else // Secure Boot V1 on ESP32, only verify signatures for apps not bootloaders - ESP_FAULT_ASSERT(data->start_addr == ESP_BOOTLOADER_OFFSET || memcmp(image_digest, verified_digest, HASH_LEN) == 0); + ESP_FAULT_ASSERT(data->start_addr == ESP_BOOTLOADER_OFFSET || skip_verify(mode, verify_sha) || memcmp(image_digest, verified_digest, HASH_LEN) == 0); #endif #endif // SECURE_BOOT_CHECK_SIGNATURE