diff --git a/components/app_update/Kconfig b/components/app_update/Kconfig new file mode 100644 index 00000000..67643b9f --- /dev/null +++ b/components/app_update/Kconfig @@ -0,0 +1,15 @@ +menu "App update" + +config APP_UPDATE_CHECK_APP_SUM + bool "Check APP binary data sum after downloading" + default y + help + If enable this option, app update will check the sum of app binary data after downloading it. + +config APP_UPDATE_CHECK_APP_HASH + bool "Check APP binary data hash after downloading" + default n + help + If enable this option, app update will check the hash of app binary data after downloading it. + +endmenu diff --git a/components/app_update/Makefile.projbuild b/components/app_update/Makefile.projbuild new file mode 100644 index 00000000..b47ee4ad --- /dev/null +++ b/components/app_update/Makefile.projbuild @@ -0,0 +1,8 @@ + +ifdef CONFIG_APP_UPDATE_CHECK_APP_SUM +CFLAGS += -DCONFIG_ENABLE_BOOT_CHECK_SUM=1 +endif + +ifdef CONFIG_APP_UPDATE_CHECK_APP_HASH +CFLAGS += -DCONFIG_ENABLE_BOOT_CHECK_SHA256=1 +endif diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild index 4c204a7b..5efa1dc3 100644 --- a/components/bootloader/Kconfig.projbuild +++ b/components/bootloader/Kconfig.projbuild @@ -28,6 +28,18 @@ config LOG_BOOTLOADER_LEVEL default 4 if LOG_BOOTLOADER_LEVEL_DEBUG default 5 if LOG_BOOTLOADER_LEVEL_VERBOSE +config BOOTLOADER_CHECK_APP_SUM + bool "Check APP binary data sum before loading" + default y + help + If enable this option, bootloader will check the sum of app binary data before load it to run. + +config BOOTLOADER_CHECK_APP_HASH + bool "Check APP binary data hash before loading" + default n + help + If enable this option, bootloader will check the hash of app binary data before load it to run. + config BOOTLOADER_SPI_WP_PIN int "SPI Flash WP Pin when customising pins via efuse (read help)" range 0 33 diff --git a/components/bootloader_support/Makefile.projbuild b/components/bootloader_support/Makefile.projbuild index ee62930c..6def8a29 100644 --- a/components/bootloader_support/Makefile.projbuild +++ b/components/bootloader_support/Makefile.projbuild @@ -5,3 +5,11 @@ $(SECURE_BOOT_SIGNING_KEY): @echo "Keep key file safe after generating." @echo "(See secure boot documentation for risks & alternatives.)" @exit 1 + +ifdef CONFIG_BOOTLOADER_CHECK_APP_SUM +CFLAGS += -DCONFIG_ENABLE_BOOT_CHECK_SUM=1 +endif + +ifdef CONFIG_BOOTLOADER_CHECK_APP_HASH +CFLAGS += -DCONFIG_ENABLE_BOOT_CHECK_SHA256=1 +endif diff --git a/components/bootloader_support/src/bootloader_sha.c b/components/bootloader_support/src/bootloader_sha.c index 8d7e5dca..6e4b06a9 100644 --- a/components/bootloader_support/src/bootloader_sha.c +++ b/components/bootloader_support/src/bootloader_sha.c @@ -170,4 +170,267 @@ void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest #endif +#elif defined(CONFIG_TARGET_PLATFORM_ESP8266) + +#ifndef BOOTLOADER_BUILD + +#include "bootloader_sha.h" +#include +#include +#include +#include + +#ifdef CONFIG_SSL_USING_MBEDTLS +// App version is a wrapper around mbedTLS SHA API +#include + +bootloader_sha256_handle_t bootloader_sha256_start() +{ + mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)malloc(sizeof(mbedtls_sha256_context)); + if (!ctx) { + return NULL; + } + mbedtls_sha256_init(ctx); + assert(mbedtls_sha256_starts_ret(ctx, false) == 0); + return ctx; +} + +void bootloader_sha256_data(bootloader_sha256_handle_t handle, const void *data, size_t data_len) +{ + assert(handle != NULL); + mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)handle; + assert(mbedtls_sha256_update_ret(ctx, data, data_len) == 0); +} + +void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest) +{ + assert(handle != NULL); + mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)handle; + if (digest != NULL) { + assert(mbedtls_sha256_finish_ret(ctx, digest) == 0); + } + mbedtls_sha256_free(ctx); + free(handle); +} + +#endif + +#else + +#include "bootloader_sha.h" +#include +#include +#include +#include + +typedef void* bootloader_sha256_handle_t; + +// Code from mbedTLS sha256 + +#define F0(x,y,z) ((x & y) | (z & (x | y))) +#define F1(x,y,z) (z ^ (x & (y ^ z))) + +#define SHR(x,n) ((x & 0xFFFFFFFF) >> n) +#define ROTR(x,n) (SHR(x,n) | (x << (32 - n))) + +#define S0(x) (ROTR(x, 7) ^ ROTR(x,18) ^ SHR(x, 3)) +#define S1(x) (ROTR(x,17) ^ ROTR(x,19) ^ SHR(x,10)) + +#define S2(x) (ROTR(x, 2) ^ ROTR(x,13) ^ ROTR(x,22)) +#define S3(x) (ROTR(x, 6) ^ ROTR(x,11) ^ ROTR(x,25)) + +#define GET_UINT32_BE(n,b,i) \ +do { \ + (n) = ( (uint32_t) (b)[(i) ] << 24 ) \ + | ( (uint32_t) (b)[(i) + 1] << 16 ) \ + | ( (uint32_t) (b)[(i) + 2] << 8 ) \ + | ( (uint32_t) (b)[(i) + 3] ); \ +} while( 0 ) + +#define PUT_UINT32_BE(n,b,i) \ +do { \ + (b)[(i) ] = (unsigned char) ( (n) >> 24 ); \ + (b)[(i) + 1] = (unsigned char) ( (n) >> 16 ); \ + (b)[(i) + 2] = (unsigned char) ( (n) >> 8 ); \ + (b)[(i) + 3] = (unsigned char) ( (n) ); \ +} while( 0 ) + +#define R(t) \ +( \ + W[t] = S1(W[t - 2]) + W[t - 7] + \ + S0(W[t - 15]) + W[t - 16] \ +) + +#define P(a,b,c,d,e,f,g,h,x,K) \ +{ \ + temp1 = h + S3(e) + F1(e,f,g) + K + x; \ + temp2 = S2(a) + F0(a,b,c); \ + d += temp1; h = temp1 + temp2; \ +} + +typedef struct { + uint32_t total[2]; + uint32_t state[8]; + uint8_t buffer[64]; +} mbedtls_sha256_context; + +static const uint32_t K[] = +{ + 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, + 0x3956C25B, 0x59F111F1, 0x923F82A4, 0xAB1C5ED5, + 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, + 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174, + 0xE49B69C1, 0xEFBE4786, 0x0FC19DC6, 0x240CA1CC, + 0x2DE92C6F, 0x4A7484AA, 0x5CB0A9DC, 0x76F988DA, + 0x983E5152, 0xA831C66D, 0xB00327C8, 0xBF597FC7, + 0xC6E00BF3, 0xD5A79147, 0x06CA6351, 0x14292967, + 0x27B70A85, 0x2E1B2138, 0x4D2C6DFC, 0x53380D13, + 0x650A7354, 0x766A0ABB, 0x81C2C92E, 0x92722C85, + 0xA2BFE8A1, 0xA81A664B, 0xC24B8B70, 0xC76C51A3, + 0xD192E819, 0xD6990624, 0xF40E3585, 0x106AA070, + 0x19A4C116, 0x1E376C08, 0x2748774C, 0x34B0BCB5, + 0x391C0CB3, 0x4ED8AA4A, 0x5B9CCA4F, 0x682E6FF3, + 0x748F82EE, 0x78A5636F, 0x84C87814, 0x8CC70208, + 0x90BEFFFA, 0xA4506CEB, 0xBEF9A3F7, 0xC67178F2, +}; + +static mbedtls_sha256_context s_sha256; + +static int internal_sha256_process(mbedtls_sha256_context *ctx, const uint8_t data[64]) +{ + uint32_t temp1, temp2, W[64]; + uint32_t A[8]; + unsigned int