diff --git a/components/app_update/esp_app_desc.c b/components/app_update/esp_app_desc.c index 23d3b4cc72..eaa3a70b2f 100644 --- a/components/app_update/esp_app_desc.c +++ b/components/app_update/esp_app_desc.c @@ -34,8 +34,8 @@ const __attribute__((section(".rodata_desc"))) esp_app_desc_t esp_app_desc = { #endif .idf_ver = IDF_VER, -#ifdef CONFIG_APP_SECURE_VERSION - .secure_version = CONFIG_APP_SECURE_VERSION, +#ifdef CONFIG_BOOTLOADER_APP_SECURE_VERSION + .secure_version = CONFIG_BOOTLOADER_APP_SECURE_VERSION, #else .secure_version = 0, #endif diff --git a/components/app_update/esp_ota_ops.c b/components/app_update/esp_ota_ops.c index e800007f80..edc70ca6f8 100644 --- a/components/app_update/esp_ota_ops.c +++ b/components/app_update/esp_ota_ops.c @@ -113,7 +113,7 @@ static esp_err_t image_validate(const esp_partition_t *partition, esp_image_load static esp_ota_img_states_t set_new_state_otadata(void) { -#ifdef CONFIG_APP_ROLLBACK_ENABLE +#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE ESP_LOGD(TAG, "Monitoring the first boot of the app is enabled."); return ESP_OTA_IMG_NEW; #else @@ -144,7 +144,7 @@ esp_err_t esp_ota_begin(const esp_partition_t *partition, size_t image_size, esp return ESP_ERR_OTA_PARTITION_CONFLICT; } -#ifdef CONFIG_APP_ROLLBACK_ENABLE +#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE esp_ota_img_states_t ota_state_running_part; if (esp_ota_get_state_partition(running_partition, &ota_state_running_part) == ESP_OK) { if (ota_state_running_part == ESP_OTA_IMG_PENDING_VERIFY) { @@ -394,7 +394,7 @@ esp_err_t esp_ota_set_boot_partition(const esp_partition_t *partition) return ESP_ERR_NOT_FOUND; } } else { -#ifdef CONFIG_APP_ANTI_ROLLBACK +#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK esp_app_desc_t partition_app_desc; esp_err_t err = esp_ota_get_partition_description(partition, &partition_app_desc); if (err != ESP_OK) { @@ -582,7 +582,7 @@ esp_err_t esp_ota_get_partition_description(const esp_partition_t *partition, es return ESP_OK; } -#ifdef CONFIG_APP_ANTI_ROLLBACK +#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK static esp_err_t esp_ota_set_anti_rollback(void) { const esp_app_desc_t *app_desc = esp_ota_get_app_description(); return esp_efuse_update_secure_version(app_desc->secure_version); @@ -614,7 +614,7 @@ bool esp_ota_check_rollback_is_possible(void) int last_active_ota = (~active_ota)&1; const esp_partition_t *partition = NULL; -#ifndef CONFIG_APP_ANTI_ROLLBACK +#ifndef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK if (valid_otadata[last_active_ota] == false) { partition = esp_partition_find_first(ESP_PARTITION_TYPE_APP, ESP_PARTITION_SUBTYPE_APP_FACTORY, NULL); if (partition != NULL) { @@ -630,7 +630,7 @@ bool esp_ota_check_rollback_is_possible(void) partition = esp_partition_find_first(ESP_PARTITION_TYPE_APP, ESP_PARTITION_SUBTYPE_APP_OTA_MIN + slot, NULL); if (partition != NULL) { if(image_validate(partition, ESP_IMAGE_VERIFY_SILENT) == ESP_OK) { -#ifdef CONFIG_APP_ANTI_ROLLBACK +#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK esp_app_desc_t app_desc; if (esp_ota_get_partition_description(partition, &app_desc) == ESP_OK && esp_efuse_check_secure_version(app_desc.secure_version) == true) { @@ -661,7 +661,7 @@ static esp_err_t esp_ota_current_ota_is_workable(bool valid) otadata[active_otadata].ota_state = ESP_OTA_IMG_VALID; ESP_LOGD(TAG, "OTA[current] partition is marked as VALID"); esp_err_t err = rewrite_ota_seq(otadata, otadata[active_otadata].ota_seq, active_otadata, otadata_partition); -#ifdef CONFIG_APP_ANTI_ROLLBACK +#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK if (err == ESP_OK) { return esp_ota_set_anti_rollback(); } diff --git a/components/app_update/test/test_switch_ota.c b/components/app_update/test/test_switch_ota.c index 0c0b0e75e5..4c753edf46 100644 --- a/components/app_update/test/test_switch_ota.c +++ b/components/app_update/test/test_switch_ota.c @@ -240,7 +240,7 @@ static void reset_output_pin(uint32_t num_pin) static void mark_app_valid(void) { -#ifdef CONFIG_APP_ROLLBACK_ENABLE +#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE TEST_ESP_OK(esp_ota_mark_app_valid_cancel_rollback()); #endif } @@ -519,7 +519,7 @@ static void test_rollback1(void) TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_ota_get_state_partition(cur_app, &ota_state)); update_partition = app_update(); TEST_ESP_OK(esp_ota_get_state_partition(update_partition, &ota_state)); -#ifndef CONFIG_APP_ROLLBACK_ENABLE +#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state); #else TEST_ASSERT_EQUAL(ESP_OTA_IMG_NEW, ota_state); @@ -531,7 +531,7 @@ static void test_rollback1(void) TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype); TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition()); TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state)); -#ifndef CONFIG_APP_ROLLBACK_ENABLE +#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state); #else TEST_ASSERT_EQUAL(ESP_OTA_IMG_PENDING_VERIFY, ota_state); @@ -598,7 +598,7 @@ static void test_rollback2(void) TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_ota_get_state_partition(cur_app, &ota_state)); update_partition = app_update(); TEST_ESP_OK(esp_ota_get_state_partition(update_partition, &ota_state)); -#ifndef CONFIG_APP_ROLLBACK_ENABLE +#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state); #else TEST_ASSERT_EQUAL(ESP_OTA_IMG_NEW, ota_state); @@ -610,7 +610,7 @@ static void test_rollback2(void) TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype); TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition()); TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state)); -#ifndef CONFIG_APP_ROLLBACK_ENABLE +#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state); #else TEST_ASSERT_EQUAL(ESP_OTA_IMG_PENDING_VERIFY, ota_state); @@ -621,7 +621,7 @@ static void test_rollback2(void) TEST_ASSERT_EQUAL(ESP_OTA_IMG_VALID, ota_state); update_partition = app_update(); TEST_ESP_OK(esp_ota_get_state_partition(update_partition, &ota_state)); -#ifndef