I am trying to make a more a complex SSBL that would parse X.509 certificates and verify RSA signatures. However I am facing issues with the size of the bootloader. I am using the bootloader_override example as a base.
I have stripped the mbedtls to bare minimum to be able to parse x509 certificates and I am considering using the ROM code from hal component for RSA-PSS signature verification, however even so I am getting the following results:
Code: Select all
$ idf_size.py --archives build/bootloader/bootloader.map
Total sizes:
Used stat D/IRAM: 32868 bytes ( -4196 remain, 114.6% used) Overflow detected!
With this in mind I've changed the partition offset from 0x8000 (32k) to 0x10000 (64k) in the sdkconfig using menuconfig:Set CONFIG_PARTITION_TABLE_OFFSET to a higher value than 0x8000, to place the partition table later in the flash. This increases the space available for the bootloader.
When Secure Boot V2 is enabled, there is also an absolute binary size limit of 64 KB (0x10000 bytes) (excluding the 4 KB signature), because the bootloader is first loaded into a fixed size buffer for verification.
Code: Select all
$ cat sdkconfig |grep PARTITION_TABLE_OFFSET
CONFIG_PARTITION_TABLE_OFFSET=0x10000
Code: Select all
esp-elf/13.2.0/../../../../xtensa-esp-elf/lib/esp32s3/no-rtti/libnosys.a(sbrk.o):(.literal+0x4): undefined reference to `end'
collect2: error: ld returned 1 exit status
Why I cannot change the partition offset and get larger bootloader (SSBL) size?
Kind regards,
Marin