i; + + for( i = 0; i < 8; i++ ) + A[i] = ctx->state[i]; + + for( i = 0; i < 64; i++ ) + { + if( i < 16 ) + GET_UINT32_BE( W[i], data, 4 * i ); + else + R( i ); + + P( A[0], A[1], A[2], A[3], A[4], A[5], A[6], A[7], W[i], K[i] ); + + temp1 = A[7]; A[7] = A[6]; A[6] = A[5]; A[5] = A[4]; A[4] = A[3]; + A[3] = A[2]; A[2] = A[1]; A[1] = A[0]; A[0] = temp1; + } + + for( i = 0; i < 8; i++ ) + ctx->state[i] += A[i]; + + return( 0 ); +} + +bootloader_sha256_handle_t bootloader_sha256_start() +{ + mbedtls_sha256_context *ctx = &s_sha256; + + memset(ctx, 0, sizeof(mbedtls_sha256_context)); + + ctx->total[0] = 0; + ctx->total[1] = 0; + + ctx->state[0] = 0x6A09E667; + ctx->state[1] = 0xBB67AE85; + ctx->state[2] = 0x3C6EF372; + ctx->state[3] = 0xA54FF53A; + ctx->state[4] = 0x510E527F; + ctx->state[5] = 0x9B05688C; + ctx->state[6] = 0x1F83D9AB; + ctx->state[7] = 0x5BE0CD19; + + return ctx; +} + +void bootloader_sha256_data(bootloader_sha256_handle_t handle, const void *data, size_t data_len) +{ + mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)handle; + size_t ilen = data_len; + const uint8_t *input = (const uint8_t *)data; + + int ret; + size_t fill; + uint32_t left; + + left = ctx->total[0] & 0x3F; + fill = 64 - left; + + ctx->total[0] += (uint32_t) ilen; + ctx->total[0] &= 0xFFFFFFFF; + + if( ctx->total[0] < (uint32_t) ilen ) + ctx->total[1]++; + + if( left && ilen >= fill ) + { + memcpy((void *)(ctx->buffer + left), input, fill); + + if( ( ret = internal_sha256_process( ctx, ctx->buffer ) ) != 0 ) + return ; + + input += fill; + ilen -= fill; + left = 0; + } + + while( ilen >= 64 ) + { + if( ( ret = internal_sha256_process( ctx, input ) ) != 0 ) + return ; + + input += 64; + ilen -= 64; + } + + if( ilen > 0 ) + memcpy( (void *) (ctx->buffer + left), input, ilen ); +} + +void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest) +{ + uint32_t last, padn; + uint32_t high, low; + uint8_t msglen[8]; + uint8_t *output = digest; + mbedtls_sha256_context *ctx = (mbedtls_sha256_context *)handle; + + static const unsigned char sha256_padding[64] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 + }; + + high = ( ctx->total[0] >> 29 ) + | ( ctx->total[1] << 3 ); + low = ( ctx->total[0] << 3 ); + + PUT_UINT32_BE( high, msglen, 0 ); + PUT_UINT32_BE( low, msglen, 4 ); + + last = ctx->total[0] & 0x3F; + padn = ( last < 56 ) ? ( 56 - last ) : ( 120 - last ); + + bootloader_sha256_data(ctx, sha256_padding, padn); + + bootloader_sha256_data(ctx, msglen, 8); + + PUT_UINT32_BE( ctx->state[0], output, 0 ); + PUT_UINT32_BE( ctx->state[1], output, 4 ); + PUT_UINT32_BE( ctx->state[2], output, 8 ); + PUT_UINT32_BE( ctx->state[3], output, 12 ); + PUT_UINT32_BE( ctx->state[4], output, 16 ); + PUT_UINT32_BE( ctx->state[5], output, 20 ); + PUT_UINT32_BE( ctx->state[6], output, 24 ); + + PUT_UINT32_BE( ctx->state[7], output, 28 ); + + return ; +} + +#endif + #endif diff --git a/components/bootloader_support/src/esp_image_format.c b/components/bootloader_support/src/esp_image_format.c index a3370e01..23c89c5f 100644 --- a/components/bootloader_support/src/esp_image_format.c +++ b/components/bootloader_support/src/esp_image_format.c @@ -601,6 +601,8 @@ static const char *TAG = "esp_image"; #define HASH_LEN 32 /* SHA-256 digest length */ +#define SHA_CHUNK 1024 + #define MAX_CHECKSUM_READ_SIZE SPI_FLASH_SEC_SIZE #define SIXTEEN_MB 0x1000000 @@ -647,9 +649,11 @@ static esp_err_t verify_segment_header(int index, const esp_image_segment_header static esp_err_t verify_checksum(bootloader_sha256_handle_t sha_handle, uint32_t checksum_word, esp_image_metadata_t *data); -#if defined(CONFIG_SECURE_BOOT_ENABLED) && defined(CONFIG_ENABLE_BOOT_CHECK_SHA256) +#if defined(CONFIG_SECURE_BOOT_ENABLED) static esp_err_t __attribute__((unused)) verify_secure_boot_signature(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data); -static esp_err_t __attribute__((unused)) verify_simple_hash(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data); +#endif +#if defined(CONFIG_ENABLE_BOOT_CHECK_SHA256) +static esp_err_t __attribute__((unused)) verify_simple_hash(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data); #endif esp_err_t esp_image_load(esp_image_load_mode_t mode, const esp_partition_pos_t *part, esp_image_metadata_t *data) @@ -688,7 +692,10 @@ esp_err_t esp_image_load(esp_image_load_mode_t mode, const esp_partition_pos_t * if (1) { #else #ifdef CONFIG_ENABLE_BOOT_CHECK_SHA256 - if (data->image.hash_appended) { +#ifdef CONFIG_TARGET_PLATFORM_ESP32 + if (data->image.hash_appended) +#endif + { sha_handle = bootloader_sha256_start(); if (sha_handle == NULL) { return ESP_ERR_NO_MEM; @@ -926,98 +933,53 @@ err: static esp_err_t process_segment_data(intptr_t load_addr, uint32_t data_addr, uint32_t data_len, bool do_load, bootloader_sha256_handle_t sha_handle, uint32_t *checksum) { -#ifdef BOOTLOADER_BUILD - const uint32_t *data = (const uint32_t *)bootloader_mmap(data_addr, data_len); - if(!data) { - ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", - data_addr, data_len); + esp_err_t ret = ESP_OK; +#if defined(CONFIG_ENABLE_BOOT_CHECK_SUM) || defined(CONFIG_ENABLE_BOOT_CHECK_SHA256) + const char *src = (const char *)data_addr; +#ifndef BOOTLOADER_BUILD + uint32_t *pbuf; + + pbuf = (uint32_t*)malloc(SHA_CHUNK); + if(pbuf == NULL) { return ESP_FAIL; } - -#if defined(BOOTLOADER_BUILD) && defined(BOOTLOADER_UNPACK_APP) - // Set up the obfuscation value to use for loading - while (ram_obfs_value[0] == 0 || ram_obfs_value[1] == 0) { - bootloader_fill_random(ram_obfs_value, sizeof(ram_obfs_value)); - } - ram_obfs_value[0] = 0x55; - ram_obfs_value[1] = 0xaa; - uint32_t *dest = (uint32_t *)load_addr; +#else + static char pbuf[SHA_CHUNK]; #endif - const uint32_t *src = data; - - for (int i = 0; i < data_len; i += 4) { - int w_i = i/4; // Word index - uint32_t w = src[w_i]; - *checksum ^= w; -#ifdef BOOTLOADER_BUILD - if (do_load) { -// dest[w_i] = w ^ ((w_i & 1) ? ram_obfs_value[0] : ram_obfs_value[1]); - } -#endif + for (int i = 0; i < data_len; i += SHA_CHUNK) { // SHA_CHUNK determined experimentally as the optimum size // to call bootloader_sha256_data() with. This is a bit // counter-intuitive, but it's ~3ms better than using the // SHA256 block size. - const size_t SHA_CHUNK = 1024; - if (sha_handle != NULL && i % SHA_CHUNK == 