Merge branch 'feat/secure_boot_ecdsa_p384' into 'master'

Support Secure Boot using ECDSA-P384 curve

Closes IDF-10016, IDF-10221, and IDF-12990

See merge request espressif/esp-idf!38517

Author: mahavirj

components/bootloader/Kconfig.projbuild

@@ -559,12 +559,13 @@ menu "Security features"
         depends on SECURE_SIGNED_APPS_ECDSA_V2_SCHEME
         default SECURE_BOOT_ECDSA_KEY_LEN_256_BITS
         help
-            Select the ECDSA key size. Two key sizes are supported
+            Select the ECDSA key size. Three key sizes are supported depending upon on the target:
 
             - 192 bit key using NISTP192 curve
             - 256 bit key using NISTP256 curve (Recommended)
+            - 384 bit key using NISTP384 curve (Recommended)
 
-            The advantage of using 256 bit key is the extra randomness which makes it difficult to be
+            The advantage of using 384 and 256 bit keys is the extra randomness which makes it difficult to be
             bruteforced compared to 192 bit key.
             At present, both key sizes are practically implausible to bruteforce.
 
@@ -576,6 +577,10 @@ menu "Security features"
             bool "Using ECC curve NISTP256 (Recommended)"
             depends on SECURE_SIGNED_APPS_ECDSA_V2_SCHEME
 
+        config SECURE_BOOT_ECDSA_KEY_LEN_384_BITS
+            bool "Using ECC curve NISTP384 (Recommended)"
+            depends on SECURE_SIGNED_APPS_ECDSA_V2_SCHEME && SOC_ECDSA_SUPPORT_CURVE_P384
+
     endchoice
 
     config SECURE_SIGNED_ON_BOOT_NO_SECURE_BOOT

components/bootloader/project_include.cmake

@@ -70,6 +70,8 @@ if(CONFIG_SECURE_SIGNED_APPS)
                     set(scheme "ecdsa192")
                 elseif(CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_256_BITS)
                     set(scheme "ecdsa256")
+                elseif(CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_384_BITS)
+                    set(scheme "ecdsa384")
                 endif()
                 fail_at_build_time(gen_secure_boot_signing_key
                     "Secure Boot Signing Key ${CONFIG_SECURE_BOOT_SIGNING_KEY} does not exist. Generate using:"

components/bootloader_support/include/esp_secure_boot.h

@@ -17,7 +17,6 @@
 #if !CONFIG_IDF_TARGET_LINUX
 #include "rom/secure_boot.h"
 #endif
-
 #ifdef CONFIG_SECURE_BOOT_V1_ENABLED
 #if !defined(CONFIG_SECURE_SIGNED_ON_BOOT) || !defined(CONFIG_SECURE_SIGNED_ON_UPDATE) || !defined(CONFIG_SECURE_SIGNED_APPS)
 #error "internal sdkconfig error, secure boot should always enable all signature options"
@@ -33,12 +32,20 @@ extern "C" {
    Can be compiled as part of app or bootloader code.
 */
 
+#if CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_384_BITS
+#define ESP_SECURE_BOOT_DIGEST_LEN 48
+#else /* !CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_384_BITS */
 #define ESP_SECURE_BOOT_DIGEST_LEN 32
+#endif /* CONFIG_SECURE_BOOT_ECDSA_KEY_LEN_384_BITS */
+
+/* SHA-256 length of the public key digest */
+#define ESP_SECURE_BOOT_KEY_DIGEST_SHA_256_LEN 32
 
+/* Length of the public key digest that is stored in efuses */
 #if CONFIG_IDF_TARGET_ESP32C2
-#define ESP_SECURE_BOOT_KEY_DIGEST_LEN 16
+#define ESP_SECURE_BOOT_KEY_DIGEST_LEN ESP_SECURE_BOOT_KEY_DIGEST_SHA_256_LEN / 2
 #else
-#define ESP_SECURE_BOOT_KEY_DIGEST_LEN 32
+#define ESP_SECURE_BOOT_KEY_DIGEST_LEN ESP_SECURE_BOOT_KEY_DIGEST_SHA_256_LEN
 #endif
 
 #ifdef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
@@ -193,7 +200,8 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag
 /** @brief Verify the secure boot signature appended to some binary data in flash.
  *
  * For ECDSA Scheme (Secure Boot V1) - deterministic ECDSA w/ SHA256 image
- * For RSA Scheme (Secure Boot V2) - RSA-PSS Verification of the SHA-256 image
+ * For RSA Scheme (Secure Boot V2) - RSA-PSS Verification of the SHA-256 image digest
+ * For ECDSA Scheme (Secure Boot V2) - ECDSA Verification of the SHA-256 / SHA-384 (in case of ECDSA-P384 secure boot key) image digest
  *
  * Public key is compiled into the calling program in the ECDSA Scheme.
  * See the apt docs/security/secure-boot-v1.rst or docs/security/secure-boot-v2.rst for details.
@@ -236,13 +244,13 @@ esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig
 
