How to verify esp32 OTA downloaded image using it's own elf hash 256?
How to verify esp32 OTA downloaded image using it's own elf hash 256?
Hi,
I am using OTA to update ESP32. I can verify the image before downloading by checking it's image header information such as version number, app name, etc. Once finishing the ota download, I got image hash256 using following function.
esp_app_desc_t app_info;
esp_ota_get_partition_description(partition, &app_info)
esp_partition_get_sha256(partition, sha_256);
Then I compared it with image header app_info.app_elf_sha256 and got no matching.
Does any body know verify downloaded image using it's app header has256 information?
Thanks.
I am using OTA to update ESP32. I can verify the image before downloading by checking it's image header information such as version number, app name, etc. Once finishing the ota download, I got image hash256 using following function.
esp_app_desc_t app_info;
esp_ota_get_partition_description(partition, &app_info)
esp_partition_get_sha256(partition, sha_256);
Then I compared it with image header app_info.app_elf_sha256 and got no matching.
Does any body know verify downloaded image using it's app header has256 information?
Thanks.
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
This is not very well documented but it seems to be that the image has a SHA256 checksum appended (32 bytes), which is not part of the data when the checksum is calculated (which, if you think about it, is not that strange).
So if you want to compare the checksum of the file that was uploaded with the result of this function, you need to chop off the last 32 bytes of the file and calculate the SHA256 checksum from the remaining data. The result should be the same as the 32 bytes you chopped off.
So if you want to compare the checksum of the file that was uploaded with the result of this function, you need to chop off the last 32 bytes of the file and calculate the SHA256 checksum from the remaining data. The result should be the same as the 32 bytes you chopped off.
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
Thanks eriksl.
I found the function which extract SHA-256 from app image and does the job. It is
and located in "..\components\bootloader_support\src\bootloader_common.c" file.
I found the function which extract SHA-256 from app image and does the job. It is
- esp_err_t bootloader_common_get_sha256_of_partition (uint32_t address, uint32_t size, int type, uint8_t *out_sha_256)
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
What's different to the other version?
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
I am not getting the question? What versions? Are asking about idf versions?
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
The difference between the functions, the "normal" one as documented, and the one you're suggesting here. I can't see it immediately.
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
My bad, I didn't read the document yet I think this is explained in there. I should start reading documents.
The idf version I am using is 5.1.2. Thank you for the help.
The idf version I am using is 5.1.2. Thank you for the help.
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
I mean, what is the difference between esp_partition_get_sha256 (which didn't work for you, because it assumes you do not include the SHA-256 checksum bytes (32) themselves into the checksum) and the one you're suggesting: bootloader_common_get_sha256_of_partition. I think the last one is for internal use by IDF code?
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
I forgot to remove last 32bytes of the app during HASH256 manual calculation. Later I realized idf esp_partition_get_sha256() does my job when getting hash of the app with considering return codes.
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
Yes, so the other function (bootloader_common_get_sha256_of_partition) doesn't really add something interesting? Because if it does, I'd like to know
Who is online
Users browsing this forum: thetitaniumtitan and 207 guests