0) { -// bootloader_sha256_data(sha_handle, &src[w_i], -// MIN(SHA_CHUNK, data_len - i)); - } - } + + size_t bytes = MIN(SHA_CHUNK, data_len - i); - bootloader_munmap(data); - - return ESP_OK; -#endif - -#ifndef BOOTLOADER_BUILD - uint32_t had_read_size = 0, to_read_size = 0; - uint32_t* data = 0; - - data = (uint32_t*)malloc(MAX_CHECKSUM_READ_SIZE); - if(data == NULL) { - return ESP_FAIL; - } - - const uint32_t *src = data; - for (; had_read_size != data_len; ) { - to_read_size = ((data_len - had_read_size) < MAX_CHECKSUM_READ_SIZE) ? (data_len - had_read_size) : MAX_CHECKSUM_READ_SIZE; - int ret = ESP_OK; - ret = spi_flash_read(data_addr + had_read_size, data, to_read_size); + ret = bootloader_flash_read((size_t)&src[i], pbuf, bytes, false); if (ret) { - ESP_LOGE(TAG, "SPI flash read result %d\n", ret); - free(data); - return ESP_FAIL; + ESP_LOGE(TAG, "bootloader read flash @ %p %d error %d", &src[i], bytes, ret); + goto exit; } - had_read_size += to_read_size; +#if defined(CONFIG_ENABLE_BOOT_CHECK_SUM) + uint32_t *psum = (uint32_t *)pbuf; - for (int i = 0; i < to_read_size; i += 4) { - int w_i = i/4; // Word index - uint32_t w = src[w_i]; - *checksum ^= w; - #ifdef BOOTLOADER_BUILD - if (do_load) { - // dest[w_i] = w ^ ((w_i & 1) ? ram_obfs_value[0] : ram_obfs_value[1]); - } - #endif - // SHA_CHUNK determined experimentally as the optimum size - // to call bootloader_sha256_data() with. This is a bit - // counter-intuitive, but it's ~3ms better than using the - // SHA256 block size. - const size_t SHA_CHUNK = 1024; - if (sha_handle != NULL && i % SHA_CHUNK == 0) { - // bootloader_sha256_data(sha_handle, &src[w_i], - // MIN(SHA_CHUNK, data_len - i)); - } - } - - - } // end for - free(data); - return ESP_OK; + for (int i = 0; i < bytes / sizeof(uint32_t); i++) + *checksum ^= psum[i]; #endif + +#if defined(CONFIG_ENABLE_BOOT_CHECK_SHA256) + if (sha_handle != NULL) + bootloader_sha256_data(sha_handle, pbuf, bytes); +#endif + } + +exit: +#ifndef BOOTLOADER_BUILD + free(pbuf); +#endif +#endif + return ret; } static esp_err_t verify_segment_header(int index, const esp_image_segment_header_t *segment, uint32_t segment_data_offs, bool silent) @@ -1082,49 +1044,68 @@ esp_err_t esp_image_verify_bootloader(uint32_t *length) static esp_err_t verify_checksum(bootloader_sha256_handle_t sha_handle, uint32_t checksum_word, esp_image_metadata_t *data) { + esp_err_t err = ESP_OK; +#if defined(CONFIG_ENABLE_BOOT_CHECK_SUM) || defined(CONFIG_ENABLE_BOOT_CHECK_SHA256) uint32_t unpadded_length = data->image_len; uint32_t length = unpadded_length + 1; // Add a byte for the checksum length = (length + 15) & ~15; // Pad to next full 16 byte block // Verify checksum uint8_t buf[16]; - esp_err_t err = bootloader_flash_read(data->start_addr + unpadded_length, buf, length - unpadded_length, true); + err = bootloader_flash_read(data->start_addr + unpadded_length, buf, length - unpadded_length, true); + if (err != ESP_OK) { + ESP_LOGE(TAG, "bootloader read flash @ 0x%x %d error %d", data->start_addr + unpadded_length, length - unpadded_length, err); + return ESP_ERR_IMAGE_INVALID; + } + +#if defined(CONFIG_ENABLE_BOOT_CHECK_SUM) uint8_t calc = buf[length - unpadded_length - 1]; uint8_t checksum = (checksum_word >> 24) ^ (checksum_word >> 16) ^ (checksum_word >> 8) ^ (checksum_word >> 0); - if (err != ESP_OK || checksum != calc) { + + if (checksum != calc) { ESP_LOGE(TAG, "Checksum failed. Calculated 0x%x read 0x%x", checksum, calc); return ESP_ERR_IMAGE_INVALID; } +#endif + #ifdef CONFIG_ENABLE_BOOT_CHECK_SHA256 if (sha_handle != NULL) { bootloader_sha256_data(sha_handle, buf, length - unpadded_length); } - if (data->image.hash_appended) { +#if CONFIG_TARGET_PLATFORM_ESP32 + if (data->image.hash_appended) +#endif + { // Account for the hash in the total image length length += HASH_LEN; } #endif data->image_len = length; +#endif - return ESP_OK; + return err; } -#if defined(CONFIG_SECURE_BOOT_ENABLED) && defined(CONFIG_ENABLE_BOOT_CHECK_SHA256) - +#if defined(CONFIG_SECURE_BOOT_ENABLED) || defined(CONFIG_ENABLE_BOOT_CHECK_SHA256) static void debug_log_hash(const uint8_t *image_hash, const char *caption); +#endif +#if defined(CONFIG_SECURE_BOOT_ENABLED) static esp_err_t verify_secure_boot_signature(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data) { uint8_t image_hash[HASH_LEN] = { 0 }; // For secure boot, we calculate the signature hash over the whole file, which includes any "simple" hash // appended to the image for corruption detection - if (data->image.hash_appended) { +#if CONFIG_TARGET_PLATFORM_ESP32 + if (data->image.hash_appended) +#endif + { const void *simple_hash = bootloader_mmap(data->start_addr + data->image_len - HASH_LEN, HASH_LEN); bootloader_sha256_data(sha_handle, simple_hash, HASH_LEN); bootloader_munmap(simple_hash); @@ -1160,27 +1141,37 @@ static esp_err_t verify_secure_boot_signature(bootloader_sha256_handle_t sha_han return ESP_OK; } +#endif +#if defined(CONFIG_ENABLE_BOOT_CHECK_SHA256) static esp_err_t verify_simple_hash(bootloader_sha256_handle_t sha_handle, esp_image_metadata_t *data) { - uint8_t image_hash[HASH_LEN] = { 0 }; + uint8_t image_hash[HASH_LEN]; + uint8_t image_hash_flash[HASH_LEN]; + + // Simple hash for verification only + esp_err_t err = bootloader_flash_read(data->start_addr + data->image_len - HASH_LEN, image_hash_flash, HASH_LEN, false); + if (err != ESP_OK) { + ESP_LOGE(TAG, "bootloader read flash @ 0x%x %d error %d", data->start_addr + data->image_len - HASH_LEN, HASH_LEN, err); + return ESP_ERR_IMAGE_INVALID; + } + bootloader_sha256_finish(sha_handle, image_hash); // Log the hash for debugging debug_log_hash(image_hash, "Calculated hash"); - // Simple hash for verification only - const void *hash = bootloader_mmap(data->start_addr + data->image_len - HASH_LEN, HASH_LEN); - if (memcmp(hash, image_hash, HASH_LEN) != 0) { + if (memcmp(image_hash_flash, image_hash, HASH_LEN) != 0) { ESP_LOGE(TAG, "Image hash failed - image is corrupt"); - debug_log_hash(hash, "Expected hash"); - bootloader_munmap(hash); + debug_log_hash(image_hash_flash, "Expected hash"); return ESP_ERR_IMAGE_INVALID; } - bootloader_munmap(hash); return ESP_OK; } +#endif + +#if defined(CONFIG_SECURE_BOOT_ENABLED) || defined(CONFIG_ENABLE_BOOT_CHECK_SHA256) // Log a hash as a hex string static void debug_log_hash(const uint8_t *image_hash, const char *label)