Good afternoon,
working with an Esp32S3, I would like to know if there is a possibility to calculate a CRC on the firmware partition
at compilation and to embed it somewhere automatically ?
The goal would be to calculate the CRC at compilation, to embed it somewhere in flash memory
and to have the possibility to calculate it again when the firmware is running (Via a method, with the same CRC computation).
This would enable me to check if my firmware partition is corrupted or not while the firmware is running.
Best regards,
Thank you for your help on the subject,
Thomas TRUILHE
ESP-IDF : Esp32S3 - Is it possible to calculate a checksum on the firmware partition at compilation ?
-
- Posts: 229
- Joined: Thu Jul 14, 2022 5:15 am
Re: ESP-IDF : Esp32S3 - Is it possible to calculate a checksum on the firmware partition at compilation ?
This is possible, but something similar already happens by default in ESP-IDF.
2nd stage bootloader and application binaries have an SHA256 hash appended to them, see https://docs.espressif.com/projects/esp ... ormat.html for details. On boot, the ROM bootloader validates the hash of the 2nd stage bootloader, and in turn the 2nd stage bootloader validates the hash of the application.
If you want to perform additional checks at run time, you can use esp_partition_get_sha256 function. It will calculate the hash of the binary and compare it to the hash embedded at the end of the binary. If the hashes match, it will return ESP_OK and the hash itself in an output argument. If the hashes don't match, it will return ESP_ERR_IMAGE_INVALID.
2nd stage bootloader and application binaries have an SHA256 hash appended to them, see https://docs.espressif.com/projects/esp ... ormat.html for details. On boot, the ROM bootloader validates the hash of the 2nd stage bootloader, and in turn the 2nd stage bootloader validates the hash of the application.
If you want to perform additional checks at run time, you can use esp_partition_get_sha256 function. It will calculate the hash of the binary and compare it to the hash embedded at the end of the binary. If the hashes match, it will return ESP_OK and the hash itself in an output argument. If the hashes don't match, it will return ESP_ERR_IMAGE_INVALID.
-
- Posts: 229
- Joined: Thu Jul 14, 2022 5:15 am
Re: ESP-IDF : Esp32S3 - Is it possible to calculate a checksum on the firmware partition at compilation ?
Good morning,
Thank you for your answer.
How can I know if the SHA256 is embedded in my application or not ?
(I would say is activated or not) ?
Best regards,
Thank you for your answer.
How can I know if the SHA256 is embedded in my application or not ?
(I would say is activated or not) ?
Best regards,
-
- Posts: 229
- Joined: Thu Jul 14, 2022 5:15 am
Re: ESP-IDF : Esp32S3 - Is it possible to calculate a checksum on the firmware partition at compilation ?
Excuse me,
I have just one more question concerning the SHA256 :
Using the following functions :
1)
partition = (esp_partition_t *)esp_ota_get_running_partition();
Err = esp_partition_get_sha256(partition, Sha256);
2) pAppDescription = (esp_app_desc_t *)esp_app_get_description();
It seams that I do not have the same SHA obtained by the method 1 and with the method 2 (SHA is here contained in the pAppDescription).
Could you please confirm me that it is normal ?
Is there a difference between the SHA of the partition and the SHA of the ELF file ?
Best regards,
Thank you for your help,
Thomas TRUILHE
I have just one more question concerning the SHA256 :
Using the following functions :
1)
partition = (esp_partition_t *)esp_ota_get_running_partition();
Err = esp_partition_get_sha256(partition, Sha256);
2) pAppDescription = (esp_app_desc_t *)esp_app_get_description();
It seams that I do not have the same SHA obtained by the method 1 and with the method 2 (SHA is here contained in the pAppDescription).
Could you please confirm me that it is normal ?
Is there a difference between the SHA of the partition and the SHA of the ELF file ?
Best regards,
Thank you for your help,
Thomas TRUILHE
Re: ESP-IDF : Esp32S3 - Is it possible to calculate a checksum on the firmware partition at compilation ?
Well, yes, they are different files, so the SHA256 is different...ThomasESP32 wrote: Is there a difference between the SHA of the partition and the SHA of the ELF file ?
esp_app_desc_t will contain the SHA256 of application ELF file. It is useful, for instance, in the Core Dump tool when decoding the dump, to verify that the ELF file provided is the same one as the application was built from.
To check what the SHA256 of a file is on the host side, run something like
$ shasum -a 256 build/blink.elf
cc47fa7bba33b172b4368c7a156b471eda2857914f54425a0b06d036693b63b9 build/blink.elf
Partition SHA256 will give you the the hash of application binary, up to the end where the hash is appended. If you have a .bin file, you can use esptool.py to display the appended hash, like this:
(example for esp32h2, replace it with the chip you are using)
$ esptool.py --chip esp32h2 image_info --version 2 build/blink.bin
esptool.py v4.6.2
File size: 177568 (bytes)
ESP32H2 image header
====================
Image version: 1
Entry point: 0x40800254
Segments: 5
Flash size: 2MB
Flash freq: 48m
Flash mode: DIO
ESP32H2 extended image header
=============================
WP pin: 0xee (disabled)
Flash pins drive settings: clk_drv: 0x0, q_drv: 0x0, d_drv: 0x0, cs0_drv: 0x0, hd_drv: 0x0, wp_drv: 0x0
Chip ID: 16 (ESP32-H2)
Minimal chip revision: v0.0, (legacy min_rev = 0)
Maximal chip revision: v0.99
Segments information
====================
Segment Length Load addr File offs Memory types
------- ------- ---------- ---------- ------------
1 0x09a40 0x42018020 0x00000018 IROM
2 0x065b0 0x40800000 0x00009a60 DRAM, BYTE_ACCESSIBLE, IRAM
3 0x1727c 0x42000020 0x00010018 IROM
4 0x0339c 0x408065b0 0x0002729c DRAM, BYTE_ACCESSIBLE, IRAM
5 0x00f30 0x40809950 0x0002a640 DRAM, BYTE_ACCESSIBLE, IRAM
ESP32H2 image footer
====================
Checksum: 0x8a (valid)
Validation hash: b0c5090109887453cec99390d13c86566d540b67f7b9d0fd7b1169eea001aa53 (valid)
The last line ("Validation hash") is the value you should receive from esp_partition_get_sha256.
Who is online
Users browsing this forum: No registered users and 120 guests