Closed ouer1224 closed 5 months ago
aes_128_cbc_decrypt and aes_128_cbc_encrypt are available in ROM: https://github.com/espressif/esp-idf/blob/4f3cd0deb9c79c8282da4938a29d265705a57564/components/esp_rom/esp32/ld/esp32.rom.redefined.ld#L8-L9
@ouer1224
As you rightly mentioned that using mbedtls in the bootloader could be bit complicated due to footprint considerations, maximum size of the bootloader has limitation with secure boot enabled case. Bootloader will need OS agnostic version of the crypto APIs.
I think you can refer to aes_hal.c
(HAL) or aes_ll.h
(LL layer) APIs, they should work for the bootloader case. Alternatively, ROM APIs pointed above could also help here. Another option is to consider some small crypto library (e.g., tinycrypt) for this use-case.
Hope this helps!
Sorry for the later reply. I am fixing a memory release bug. As soon as it is fixed, I will test the ROM APIs and aes_hal.c or tinycrypt.
Answers checklist.
General issue report
Hi teams, I am trying to add some new feature in the secure bootloader. And I need to use AES algorithm to decrypt and encrypt some data. Due to the limitations of the bootloader ram, I was unable to call mbedtls and the AES functions I wrote myself. So I want to call the esp32 hardware aes calculation function. But I can't call 'esp_aes_crypt_ecb()' and 'esp_aes.h' in bootloader.
Is there any way I can use AES algorithm for encryption and decryption in secure bootloader.