CONFIG_APP_ROLLBACK_ENABLE +#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state); #else TEST_ASSERT_EQUAL(ESP_OTA_IMG_NEW, ota_state); @@ -633,7 +633,7 @@ static void test_rollback2(void) TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_1, cur_app->subtype); TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition()); TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state)); -#ifndef CONFIG_APP_ROLLBACK_ENABLE +#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state); TEST_ESP_OK(esp_ota_mark_app_invalid_rollback_and_reboot()); #else @@ -666,7 +666,7 @@ static void test_rollback2_1(void) TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state)); TEST_ASSERT_EQUAL(ESP_OTA_IMG_VALID, ota_state); TEST_ESP_OK(esp_ota_get_state_partition(invalid_partition, &ota_state)); -#ifndef CONFIG_APP_ROLLBACK_ENABLE +#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE TEST_ASSERT_EQUAL(ESP_OTA_IMG_INVALID, ota_state); #else TEST_ASSERT_EQUAL(ESP_OTA_IMG_ABORTED, ota_state); diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild index c302157a58..ba551e5928 100644 --- a/components/bootloader/Kconfig.projbuild +++ b/components/bootloader/Kconfig.projbuild @@ -1,32 +1,32 @@ menu "Bootloader config" - choice LOG_BOOTLOADER_LEVEL + choice BOOTLOADER_LOG_LEVEL bool "Bootloader log verbosity" - default LOG_BOOTLOADER_LEVEL_INFO + default BOOTLOADER_LOG_LEVEL_INFO help Specify how much output to see in bootloader logs. - config LOG_BOOTLOADER_LEVEL_NONE + config BOOTLOADER_LOG_LEVEL_NONE bool "No output" - config LOG_BOOTLOADER_LEVEL_ERROR + config BOOTLOADER_LOG_LEVEL_ERROR bool "Error" - config LOG_BOOTLOADER_LEVEL_WARN + config BOOTLOADER_LOG_LEVEL_WARN bool "Warning" - config LOG_BOOTLOADER_LEVEL_INFO + config BOOTLOADER_LOG_LEVEL_INFO bool "Info" - config LOG_BOOTLOADER_LEVEL_DEBUG + config BOOTLOADER_LOG_LEVEL_DEBUG bool "Debug" - config LOG_BOOTLOADER_LEVEL_VERBOSE + config BOOTLOADER_LOG_LEVEL_VERBOSE bool "Verbose" endchoice - config LOG_BOOTLOADER_LEVEL + config BOOTLOADER_LOG_LEVEL int - default 0 if LOG_BOOTLOADER_LEVEL_NONE - default 1 if LOG_BOOTLOADER_LEVEL_ERROR - default 2 if LOG_BOOTLOADER_LEVEL_WARN - default 3 if LOG_BOOTLOADER_LEVEL_INFO - default 4 if LOG_BOOTLOADER_LEVEL_DEBUG - default 5 if LOG_BOOTLOADER_LEVEL_VERBOSE + default 0 if BOOTLOADER_LOG_LEVEL_NONE + default 1 if BOOTLOADER_LOG_LEVEL_ERROR + default 2 if BOOTLOADER_LOG_LEVEL_WARN + default 3 if BOOTLOADER_LOG_LEVEL_INFO + default 4 if BOOTLOADER_LOG_LEVEL_DEBUG + default 5 if BOOTLOADER_LOG_LEVEL_VERBOSE config BOOTLOADER_SPI_WP_PIN int "SPI Flash WP Pin when customising pins via eFuse (read help)" @@ -140,7 +140,7 @@ menu "Bootloader config" source for slow_clk - and ends calling app_main. Re-set timeout is needed due to WDT uses a SLOW_CLK clock source. After changing a frequency slow_clk a time of WDT needs to re-set for new frequency. - slow_clk depends on ESP32_RTC_CLC_SRC (INTERNAL_RC or EXTERNAL_CRYSTAL). + slow_clk depends on ESP32_RTC_CLK_SRC (INTERNAL_RC or EXTERNAL_CRYSTAL). config BOOTLOADER_WDT_DISABLE_IN_USER_CODE bool "Allows RTC watchdog disable in user code" @@ -163,7 +163,7 @@ menu "Bootloader config" - these options can increase the execution time. Note: RTC_WDT will reset while encryption operations will be performed. - config APP_ROLLBACK_ENABLE + config BOOTLOADER_APP_ROLLBACK_ENABLE bool "Enable app rollback support" default n help @@ -175,22 +175,22 @@ menu "Bootloader config" Note: If during the first boot a new app the power goes out or the WDT works, then roll back will happen. Rollback is possible only between the apps with the same security versions. - config APP_ANTI_ROLLBACK + config BOOTLOADER_APP_ANTI_ROLLBACK bool "Enable app anti-rollback support" - depends on APP_ROLLBACK_ENABLE + depends on BOOTLOADER_APP_ROLLBACK_ENABLE default n help This option prevents rollback to previous firmware/application image with lower security version. - config APP_SECURE_VERSION + config BOOTLOADER_APP_SECURE_VERSION int "eFuse secure version of app" - depends on APP_ANTI_ROLLBACK + depends on BOOTLOADER_APP_ANTI_ROLLBACK default 0 help The secure version is the sequence number stored in the header of each firmware. The security version is set in the bootloader, version is recorded in the eFuse field as the number of set ones. The allocated number of bits in the efuse field - for storing the security version is limited (see APP_SECURE_VERSION_SIZE_EFUSE_FIELD option). + for storing the security version is limited (see BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD option). Bootloader: When bootloader selects an app to boot, an app is selected that has a security version greater or equal that recorded in eFuse field. @@ -201,19 +201,19 @@ menu "Bootloader config" Your partition table should has a scheme with ota_0 + ota_1 (without factory). - config APP_SECURE_VERSION_SIZE_EFUSE_FIELD + config BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD int "Size of the efuse secure version field" - depends on APP_ANTI_ROLLBACK + depends on BOOTLOADER_APP_ANTI_ROLLBACK range 1 32 default 32 help The size of the efuse secure version field. Its length is limited to 32 bits. This determines how many times the security version can be increased. - config EFUSE_SECURE_VERSION_EMULATE + config BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE bool "Emulate operations with efuse secure version(only test)" default n - depends on APP_ANTI_ROLLBACK + depends on BOOTLOADER_APP_ANTI_ROLLBACK help This option allow emulate read/write operations with efuse secure version. It allow to test anti-rollback implemention without permanent write eFuse bits. @@ -400,7 +400,7 @@ menu "Security features" Refer to https://docs.espressif.com/projects/esp-idf/en/latest/security/secure-boot.html before enabling. - config FLASH_ENCRYPTION_ENABLED + config SECURE_FLASH_ENC_ENABLED bool "Enable flash encryption on boot (READ DOCS FIRST)" default N help @@ -411,9 +411,9 @@ menu "Security features" Read