SHA256 of .bin doesn't match get_sha256_of_partition()

TibiToz
Posts: 7
Joined: Mon Aug 10, 2020 1:46 pm

SHA256 of .bin doesn't match get_sha256_of_partition()

Postby TibiToz » Thu Sep 01, 2022 8:01 am

Hey I'm currently working on the OTA side of my project. I have different hardware targets and my build script generates different .bin for each targets. When a new firmware is released, the .bin goes to a server wich provides the files for OTA.

Of course I wanted to automate the build / release procedure. My idea was to make a .py script to generate an SHA256 hash of the firmware and include it in the name of the firmware file. That way, when a device go threw the OTA process, it checks that the hash in the new firmware name matches the hash provides with bootloader_common_get_sha256_of_partition() after the new firmware was written to the partition.

The hash were not matching. I understood that when the .bin is build, his size doesn't match the partition size ( 0x200000) because all the unwritten bytes (0xFF) are discarded. I then find this:

parttool.py --port "COM7" read_partition --partition-type=data --partition-subtype=factory --output "factory.bin"

wich provides me a .bin that matches the size of the partition, but when I try to apply SHA256 on this file, the digest is not matching bootloader_common_get_sha256_of_partition(0x10000, 0x200000, 0, output) value.

Why is this giving me different result ? For my understanding, it should be the same.

Here is my partition.csv:
# Name,Type,SubType,Offset,Size,Flags
nvs,data,nvs,0x9000,0x4000
otadata,data,ota,0xd000,0x2000
phy_init,data,phy,0xf000,0x1000
factory,app,factory,0x10000,0x200000
ota_0,app,ota_0,0x210000,0x200000
ota_1,app,ota_1,0x410000,0x200000
nvsDvcInfoParam,data,nvs,0x610000,0x3000
nvsLog,data,nvs,0x613000,0x3000
nvsParamCstm,data,nvs,0x616000,0x3000
Thank you for your time,

Tibi

TibiToz
Posts: 7
Joined: Mon Aug 10, 2020 1:46 pm

Re: SHA256 of .bin doesn't match get_sha256_of_partition()

Postby TibiToz » Mon Sep 05, 2022 5:50 am

Is there a way to reproduce the digest given by bootloader_common_get_sha256_of_partition() at compile time or after compile time ?

ESP_Sprite
Posts: 9713
Joined: Thu Nov 26, 2015 4:08 am

Re: SHA256 of .bin doesn't match get_sha256_of_partition()

Postby ESP_Sprite » Tue Sep 06, 2022 1:54 am

For any recently modern ESP-IDF, bootloader_common_get_sha256_of_partition() returns the sha256 of the partition that is calculated when the bin is generated and appended to the bin. See https://docs.espressif.com/projects/esp ... ormat.html for more info.

Who is online

Users browsing this forum: Gaston1980, Majestic-12 [Bot] and 89 guests