pioduino/esp-idf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(bootloader): correct encryption length for secure update without secure boot

Browse Source 
For secure update without secure boot case, the encryption length for
app image must consider signature block length as well. This was
correctly handled for secure boot case but not for secure update without
secure boot.
This commit is contained in:
Mahavir Jain
2025-09-01 11:00:48 +05:30
parent d8eae6c80d
commit b0713ffe08
3 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/bootloader_support/src/flash_encryption/flash_encrypt.c
+4
View File
@@ -428,6 +428,10 @@ static esp_err_t encrypt_partition(int index, const esp_partition_info_t *partit
if (partition->type == PART_TYPE_APP && should_encrypt) {
// Encrypt only the app image instead of encrypting the whole partition
size = image_data.image_len;
#if CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
// If secure update without secure boot, also encrypt the signature block
size += esp_secure_boot_sig_block_size();
#endif
}
#endif
} else if (partition->type == PART_TYPE_PARTITION_TABLE) {