https://docs.espressif.com/projects/esp-idf/en/latest/security/flash-encryption.html before enabling. - config FLASH_ENCRYPTION_INSECURE + config SECURE_FLASH_ENC_INSECURE bool "Allow potentially insecure options" - depends on FLASH_ENCRYPTION_ENABLED + depends on SECURE_FLASH_ENC_ENABLED default N help You can disable some of the default protections offered by flash encryption, in order to enable testing or @@ -425,17 +425,17 @@ menu "Security features" https://docs.espressif.com/projects/esp-idf/en/latest/security/flash-encryption.html for details. menu "Potentially insecure options" - visible if FLASH_ENCRYPTION_INSECURE || SECURE_BOOT_INSECURE + visible if SECURE_FLASH_ENC_INSECURE || SECURE_BOOT_INSECURE # NOTE: Options in this menu NEED to have SECURE_BOOT_INSECURE - # and/or FLASH_ENCRYPTION_INSECURE in "depends on", as the menu + # and/or SECURE_FLASH_ENC_INSECURE in "depends on", as the menu # itself doesn't enable/disable its children (if it's not set, # it's possible for the insecure menu to be disabled but the insecure option # to remain on which is very bad.) config SECURE_BOOT_ALLOW_ROM_BASIC bool "Leave ROM BASIC Interpreter available on reset" - depends on SECURE_BOOT_INSECURE || FLASH_ENCRYPTION_INSECURE + depends on SECURE_BOOT_INSECURE || SECURE_FLASH_ENC_INSECURE default N help By default, the BASIC ROM Console starts on reset if no valid bootloader is @@ -449,7 +449,7 @@ menu "Security features" config SECURE_BOOT_ALLOW_JTAG bool "Allow JTAG Debugging" - depends on SECURE_BOOT_INSECURE || FLASH_ENCRYPTION_INSECURE + depends on SECURE_BOOT_INSECURE || SECURE_FLASH_ENC_INSECURE default N help If not set (default), the bootloader will permanently disable JTAG (across entire chip) on first boot @@ -474,9 +474,9 @@ menu "Security features" image to this length. It is generally not recommended to set this option, unless you have a legacy partitioning scheme which doesn't support 64KB aligned partition lengths. - config FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_ENCRYPT + config SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC bool "Leave UART bootloader encryption enabled" - depends on FLASH_ENCRYPTION_INSECURE + depends on SECURE_FLASH_ENC_INSECURE default N help If not set (default), the bootloader will permanently disable UART bootloader encryption access on @@ -484,9 +484,9 @@ menu "Security features" It is recommended to only set this option in testing environments. - config FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_DECRYPT + config SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC bool "Leave UART bootloader decryption enabled" - depends on FLASH_ENCRYPTION_INSECURE + depends on SECURE_FLASH_ENC_INSECURE default N help If not set (default), the bootloader will permanently disable UART bootloader decryption access on @@ -495,9 +495,9 @@ menu "Security features" Only set this option in testing environments. Setting this option allows complete bypass of flash encryption. - config FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_CACHE + config SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE bool "Leave UART bootloader flash cache enabled" - depends on FLASH_ENCRYPTION_INSECURE + depends on SECURE_FLASH_ENC_INSECURE default N help If not set (default), the bootloader will permanently disable UART bootloader flash cache access on diff --git a/components/bootloader/sdkconfig.rename b/components/bootloader/sdkconfig.rename new file mode 100644 index 0000000000..b28f9335d3 --- /dev/null +++ b/components/bootloader/sdkconfig.rename @@ -0,0 +1,22 @@ +# sdkconfig replacement configurations for deprecated options formatted as +# CONFIG_DEPRECATED_OPTION CONFIG_NEW_OPTION + +CONFIG_LOG_BOOTLOADER_LEVEL CONFIG_BOOTLOADER_LOG_LEVEL +CONFIG_LOG_BOOTLOADER_LEVEL_NONE CONFIG_BOOTLOADER_LOG_LEVEL_NONE +CONFIG_LOG_BOOTLOADER_LEVEL_ERROR CONFIG_BOOTLOADER_LOG_LEVEL_ERROR +CONFIG_LOG_BOOTLOADER_LEVEL_WARN CONFIG_BOOTLOADER_LOG_LEVEL_WARN +CONFIG_LOG_BOOTLOADER_LEVEL_INFO CONFIG_BOOTLOADER_LOG_LEVEL_INFO +CONFIG_LOG_BOOTLOADER_LEVEL_DEBUG CONFIG_BOOTLOADER_LOG_LEVEL_DEBUG +CONFIG_LOG_BOOTLOADER_LEVEL_VERBOSE CONFIG_BOOTLOADER_LOG_LEVEL_VERBOSE + +CONFIG_APP_ROLLBACK_ENABLE CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE +CONFIG_APP_ANTI_ROLLBACK CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK +CONFIG_APP_SECURE_VERSION CONFIG_BOOTLOADER_APP_SECURE_VERSION +CONFIG_APP_SECURE_VERSION_SIZE_EFUSE_FIELD CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD +CONFIG_EFUSE_SECURE_VERSION_EMULATE CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE + +CONFIG_FLASH_ENCRYPTION_ENABLED CONFIG_SECURE_FLASH_ENC_ENABLED +CONFIG_FLASH_ENCRYPTION_INSECURE CONFIG_SECURE_FLASH_ENC_INSECURE +CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_ENCRYPT CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC +CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_DECRYPT CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC +CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_CACHE CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE diff --git a/components/bootloader_support/src/bootloader_utility.c b/components/bootloader_support/src/bootloader_utility.c index 8a5a501bfb..d355531810 100644 --- a/components/bootloader_support/src/bootloader_utility.c +++ b/components/bootloader_support/src/bootloader_utility.c @@ -169,7 +169,7 @@ bool bootloader_utility_load_partition_table(bootloader_state_t* bs) break; case PART_SUBTYPE_DATA_EFUSE_EM: partition_usage = "efuse"; -#ifdef CONFIG_EFUSE_SECURE_VERSION_EMULATE +#ifdef CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE esp_efuse_init(partition->pos.offset, partition->pos.size); #endif break; @@ -243,7 +243,7 @@ static esp_err_t write_otadata(esp_ota_select_entry_t *otadata, uint32_t offset, static bool check_anti_rollback(const esp_partition_pos_t *partition) { -#ifdef CONFIG_APP_ANTI_ROLLBACK +#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK esp_app_desc_t app_desc; esp_err_t err = bootloader_common_get_partition_description(partition, &app_desc); return