Page 1 of 1
How to verify esp32 OTA downloaded image using it's own elf hash 256?
Posted: Mon Apr 29, 2024 1:57 am
by Asanga
Hi,
I am using OTA to update ESP32. I can verify the image before downloading by checking it's image header information such as version number, app name, etc. Once finishing the ota download, I got image hash256 using following function.
esp_app_desc_t app_info;
esp_ota_get_partition_description(partition, &app_info)
esp_partition_get_sha256(partition, sha_256);
Then I compared it with image header app_info.app_elf_sha256 and got no matching.
Does any body know verify downloaded image using it's app header has256 information?
Thanks.
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
Posted: Mon May 20, 2024 10:02 am
by eriksl
This is not very well documented but it seems to be that the image has a SHA256 checksum appended (32 bytes), which is not part of the data when the checksum is calculated (which, if you think about it, is not that strange).
So if you want to compare the checksum of the file that was uploaded with the result of this function, you need to chop off the last 32 bytes of the file and calculate the SHA256 checksum from the remaining data. The result should be the same as the 32 bytes you chopped off.
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
Posted: Wed May 22, 2024 11:15 pm
by Asanga
Thanks eriksl.
I found the function which extract SHA-256 from app image and does the job. It is
esp_err_t bootloader_common_get_sha256_of_partition (uint32_t address, uint32_t size, int type, uint8_t *out_sha_256)
and located in "..\components\bootloader_support\src\bootloader_common.c" file.
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
Posted: Thu May 23, 2024 8:12 am
by eriksl
What's different to the other version?
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
Posted: Thu May 23, 2024 10:46 pm
by Asanga
I am not getting the question? What versions? Are asking about idf versions?
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
Posted: Fri May 24, 2024 7:15 am
by eriksl
The difference between the functions, the "normal" one as documented, and the one you're suggesting here. I can't see it immediately.
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
Posted: Mon May 27, 2024 10:48 pm
by Asanga
My bad, I didn't read the document yet
I think this is explained in there. I should start reading documents.
The idf version I am using is 5.1.2. Thank you for the help.
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
Posted: Tue May 28, 2024 7:05 am
by eriksl
I mean, what is the difference between esp_partition_get_sha256 (which didn't work for you, because it assumes you do not include the SHA-256 checksum bytes (32) themselves into the checksum) and the one you're suggesting: bootloader_common_get_sha256_of_partition. I think the last one is for internal use by IDF code?
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
Posted: Tue May 28, 2024 11:10 pm
by Asanga
I forgot to remove last 32bytes of the app during HASH256 manual calculation. Later I realized idf esp_partition_get_sha256() does my job when getting hash of the app with considering return codes.
Re: How to verify esp32 OTA downloaded image using it's own elf hash 256?
Posted: Wed May 29, 2024 7:03 am
by eriksl
Yes, so the other function (bootloader_common_get_sha256_of_partition) doesn't really add something interesting? Because if it does, I'd like to know
