Hi,
I am calculating SHA-256 of the running partition as below:
esp_partition_get_sha256(esp_ota_get_running_partition(), sha_256);
With this, I am getting - 02dae1d8986dc3d6842fd260b7a3fc57e0b600388955c5947ae617bd3a4af937
Also calculating SHA-256 from the utility (available in linux)of the same bin file uploaded to the above partition using ota, getting different SHA values.
Here, it is - 4eeede3a85261466f464ad3d801ffc8b86041c98444bac02e5aff708c23022e9 for the same bin file.
Why is it so???
My application is to compare the SHA-256 generated by my app and other coming from the server where the image is, and accordingly apply the rollback function.
Please clarify why is it different???
Please treat this as very urgent.
Looking forward for your response.
Thanks
R.
SHA_256 Not matching
Re: SHA_256 Not matching
They are different lengths. Bin file is not padded.
Re: SHA_256 Not matching
Hi,
No, it is of same length, i.e 64 bytes.
How to calculate sha256 of binary file??
Thanks
Ritu
No, it is of same length, i.e 64 bytes.
How to calculate sha256 of binary file??
Thanks
Ritu
Re: SHA_256 Not matching
Bin length != Partition length
Re: SHA_256 Not matching
Hi,
Could you please help me with the possible ways of image validation in esp32?
As described earlier, my aim is to compare the SHA-256 generated by my app and other coming from the cloud where the same image is downloaded , and accordingly apply the rollback function.
Something like this:
if(SHA-256_RunningImage == SHA_256_DownloadedImage){ //Both variable should be same if the image is same
esp_ota_mark_app_valid_cancel_rollback();
}
else{
esp_ota_mark_app_invalid_rollback_and_reboot();
}
I hope to receive something positive from you.
Thanks
R.
Could you please help me with the possible ways of image validation in esp32?
As described earlier, my aim is to compare the SHA-256 generated by my app and other coming from the cloud where the same image is downloaded , and accordingly apply the rollback function.
Something like this:
if(SHA-256_RunningImage == SHA_256_DownloadedImage){ //Both variable should be same if the image is same
esp_ota_mark_app_valid_cancel_rollback();
}
else{
esp_ota_mark_app_invalid_rollback_and_reboot();
}
I hope to receive something positive from you.
Thanks
R.
Re: SHA_256 Not matching
Hi Ritu21,
App .bin files have a SHA-256 hash appended to them for verification. The bootloader checks this SHA-256 hash before it boots the app, and the esp_partition_getsha256() function verifies the app is valid and the embedded SHA-256 hash matches. (In this way, the behaviour is different for app partitions vs other partitions where it just takes SHA256 of all bytes in the partition regardless of content.)
This is why the sha256 calculated on the .bin file is different, it's returning the appended hash inside the .bin file.
For more details see the API documentation for esp_partition_get_sha256().
To identify the binary image in the way you need, there are a couple of options:
App .bin files have a SHA-256 hash appended to them for verification. The bootloader checks this SHA-256 hash before it boots the app, and the esp_partition_getsha256() function verifies the app is valid and the embedded SHA-256 hash matches. (In this way, the behaviour is different for app partitions vs other partitions where it just takes SHA256 of all bytes in the partition regardless of content.)
This is why the sha256 calculated on the .bin file is different, it's returning the appended hash inside the .bin file.
For more details see the API documentation for esp_partition_get_sha256().
To identify the binary image in the way you need, there are a couple of options:
- Use "esptool.py --chip esp32 image_info app_file.bin" and copy the SHA256 from this output. This is the same hash embedded in the .bin file.
- Use the esp_ota_get_app_description() or esp_ota_get_app_elf_sha256() functions (both new in v3.3). This can get you the SHA-256 of the ELF file that the binary was built from (this is the actual sha256sum of the whole .elf file). Then use this for comparison. (Note that the app_desc_t structure includes both this SHA-256 and some other information about the app like the version string, if you want other ways to embed metadata in the app.)
Re: SHA_256 Not matching
Hi Angus,
Thanks for your reply, It helped me!!!
Ritu.
Thanks for your reply, It helped me!!!
Ritu.
Who is online
Users browsing this forum: Google [Bot], Majestic-12 [Bot] and 145 guests