err == ESP_OK && esp_efuse_check_secure_version(app_desc.secure_version) == true; @@ -252,7 +252,7 @@ static bool check_anti_rollback(const esp_partition_pos_t *partition) #endif } -#ifdef CONFIG_APP_ANTI_ROLLBACK +#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK static void update_anti_rollback(const esp_partition_pos_t *partition) { esp_app_desc_t app_desc; @@ -306,7 +306,7 @@ int bootloader_utility_get_selected_boot_partition(const bootloader_state_t *bs) ESP_LOGD(TAG, "otadata[0]: sequence values 0x%08x", otadata[0].ota_seq); ESP_LOGD(TAG, "otadata[1]: sequence values 0x%08x", otadata[1].ota_seq); -#ifdef CONFIG_APP_ROLLBACK_ENABLE +#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE bool write_encrypted = esp_flash_encryption_enabled(); for (int i = 0; i < 2; ++i) { if (otadata[i].ota_state == ESP_OTA_IMG_PENDING_VERIFY) { @@ -317,7 +317,7 @@ int bootloader_utility_get_selected_boot_partition(const bootloader_state_t *bs) } #endif -#ifndef CONFIG_APP_ANTI_ROLLBACK +#ifndef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK if ((bootloader_common_ota_select_invalid(&otadata[0]) && bootloader_common_ota_select_invalid(&otadata[1])) || bs->app_count == 0) { @@ -341,7 +341,7 @@ int bootloader_utility_get_selected_boot_partition(const bootloader_state_t *bs) #else ESP_LOGI(TAG, "Enabled a check secure version of app for anti rollback"); ESP_LOGI(TAG, "Secure version (from eFuse) = %d", esp_efuse_read_secure_version()); - // When CONFIG_APP_ANTI_ROLLBACK is enabled factory partition should not be in partition table, only two ota_app are there. + // When CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK is enabled factory partition should not be in partition table, only two ota_app are there. if ((otadata[0].ota_seq == UINT32_MAX || otadata[0].crc != bootloader_common_ota_select_crc(&otadata[0])) && (otadata[1].ota_seq == UINT32_MAX || otadata[1].crc != bootloader_common_ota_select_crc(&otadata[1]))) { ESP_LOGI(TAG, "otadata[0..1] in initial state"); @@ -356,19 +356,19 @@ int bootloader_utility_get_selected_boot_partition(const bootloader_state_t *bs) uint32_t ota_seq = otadata[active_otadata].ota_seq - 1; // Raw OTA sequence number. May be more than # of OTA slots boot_index = ota_seq % bs->app_count; // Actual OTA partition selection ESP_LOGD(TAG, "Mapping seq %d -> OTA slot %d", ota_seq, boot_index); -#ifdef CONFIG_APP_ROLLBACK_ENABLE +#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE if (otadata[active_otadata].ota_state == ESP_OTA_IMG_NEW) { ESP_LOGD(TAG, "otadata[%d] is selected as new and marked PENDING_VERIFY state", active_otadata); otadata[active_otadata].ota_state = ESP_OTA_IMG_PENDING_VERIFY; write_otadata(&otadata[active_otadata], bs->ota_info.offset + FLASH_SECTOR_SIZE * active_otadata, write_encrypted); } -#endif // CONFIG_APP_ROLLBACK_ENABLE +#endif // CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE -#ifdef CONFIG_APP_ANTI_ROLLBACK +#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK if(otadata[active_otadata].ota_state == ESP_OTA_IMG_VALID) { update_anti_rollback(&bs->ota[boot_index]); } -#endif // CONFIG_APP_ANTI_ROLLBACK +#endif // CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK } else if (bs->factory.offset != 0) { ESP_LOGE(TAG, "ota data partition invalid, falling back to factory"); @@ -414,7 +414,7 @@ static void set_actual_ota_seq(const bootloader_state_t *bs, int index) bool write_encrypted = esp_flash_encryption_enabled(); write_otadata(&otadata, bs->ota_info.offset + FLASH_SECTOR_SIZE * 0, write_encrypted); ESP_LOGI(TAG, "Set actual ota_seq=%d in otadata[0]", otadata.ota_seq); -#ifdef CONFIG_APP_ANTI_ROLLBACK +#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK update_anti_rollback(&bs->ota[index]); #endif } @@ -521,7 +521,7 @@ static void load_image(const esp_image_metadata_t* image_data) * then Step 6 enables secure boot. */ -#if defined(CONFIG_SECURE_BOOT_ENABLED) || defined(CONFIG_FLASH_ENCRYPTION_ENABLED) +#if defined(CONFIG_SECURE_BOOT_ENABLED) || defined(CONFIG_SECURE_FLASH_ENC_ENABLED) esp_err_t err; #endif @@ -537,7 +537,7 @@ static void load_image(const esp_image_metadata_t* image_data) } #endif -#ifdef CONFIG_FLASH_ENCRYPTION_ENABLED +#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED /* Steps 3, 4 & 5 (see above for full description): * 3) Generate flash encryption EFUSE key * 4) Encrypt flash contents @@ -566,7 +566,7 @@ static void load_image(const esp_image_metadata_t* image_data) } #endif -#ifdef CONFIG_FLASH_ENCRYPTION_ENABLED +#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED if (!flash_encryption_enabled && esp_flash_encryption_enabled()) { /* Flash encryption was just enabled for the first time, so issue a system reset to ensure flash encryption diff --git a/components/bootloader_support/src/esp32/flash_encrypt.c b/components/bootloader_support/src/esp32/flash_encrypt.c index 6ca9182113..54f82327b8 100644 --- a/components/bootloader_support/src/esp32/flash_encrypt.c +++ b/components/bootloader_support/src/esp32/flash_encrypt.c @@ -114,19 +114,19 @@ static esp_err_t initialise_flash_encryption(void) esp_efuse_burn_new_values(); uint32_t new_wdata6 = 0; -#ifndef CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_ENCRYPT +#ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC ESP_LOGI(TAG, "Disable UART bootloader encryption..."); new_wdata6 |= EFUSE_DISABLE_DL_ENCRYPT; #else ESP_LOGW(TAG, "Not disabling UART bootloader encryption"); #endif -#ifndef CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_DECRYPT +#ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC ESP_LOGI(TAG, "Disable UART bootloader decryption..."); new_wdata6 |= EFUSE_DISABLE_DL_DECRYPT; #else ESP_LOGW(TAG, "Not disabling UART bootloader decryption - SECURITY COMPROMISED"); #endif -#ifndef CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_CACHE +#ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE ESP_LOGI(TAG, "Disable UART bootloader MMU cache..."); new_wdata6 |= EFUSE_DISABLE_DL_CACHE; #else diff --git