 /** @brief Verify the secure boot signature block for Secure Boot V2.
  *
- *  Performs RSA-PSS or ECDSA verification of the SHA-256 image based on the public key
+ *  Performs RSA-PSS or ECDSA verification of the SHA-256 / SHA-384 image based on the public key
  *  in the signature block, compared against the public key digest stored in efuse.
  *
  * Similar to esp_secure_boot_verify_signature(), but can be used when the digest is precalculated.
  * @param[in] sig_block Pointer to signature block data
- * @param[in] image_digest Pointer to 32 byte buffer holding SHA-256 hash.
- * @param[out] verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
+ * @param[in] image_digest Pointer to 32/48 byte buffer holding SHA-256/SHA-384 hash.
+ * @param[out] verified_digest Pointer to 32/48 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
  *
  */
 esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
@@ -255,7 +263,7 @@ esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_sign
  * Each image can have one or more signature blocks (up to SECURE_BOOT_NUM_BLOCKS). Each signature block includes a public key.
  */
 typedef struct {
-    uint8_t key_digests[SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS][ESP_SECURE_BOOT_DIGEST_LEN];    /* SHA of the public key components in the signature block */
+    uint8_t key_digests[SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS][ESP_SECURE_BOOT_KEY_DIGEST_SHA_256_LEN];    /* SHA of the public key components in the signature block */
     unsigned num_digests;                                       /* Number of valid digests, starting at index 0 */
 } esp_image_sig_public_key_digests_t;
 

components/bootloader_support/private_include/bootloader_sha.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2017-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2017-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -12,22 +12,33 @@
    Use mbedTLS APIs or include esp32/sha.h to calculate SHA256 in IDF apps.
 */
 
+#include <stdbool.h>
 #include <stdint.h>
 #include <stdlib.h>
 #include "esp_err.h"
+#include "soc/soc_caps.h"
 
 #ifdef __cplusplus
 extern "C" {
 #endif
 
 typedef void *bootloader_sha256_handle_t;
+typedef bootloader_sha256_handle_t bootloader_sha_handle_t;
 
 bootloader_sha256_handle_t bootloader_sha256_start(void);
 
 void bootloader_sha256_data(bootloader_sha256_handle_t handle, const void *data, size_t data_len);
 
 void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest);
 
+#if SOC_SHA_SUPPORT_SHA512
+bootloader_sha_handle_t bootloader_sha512_start(bool is384);
+
+void bootloader_sha512_data(bootloader_sha_handle_t handle, const void *data, size_t data_len);
+
+void bootloader_sha512_finish(bootloader_sha_handle_t handle, uint8_t *digest);
+#endif /* SOC_SHA_SUPPORT_SHA512 */
+
 #ifdef __cplusplus
 }
 #endif

components/bootloader_support/private_include/bootloader_utility.h

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2018-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2018-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -138,6 +138,20 @@ void bootloader_debug_buffer(const void *buffer, size_t length, const char *labe
  */
 esp_err_t bootloader_sha256_flash_contents(uint32_t flash_offset, uint32_t len, uint8_t *digest);
 
+/** @brief Generates the digest of the data between offset & offset+length.
+ *
+ * This function should be used when the size of the data is larger than 3.2MB.
+ * The MMU capacity is 3.2MB (50 pages - 64KB each). This function generates the SHA-384
+ * of the data in chunks of 3.2MB, considering the MMU capacity.
+ *
+ * @param[in]  flash_offset  Offset of the data in flash.
+ * @param[in]  len           Length of data in bytes.
+ * @param[out] digest        Pointer to buffer where the digest is written, if ESP_OK is returned.
+ *
+ * @return ESP_OK if secure boot digest is generated successfully.
+ */
+esp_err_t bootloader_sha384_flash_contents(uint32_t flash_offset, uint32_t len, uint8_t *digest);
+
 #ifdef __cplusplus
 }
 #endif

components/bootloader_support/src/bootloader_sha.c

@@ -29,19 +29,36 @@ bootloader_sha256_handle_t bootloader_sha256_start()
 void bootloader_sha256_data(bootloader_sha256_handle_t handle, const void *data, size_t data_len)
 {
     assert(handle != NULL);
+    ets_sha_update(&ctx, data, data_len, false);
+}
 
