ESP-IDF : Esp32S3 - Is it possible to calculate a checksum on the firmware partition at compilation ?

ThomasESP32
Posts: 229
Joined: Thu Jul 14, 2022 5:15 am

ESP-IDF : Esp32S3 - Is it possible to calculate a checksum on the firmware partition at compilation ?

Postby ThomasESP32 » Wed Jul 12, 2023 1:04 pm

Good afternoon,

working with an Esp32S3, I would like to know if there is a possibility to calculate a CRC on the firmware partition
at compilation and to embed it somewhere automatically ?

The goal would be to calculate the CRC at compilation, to embed it somewhere in flash memory
and to have the possibility to calculate it again when the firmware is running (Via a method, with the same CRC computation).
This would enable me to check if my firmware partition is corrupted or not while the firmware is running.

Best regards,

Thank you for your help on the subject,

Thomas TRUILHE

ESP_igrr
Posts: 2071
Joined: Tue Dec 01, 2015 8:37 am

Re: ESP-IDF : Esp32S3 - Is it possible to calculate a checksum on the firmware partition at compilation ?

Postby ESP_igrr » Wed Jul 12, 2023 2:36 pm

This is possible, but something similar already happens by default in ESP-IDF.

2nd stage bootloader and application binaries have an SHA256 hash appended to them, see https://docs.espressif.com/projects/esp ... ormat.html for details. On boot, the ROM bootloader validates the hash of the 2nd stage bootloader, and in turn the 2nd stage bootloader validates the hash of the application.

If you want to perform additional checks at run time, you can use esp_partition_get_sha256 function. It will calculate the hash of the binary and compare it to the hash embedded at the end of the binary. If the hashes match, it will return ESP_OK and the hash itself in an output argument. If the hashes don't match, it will return ESP_ERR_IMAGE_INVALID.

ThomasESP32
Posts: 229
Joined: Thu Jul 14, 2022 5:15 am

Re: ESP-IDF : Esp32S3 - Is it possible to calculate a checksum on the firmware partition at compilation ?

Postby ThomasESP32 » Fri Jul 28, 2023 9:23 am

Good morning,

Thank you for your answer.
How can I know if the SHA256 is embedded in my application or not ?
(I would say is activated or not) ?

Best regards,

ThomasESP32
Posts: 229
Joined: Thu Jul 14, 2022 5:15 am

Re: ESP-IDF : Esp32S3 - Is it possible to calculate a checksum on the firmware partition at compilation ?

Postby ThomasESP32 » Fri Jul 28, 2023 9:50 am

Excuse me,
I have just one more question concerning the SHA256 :

Using the following functions :
1)
partition = (esp_partition_t *)esp_ota_get_running_partition();
Err = esp_partition_get_sha256(partition, Sha256);

2) pAppDescription = (esp_app_desc_t *)esp_app_get_description();

It seams that I do not have the same SHA obtained by the method 1 and with the method 2 (SHA is here contained in the pAppDescription).
Could you please confirm me that it is normal ?
Is there a difference between the SHA of the partition and the SHA of the ELF file ?

Best regards,

Thank you for your help,

Thomas TRUILHE

ESP_igrr
Posts: 2071
Joined: Tue Dec 01, 2015 8:37 am

Re: ESP-IDF : Esp32S3 - Is it possible to calculate a checksum on the firmware partition at compilation ?

Postby ESP_igrr » Fri Jul 28, 2023 12:04 pm

ThomasESP32 wrote: Is there a difference between the SHA of the partition and the SHA of the ELF file ?
Well, yes, they are different files, so the SHA256 is different...

esp_app_desc_t will contain the SHA256 of application ELF file. It is useful, for instance, in the Core Dump tool when decoding the dump, to verify that the ELF file provided is the same one as the application was built from.

To check what the SHA256 of a file is on the host side, run something like

$ shasum -a 256 build/blink.elf
cc47fa7bba33b172b4368c7a156b471eda2857914f54425a0b06d036693b63b9 build/blink.elf

Partition SHA256 will give you the the hash of application binary, up to the end where the hash is appended. If you have a .bin file, you can use esptool.py to display the appended hash, like this:

(example for esp32h2, replace it with the chip you are using)

$ esptool.py --chip esp32h2 image_info --version 2 build/blink.bin
esptool.py v4.6.2
File size: 177568 (bytes)

ESP32H2 image header
====================
Image version: 1
Entry point: 0x40800254
Segments: 5
Flash size: 2MB
Flash freq: 48m
Flash mode: DIO

ESP32H2 extended image header
=============================
WP pin: 0xee (disabled)
Flash pins drive settings: clk_drv: 0x0, q_drv: 0x0, d_drv: 0x0, cs0_drv: 0x0, hd_drv: 0x0, wp_drv: 0x0
Chip ID: 16 (ESP32-H2)
Minimal chip revision: v0.0, (legacy min_rev = 0)
Maximal chip revision: v0.99

Segments information
====================
Segment Length Load addr File offs Memory types
------- ------- ---------- ---------- ------------
1 0x09a40 0x42018020 0x00000018 IROM
2 0x065b0 0x40800000 0x00009a60 DRAM, BYTE_ACCESSIBLE, IRAM
3 0x1727c 0x42000020 0x00010018 IROM
4 0x0339c 0x408065b0 0x0002729c DRAM, BYTE_ACCESSIBLE, IRAM
5 0x00f30 0x40809950 0x0002a640 DRAM, BYTE_ACCESSIBLE, IRAM

ESP32H2 image footer
====================
Checksum: 0x8a (valid)
Validation hash: b0c5090109887453cec99390d13c86566d540b67f7b9d0fd7b1169eea001aa53 (valid)


The last line ("Validation hash") is the value you should receive from esp_partition_get_sha256.

Who is online

Users browsing this forum: Corand and 110 guests