a/components/bt/bluedroid/common/include/common/bt_trace.h b/components/bt/bluedroid/common/include/common/bt_trace.h index 7c4f25a51f..a0dbf9bc72 100644 --- a/components/bt/bluedroid/common/include/common/bt_trace.h +++ b/components/bt/bluedroid/common/include/common/bt_trace.h @@ -29,7 +29,7 @@ #ifndef BOOTLOADER_BUILD #define LOG_LOCAL_LEVEL CONFIG_LOG_DEFAULT_LEVEL #else -#define LOG_LOCAL_LEVEL CONFIG_LOG_BOOTLOADER_LEVEL +#define LOG_LOCAL_LEVEL CONFIG_BOOTLOADER_LOG_LEVEL #endif #endif diff --git a/components/efuse/include/esp_efuse.h b/components/efuse/include/esp_efuse.h index 68f8491e49..b2afdbd9a6 100644 --- a/components/efuse/include/esp_efuse.h +++ b/components/efuse/include/esp_efuse.h @@ -347,7 +347,7 @@ esp_err_t esp_efuse_update_secure_version(uint32_t secure_version); /* @brief Initializes variables: offset and size to simulate the work of an eFuse. * - * Note: To simulate the work of an eFuse need to set CONFIG_EFUSE_SECURE_VERSION_EMULATE option + * Note: To simulate the work of an eFuse need to set CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE option * and to add in the partition.csv file a line `efuse_em, data, efuse, , 0x2000,`. * * @param[in] offset The starting address of the partition where the eFuse data will be located. diff --git a/components/efuse/src/esp_efuse_fields.c b/components/efuse/src/esp_efuse_fields.c index 15b41b7283..f9cb977998 100644 --- a/components/efuse/src/esp_efuse_fields.c +++ b/components/efuse/src/esp_efuse_fields.c @@ -117,7 +117,7 @@ void esp_efuse_write_random_key(uint32_t blk_wdata0_reg) bzero(raw, sizeof(raw)); } -#ifdef CONFIG_EFUSE_SECURE_VERSION_EMULATE +#ifdef CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE #include "../include_bootloader/bootloader_flash.h" #include "esp_flash_encrypt.h" @@ -172,25 +172,25 @@ static void emulate_secure_version_write(uint32_t secure_version) uint32_t esp_efuse_read_secure_version() { -#ifdef CONFIG_APP_ANTI_ROLLBACK +#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK uint32_t secure_version; -#ifdef CONFIG_EFUSE_SECURE_VERSION_EMULATE +#ifdef CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE secure_version = emulate_secure_version_read(); #else secure_version = REG_READ(EFUSE_BLK_RD_ANTI_ROLLBACK); -#endif // CONFIG_EFUSE_SECURE_VERSION_EMULATE +#endif // CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE - return __builtin_popcount(secure_version & ((1ULL << CONFIG_APP_SECURE_VERSION_SIZE_EFUSE_FIELD) - 1)); + return __builtin_popcount(secure_version & ((1ULL << CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD) - 1)); #else return 0; #endif } -#ifdef CONFIG_APP_ANTI_ROLLBACK +#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK static void write_anti_rollback(uint32_t new_bits) { -#ifdef CONFIG_EFUSE_SECURE_VERSION_EMULATE +#ifdef CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE emulate_secure_version_write(new_bits); #else esp_efuse_reset(); @@ -208,12 +208,12 @@ bool esp_efuse_check_secure_version(uint32_t secure_version) esp_err_t esp_efuse_update_secure_version(uint32_t secure_version) { -#ifdef CONFIG_APP_ANTI_ROLLBACK - if (CONFIG_APP_SECURE_VERSION_SIZE_EFUSE_FIELD < secure_version) { - ESP_LOGE(TAG, "Max secure version is %d. Given %d version can not be written.", CONFIG_APP_SECURE_VERSION_SIZE_EFUSE_FIELD, secure_version); +#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK + if (CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD < secure_version) { + ESP_LOGE(TAG, "Max secure version is %d. Given %d version can not be written.", CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD, secure_version); return ESP_ERR_INVALID_ARG; } -#ifndef CONFIG_EFUSE_SECURE_VERSION_EMULATE +#ifndef CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE uint32_t coding_scheme = REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_CODING_SCHEME_M; if (coding_scheme != EFUSE_CODING_SCHEME_VAL_NONE) { ESP_LOGE(TAG, "Anti rollback is not supported with a 3/4 coding scheme."); diff --git a/components/esp32/cpu_start.c b/components/esp32/cpu_start.c index b8c4d86a90..f4bac3bb2b 100644 --- a/components/esp32/cpu_start.c +++ b/components/esp32/cpu_start.c @@ -185,7 +185,7 @@ void IRAM_ATTR call_start_cpu0() #ifndef CONFIG_APP_EXCLUDE_PROJECT_VER_VAR ESP_EARLY_LOGI(TAG, "App version: %s", app_desc->version); #endif -#ifdef CONFIG_APP_SECURE_VERSION +#ifdef CONFIG_BOOTLOADER_APP_SECURE_VERSION ESP_EARLY_LOGI(TAG, "Secure version: %d", app_desc->secure_version); #endif #ifdef CONFIG_APP_COMPILE_TIME_DATE @@ -520,7 +520,7 @@ static void main_task(void* args) #ifndef CONFIG_BOOTLOADER_WDT_DISABLE_IN_USER_CODE rtc_wdt_disable(); #endif -#ifdef CONFIG_EFUSE_SECURE_VERSION_EMULATE +#ifdef CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE const esp_partition_t *efuse_partition = esp_partition_find_first(ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_EFUSE_EM, NULL); if (efuse_partition) { esp_efuse_init(efuse_partition->address, efuse_partition->size); diff --git a/components/esptool_py/project_include.cmake b/components/esptool_py/project_include.cmake index 12c2b84d75..d6c888f437 100644 --- a/components/esptool_py/project_include.cmake +++ b/components/esptool_py/project_include.cmake @@ -13,7 +13,7 @@ set(ESPFLASHSIZE ${CONFIG_ESPTOOLPY_FLASHSIZE}) set(ESPTOOLPY_BEFORE "${CONFIG_ESPTOOLPY_BEFORE}") set(ESPTOOLPY_AFTER "${CONFIG_ESPTOOLPY_AFTER}") -if(CONFIG_SECURE_BOOT_ENABLED OR CONFIG_FLASH_ENCRYPTION_ENABLED) +if(CONFIG_SECURE_BOOT_ENABLED OR CONFIG_SECURE_FLASH_ENC_ENABLED) # If security enabled then override post flash option set(ESPTOOLPY_AFTER "no_reset") endif() @@ -191,4 +191,4 @@ function(esptool_py_flash_project_args entry offset image) list(APPEND flash_project_args_json "\"${offset}\" : \"${image}\"") set_property(TARGET flash_project_args_target PROPERTY FLASH_PROJECT_ARGS_JSON "${flash_project_args_json}") endif() -endfunction() \ No newline at end of file +endfunction() diff --git a/components/log/include/esp_log.h b/components/log/include/esp_log.h index 82acd6e1fc..21ebbdf236 