-#if !SOC_SECURE_BOOT_V2_ECC
-    /* For secure boot, the key field consists of 1 byte of curve identifier and 64 bytes of ECDSA public key.
-     * While verifying the signature block, we need to calculate the SHA of this key field which is of 65 bytes.
-     * ets_sha_update handles it cleanly so we can safely remove the check:
-     */
-    assert(data_len % 4 == 0);
-#endif /* SOC_SECURE_BOOT_V2_ECC */
+void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest)
+{
+    assert(handle != NULL);
+
+    if (digest == NULL) {
+        bzero(&ctx, sizeof(ctx));
+        return;
+    }
+    ets_sha_finish(&ctx, digest);
+}
+
+#if SOC_SHA_SUPPORT_SHA512
+bootloader_sha_handle_t bootloader_sha512_start(bool is384)
+{
+    // Enable SHA hardware
+    ets_sha_enable();
+    ets_sha_init(&ctx, is384 ? SHA2_384 : SHA2_512);
+    return &ctx; // Meaningless non-NULL value
+}
 
+void bootloader_sha512_data(bootloader_sha_handle_t handle, const void *data, size_t data_len)
+{
+    assert(handle != NULL);
     ets_sha_update(&ctx, data, data_len, false);
 }
 
-void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest)
+void bootloader_sha512_finish(bootloader_sha_handle_t handle, uint8_t *digest)
 {
     assert(handle != NULL);
 
@@ -51,6 +68,7 @@ void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest
     }
     ets_sha_finish(&ctx, digest);
 }
+#endif /* SOC_SHA_SUPPORT_SHA512 */
 #else /* !CONFIG_IDF_TARGET_ESP32 */
 
 #include "soc/dport_reg.h"
@@ -162,6 +180,7 @@ void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest
 
 #include "bootloader_flash_priv.h"
 #include <mbedtls/sha256.h>
+#include <mbedtls/sha512.h>
 
 bootloader_sha256_handle_t bootloader_sha256_start(void)
 {
@@ -199,4 +218,43 @@ void bootloader_sha256_finish(bootloader_sha256_handle_t handle, uint8_t *digest
     free(handle);
     handle = NULL;
 }
+
+#if SOC_SHA_SUPPORT_SHA512
+bootloader_sha_handle_t bootloader_sha512_start(bool is384)
+{
+    mbedtls_sha512_context *ctx = (mbedtls_sha512_context *)malloc(sizeof(mbedtls_sha512_context));
+    if (!ctx) {
+        return NULL;
+    }
+    mbedtls_sha512_init(ctx);
+    int ret = mbedtls_sha512_starts(ctx, is384);
+    if (ret != 0) {
+        return NULL;
+    }
+    return ctx;
+}
+
+void bootloader_sha512_data(bootloader_sha_handle_t handle, const void *data, size_t data_len)
+{
+    assert(handle != NULL);
+    mbedtls_sha512_context *ctx = (mbedtls_sha512_context *)handle;
+    int ret = mbedtls_sha512_update(ctx, data, data_len);
+    assert(ret == 0);
+    (void)ret;
+}
+
+void bootloader_sha512_finish(bootloader_sha_handle_t handle, uint8_t *digest)
+{
+    assert(handle != NULL);
+    mbedtls_sha512_context *ctx = (mbedtls_sha512_context *)handle;
+    if (digest != NULL) {
+        int ret = mbedtls_sha512_finish(ctx, digest);
+        assert(ret == 0);
+        (void)ret;
+    }
+    mbedtls_sha512_free(ctx);
+    free(handle);
+    handle = NULL;
+}
+#endif /* SOC_SHA_SUPPORT_SHA512 */
 #endif /* !(NON_OS_BUILD || CONFIG_APP_BUILD_TYPE_RAM) */

components/bootloader_support/src/bootloader_utility.c

@@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2018-2024 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2018-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
@@ -30,6 +30,7 @@
 #include "hal/cache_types.h"
 #include "hal/cache_ll.h"
 #include "hal/cache_hal.h"
+#include "hal/sha_types.h"
 
 #include "esp_cpu.h"
 #include "esp_image_format.h"
@@ -1213,18 +1214,29 @@ void bootloader_debug_buffer(const void *buffer, size_t length, const char *labe
 #endif
 }
 
-esp_err_t bootloader_sha256_flash_contents(uint32_t flash_offset, uint32_t len, uint8_t *digest)
+static esp_err_t bootloader_sha_flash_contents(esp_sha_type type, uint32_t flash_offset, uint32_t len, uint8_t *digest)
 {
-
     if (digest == NULL) {
         return ESP_ERR_INVALID_ARG;
     }
 