100644 --- a/components/log/include/esp_log.h +++ b/components/log/include/esp_log.h @@ -114,7 +114,7 @@ void esp_log_write(esp_log_level_t level, const char* tag, const char* format, . #ifndef BOOTLOADER_BUILD #define LOG_LOCAL_LEVEL CONFIG_LOG_DEFAULT_LEVEL #else -#define LOG_LOCAL_LEVEL CONFIG_LOG_BOOTLOADER_LEVEL +#define LOG_LOCAL_LEVEL CONFIG_BOOTLOADER_LOG_LEVEL #endif #endif diff --git a/components/nvs_flash/Kconfig b/components/nvs_flash/Kconfig index 080c410cd7..0ae533d4ca 100644 --- a/components/nvs_flash/Kconfig +++ b/components/nvs_flash/Kconfig @@ -3,7 +3,7 @@ menu NVS config NVS_ENCRYPTION bool "Enable NVS encryption" default n - depends on FLASH_ENCRYPTION_ENABLED + depends on SECURE_FLASH_ENC_ENABLED help This option enables encryption for NVS. When enabled, AES-XTS is used to encrypt the complete NVS data, except the page headers. It requires XTS encryption keys diff --git a/components/partition_table/CMakeLists.txt b/components/partition_table/CMakeLists.txt index 6fe75a660e..d94e3e162f 100644 --- a/components/partition_table/CMakeLists.txt +++ b/components/partition_table/CMakeLists.txt @@ -77,7 +77,7 @@ endif() # If anti-rollback option is set then factory partition should not be in Partition Table. # In this case, should be used the partition table with two ota app without the factory. partition_table_get_partition_info(factory_offset "--partition-type app --partition-subtype factory" "offset") -if(CONFIG_APP_ANTI_ROLLBACK AND factory_offset) +if(CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK AND factory_offset) fail_at_build_time(check_table_contents "ERROR: Anti-rollback option is enabled. Partition table should consist of two ota app without factory partition.") add_dependencies(bootloader check_table_contents) diff --git a/components/partition_table/Makefile.projbuild b/components/partition_table/Makefile.projbuild index 57aeca2b93..1785ad811e 100644 --- a/components/partition_table/Makefile.projbuild +++ b/components/partition_table/Makefile.projbuild @@ -82,7 +82,7 @@ export OTA_DATA_SIZE # If anti-rollback option is set then factory partition should not be in Partition Table. # In this case, should be used the partition table with two ota app without the factory. check_table_contents: partition_table_get_info - @echo $(if $(CONFIG_APP_ANTI_ROLLBACK), $(if $(FACTORY_OFFSET), $(error "ERROR: Anti-rollback option is enabled. Partition table should consist of two ota app without factory partition."), ""), "") + @echo $(if $(CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK), $(if $(FACTORY_OFFSET), $(error "ERROR: Anti-rollback option is enabled. Partition table should consist of two ota app without factory partition."), ""), "") PARTITION_TABLE_FLASH_CMD = $(ESPTOOLPY_SERIAL) write_flash $(PARTITION_TABLE_OFFSET) $(PARTITION_TABLE_BIN) ESPTOOL_ALL_FLASH_ARGS += $(PARTITION_TABLE_OFFSET) $(PARTITION_TABLE_BIN) diff --git a/components/spi_flash/partition.c b/components/spi_flash/partition.c index a77195bbc3..5aa99a36ab 100644 --- a/components/spi_flash/partition.c +++ b/components/spi_flash/partition.c @@ -243,7 +243,7 @@ esp_err_t esp_partition_read(const esp_partition_t* partition, if (!partition->encrypted) { return spi_flash_read(partition->address + src_offset, dst, size); } else { -#if CONFIG_FLASH_ENCRYPTION_ENABLED +#if CONFIG_SECURE_FLASH_ENC_ENABLED /* Encrypted partitions need to be read via a cache mapping */ const void *buf; spi_flash_mmap_handle_t handle; @@ -259,7 +259,7 @@ esp_err_t esp_partition_read(const esp_partition_t* partition, return ESP_OK; #else return ESP_ERR_NOT_SUPPORTED; -#endif // CONFIG_FLASH_ENCRYPTION_ENABLED +#endif // CONFIG_SECURE_FLASH_ENC_ENABLED } } @@ -277,11 +277,11 @@ esp_err_t esp_partition_write(const esp_partition_t* partition, if (!partition->encrypted) { return spi_flash_write(dst_offset, src, size); } else { -#if CONFIG_FLASH_ENCRYPTION_ENABLED +#if CONFIG_SECURE_FLASH_ENC_ENABLED return spi_flash_write_encrypted(dst_offset, src, size); #else return ESP_ERR_NOT_SUPPORTED; -#endif // CONFIG_FLASH_ENCRYPTION_ENABLED +#endif // CONFIG_SECURE_FLASH_ENC_ENABLED } } diff --git a/docs/en/api-reference/system/ota.rst b/docs/en/api-reference/system/ota.rst index 95b0b32a0b..50938a3776 100644 --- a/docs/en/api-reference/system/ota.rst +++ b/docs/en/api-reference/system/ota.rst @@ -41,7 +41,7 @@ The main purpose of the application rollback is to keep the device working after * The application works fine, :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` marks the running application with the state ``ESP_OTA_IMG_VALID``. There are no restrictions on booting this application. * The application has critical errors and further work is not possible, a rollback to the previous application is required, :cpp:func:`esp_ota_mark_app_invalid_rollback_and_reboot` marks the running application with the state ``ESP_OTA_IMG_INVALID`` and reset. This application will not be selected by the bootloader for boot and will boot the previously working application. -* If the :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is set, and occur a reset without calling either function then happend and is rolled back. +* If the :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is set, and occur a reset without calling either function then happend and is rolled back. Note: The state is not written to the binary image of the application it is written to the ``otadata`` partition. The partition contains a ``ota_seq`` counter which is a pointer to the slot (ota_0, ota_1, ...) from which the application will be selected for boot. @@ -61,23 +61,24 @@ States control the process of selecting a boot app: +-----------------------------+--------------------------------------------------------+ | ESP_OTA_IMG_ABORTED | Will not be selected. | +-----------------------------+--------------------------------------------------------+ -| ESP_OTA_IMG_NEW | If :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is set | -| | it will be selected only once. In bootloader the state | -| | immediately changes to ``ESP_OTA_IMG_PENDING_VERIFY``. | +| ESP_OTA_IMG_NEW | If :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option | +| | is set it will be selected only once. In bootloader | +| | the state immediately changes to | +| | ``ESP_OTA_IMG_PENDING_VERIFY``. | +-----------------------------+--------------------------------------------------------+ -| ESP_OTA_IMG_PENDING_VERIFY | If :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is set | -| | it will not be selected and the state will change to | -| | ``ESP_OTA_IMG_ABORTED``. | +| ESP_OTA_IMG_PENDING_VERIFY | If :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option | +| | is set it will not be selected and the state will | +| | change to ``ESP_OTA_IMG_ABORTED``. | +-----------------------------+--------------------------------------------------------+ -If :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is not enabled (by default), then the use of the following functions :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` and :cpp:func:`esp_ota_mark_app_invalid_rollback_and_reboot` are optional, and ``ESP_OTA_IMG_NEW`` and ``ESP_OTA_IMG_PENDING_VERIFY`` states are not used. +If :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is not enabled (by default), then the use of the following functions :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` and :cpp:func:`esp_ota_mark_app_invalid_rollback_and_reboot` are optional, and ``ESP_OTA_IMG_NEW`` and ``ESP_OTA_IMG_PENDING_VERIFY`` states are not used. -An option in Kconfig :ref:`CONFIG_APP_ROLLBACK_ENABLE` allows you to track the first boot of a new application. In this case, the application must confirm its operability by calling :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` function, otherwise the application will be rolled back upon reboot. It allows you to control the operability of the application during the boot phase. Thus, a new application has only one attempt to boot successfully. +An option in Kconfig :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` allows you to track the first boot of a new application. In this case, the application must confirm its operability by calling :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` function, otherwise the application will be rolled back upon reboot. It allows you to control the operability of the application during the boot phase. Thus, a new application has only one attempt to boot successfully. Rollback Process ^^^^^^^^^^^^^^^^ -The description of the rollback process when :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is enabled: +The description of the rollback process when :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is enabled: * The new application successfully downloaded and :cpp:func:`esp_ota_set_boot_partition` function makes this partition bootable and sets the state ``ESP_OTA_IMG_NEW``. This state means that the application is new and should be monitored for its first boot. * Reboot :cpp:func:`esp_restart`. @@ -115,11 +116,12 @@ Where the states are set A brief description of where the states are set: * ``ESP_OTA_IMG_VALID`` state is set by :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` function. -* ``ESP_OTA_IMG_UNDEFINED`` state is set by :cpp:func:`esp_ota_set_boot_partition` function if :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is not enabled. -* ``ESP_OTA_IMG_NEW`` state is set by :cpp:func:`esp_ota_set_boot_partition` function if :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is enabled. +* ``ESP_OTA_IMG_UNDEFINED`` state is set by :cpp:func:`esp_ota_set_boot_partition` function if :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is not enabled. +* ``ESP_OTA_IMG_NEW`` state is set by :cpp:func:`esp_ota_set_boot_partition` function if + :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is enabled. * ``ESP_OTA_IMG_INVALID`` state is set by :cpp:func:`esp_ota_mark_app_invalid_rollback_and_reboot` function. -* ``ESP_OTA_IMG_ABORTED`` state is set if there was no confirmation of the application operability and occurs reboots (if :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is enabled). -* ``ESP_OTA_IMG_PENDING_VERIFY`` state is set in a bootloader if :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is enabled and selected app has ``ESP_OTA_IMG_NEW`` state. +* ``ESP_OTA_IMG_ABORTED`` state is set if there was no confirmation of the application operability and occurs reboots (if :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is enabled). +* ``ESP_OTA_IMG_PENDING_VERIFY`` state is set in a bootloader if :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is enabled and selected app has ``ESP_OTA_IMG_NEW`` state. .. _anti-rollback: @@ -128,10 +130,10 @@ Anti-rollback Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. -This function works if set :ref:`CONFIG_APP_ANTI_ROLLBACK` option. In the bootloader, when selecting a bootable application, an additional security version check is added which is on the chip and in the application image. The version in the bootable firmware must be greater than or equal to the version in the chip. +This function works if set :ref:`CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK` option. In the bootloader, when selecting a bootable application, an additional security version check is added which is on the chip and in the application image. The version in the bootable firmware must be greater than or equal to the version in the chip. -:ref:`CONFIG_APP_ANTI_ROLLBACK` and :ref:`CONFIG_APP_ROLLBACK_ENABLE` options are used together. In this case, rollback is possible only on the security version which is equal or higher than the version in the chip. +:ref:`CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK` and :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` options are used together. In this case, rollback is possible only on the security version which is equal or higher than the version in the chip. A typical anti-rollback scheme is @@ -180,13 +182,14 @@ If you