     /* Handling firmware images larger than MMU capacity */
     uint32_t mmu_free_pages_count = bootloader_mmap_get_free_pages();
-    bootloader_sha256_handle_t sha_handle = NULL;
+    bootloader_sha_handle_t sha_handle = NULL;
+
+    if (type == SHA2_256) {
+        sha_handle = bootloader_sha256_start();
+    } else
+    // Using SOC_ECDSA_SUPPORT_CURVE_P384 here so that there is no flash size impact in the case of existing targets like ESP32.
+#if SOC_SHA_SUPPORT_SHA384 && SOC_ECDSA_SUPPORT_CURVE_P384
+    if (type == SHA2_384) {
+        sha_handle = bootloader_sha512_start(true);
+    } else
+#endif /* SOC_SHA_SUPPORT_SHA384 && SOC_ECDSA_SUPPORT_CURVE_P384 */
+    {
+        return ESP_ERR_INVALID_ARG;
+    }
 
-    sha_handle = bootloader_sha256_start();
     if (sha_handle == NULL) {
         return ESP_ERR_NO_MEM;
     }
@@ -1234,7 +1246,14 @@ esp_err_t bootloader_sha256_flash_contents(uint32_t flash_offset, uint32_t len,
         uint32_t max_pages = (mmu_free_pages_count > mmu_page_offset) ? (mmu_free_pages_count - mmu_page_offset) : 0;
         if (max_pages == 0) {
             ESP_LOGE(TAG, "No free MMU pages are available");
-            bootloader_sha256_finish(sha_handle, NULL);
+            if (type == SHA2_256) {
+                bootloader_sha256_finish(sha_handle, NULL);
+            }
+#if SOC_SHA_SUPPORT_SHA384 && SOC_ECDSA_SUPPORT_CURVE_P384
+            else if (type == SHA2_384) {
+                bootloader_sha512_finish(sha_handle, NULL);
+            }
+#endif /* SOC_SHA_SUPPORT_SHA384 && SOC_ECDSA_SUPPORT_CURVE_P384 */
             return ESP_ERR_NO_MEM;
         }
         uint32_t max_image_len;
@@ -1245,15 +1264,51 @@ esp_err_t bootloader_sha256_flash_contents(uint32_t flash_offset, uint32_t len,
 
         const void * image = bootloader_mmap(flash_offset, partial_image_len);
         if (image == NULL) {
-            bootloader_sha256_finish(sha_handle, NULL);
+            if (type == SHA2_256) {
+                bootloader_sha256_finish(sha_handle, NULL);
+            }
+#if SOC_SHA_SUPPORT_SHA384 && SOC_ECDSA_SUPPORT_CURVE_P384
+            else if (type == SHA2_384) {
+                bootloader_sha512_finish(sha_handle, NULL);
+            }
+#endif /* SOC_SHA_SUPPORT_SHA384 && SOC_ECDSA_SUPPORT_CURVE_P384 */
             return ESP_FAIL;
         }
-        bootloader_sha256_data(sha_handle, image, partial_image_len);
+
+        if (type == SHA2_256) {
+            bootloader_sha256_data(sha_handle, image, partial_image_len);
+        }
+#if SOC_SHA_SUPPORT_SHA384 && SOC_ECDSA_SUPPORT_CURVE_P384
+        else if (type == SHA2_384) {
+            bootloader_sha512_data(sha_handle, image, partial_image_len);
+        }
+#endif /* SOC_SHA_SUPPORT_SHA384 && SOC_ECDSA_SUPPORT_CURVE_P384 */
+
         bootloader_munmap(image);
 
         flash_offset += partial_image_len;
         len -= partial_image_len;
     }
-    bootloader_sha256_finish(sha_handle, digest);
+
+    if (type == SHA2_256) {
+        bootloader_sha256_finish(sha_handle, digest);
+    }
+#if SOC_SHA_SUPPORT_SHA384 && SOC_ECDSA_SUPPORT_CURVE_P384
+    else if (type == SHA2_384) {
+        bootloader_sha512_finish(sha_handle, digest);
+    }
+#endif /* SOC_SHA_SUPPORT_SHA384 && SOC_ECDSA_SUPPORT_CURVE_P384 */
     return ESP_OK;
 }
+
+esp_err_t bootloader_sha256_flash_contents(uint32_t flash_offset, uint32_t len, uint8_t *digest)
+{
+    return bootloader_sha_flash_contents(SHA2_256, flash_offset, len, digest);
+}
+
+#if SOC_SHA_SUPPORT_SHA384 && SOC_ECDSA_SUPPORT_CURVE_P384
+esp_err_t bootloader_sha384_flash_contents(uint32_t flash_offset, uint32_t len, uint8_t *digest)
+{
+    return bootloader_sha_flash_contents(SHA2_384, flash_offset, len, digest);
+}
+#endif /* SOC_SHA_SUPPORT_SHA384 && SOC_ECDSA_SUPPORT_CURVE_P384 */