want to avoid the download/erase overhead in case of the app from the ser Restrictions: -- The number of bits in the ``secure_version`` field is limited to 32 bits. This means that only 32 times you can do an anti-rollback. You can reduce the length of this efuse field use :ref:`CONFIG_APP_SECURE_VERSION_SIZE_EFUSE_FIELD` option. +- The number of bits in the ``secure_version`` field is limited to 32 bits. This means that only 32 times you can do an anti-rollback. You can reduce the length of this efuse field use :ref:`CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD` option. - Anti-rollback only works if the encoding scheme for efuse is set to ``NONE``. - The partition table should not have a factory partition, only two of the app. ``security_version``: -- In application image it is stored in ``esp_app_desc`` structure. The number is set :ref:`CONFIG_APP_SECURE_VERSION`. +- In application image it is stored in ``esp_app_desc`` structure. The number is set + :ref:`CONFIG_BOOTLOADER_APP_SECURE_VERSION`. - In ESP32 it is stored in efuse ``EFUSE_BLK3_RDATA4_REG``. (when a eFuse bit is programmed to 1, it can never be reverted to 0). The number of bits set in this register is the ``security_version`` from app. .. _secure-ota-updates: diff --git a/docs/en/security/secure-boot.rst b/docs/en/security/secure-boot.rst index 79baa87255..9a6f8a933a 100644 --- a/docs/en/security/secure-boot.rst +++ b/docs/en/security/secure-boot.rst @@ -68,7 +68,7 @@ If the bootloader becomes too large, the ESP32 will fail to boot - errors will b Options to work around this are: -- Reduce :ref:`bootloader log level `. Setting log level to Warning, Error or None all significantly reduce the final binary size (but may make it harder to debug). +- Reduce :ref:`bootloader log level `. Setting log level to Warning, Error or None all significantly reduce the final binary size (but may make it harder to debug). - Set :ref:`partition table offset ` to a higher value than 0x8000, to place the partition table later in the flash. This increases the space available for the bootloader. If the :doc:`partition table ` CSV file contains explicit partition offsets, they will need changing so no partition has an offset lower than ``CONFIG_PARTITION_TABLE_OFFSET + 0x1000``. (This includes the default partition CSV files supplied with ESP-IDF.) .. _secure-boot-howto: diff --git a/examples/ethernet/iperf/sdkconfig.defaults b/examples/ethernet/iperf/sdkconfig.defaults index 0ffd261a0d..2457a43847 100644 --- a/examples/ethernet/iperf/sdkconfig.defaults +++ b/examples/ethernet/iperf/sdkconfig.defaults @@ -1,6 +1,6 @@ # Reduce bootloader log verbosity -CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y -CONFIG_LOG_BOOTLOADER_LEVEL=2 +CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y +CONFIG_BOOTLOADER_LOG_LEVEL=2 # Increase main task stack size CONFIG_ESP_MAIN_TASK_STACK_SIZE=7168 diff --git a/examples/peripherals/i2c/i2c_tools/sdkconfig.defaults b/examples/peripherals/i2c/i2c_tools/sdkconfig.defaults index b77f0bbdd6..2d3564c649 100644 --- a/examples/peripherals/i2c/i2c_tools/sdkconfig.defaults +++ b/examples/peripherals/i2c/i2c_tools/sdkconfig.defaults @@ -1,6 +1,6 @@ # Reduce bootloader log verbosity -CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y -CONFIG_LOG_BOOTLOADER_LEVEL=2 +CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y +CONFIG_BOOTLOADER_LOG_LEVEL=2 # Increase main task stack size CONFIG_ESP_MAIN_TASK_STACK_SIZE=7168 diff --git a/examples/system/console/sdkconfig.defaults b/examples/system/console/sdkconfig.defaults index d485f3ce75..5e4c72ae84 100644 --- a/examples/system/console/sdkconfig.defaults +++ b/examples/system/console/sdkconfig.defaults @@ -1,6 +1,6 @@ # Reduce bootloader log verbosity -CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y -CONFIG_LOG_BOOTLOADER_LEVEL=2 +CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y +CONFIG_BOOTLOADER_LOG_LEVEL=2 # Increase main task stack size CONFIG_ESP_MAIN_TASK_STACK_SIZE=7168 diff --git a/examples/system/ota/README.md b/examples/system/ota/README.md index 5d1db1a801..4f692d98f5 100644 --- a/examples/system/ota/README.md +++ b/examples/system/ota/README.md @@ -117,8 +117,8 @@ When the example starts up, it will print "Starting OTA example..." then: ## Support the rollback -This feature allows you to roll back to the previous firmware if the app is not operable. Option :ref:`CONFIG_APP_ROLLBACK_ENABLE` allows you to track the first boot of the application (see the``Over The Air Updates (OTA)`` article). -For ``native_ota_example``, added a bit of code to demonstrate how a rollback works. To use it, you need enable the :ref:`CONFIG_APP_ROLLBACK_ENABLE` option in Kconfig and under the "Example Configuration" submenu to set "Number of the GPIO input for diagnostic" to manage the rollback process. +This feature allows you to roll back to the previous firmware if the app is not operable. Option :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` allows you to track the first boot of the application (see the``Over The Air Updates (OTA)`` article). +For ``native_ota_example``, added a bit of code to demonstrate how a rollback works. To use it, you need enable the :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option in Kconfig and under the "Example Configuration" submenu to set "Number of the GPIO input for diagnostic" to manage the rollback process. To trigger a rollback, this GPIO must be pulled low while the message `Diagnostics (5 sec)...` which will be on first boot. If GPIO is not pulled low then the operable of the app will be confirmed. diff --git a/examples/system/ulp/sdkconfig.defaults b/examples/system/ulp/sdkconfig.defaults index 1ef03d0e6c..a5e2b8ccd7 100644 --- a/examples/system/ulp/sdkconfig.defaults +++ b/examples/system/ulp/sdkconfig.defaults @@ -2,7 +2,7 @@ CONFIG_ESP32_ULP_COPROC_ENABLED=y CONFIG_ESP32_ULP_COPROC_RESERVE_MEM=1024 # Set log level to Warning to produce clean output -CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y -CONFIG_LOG_BOOTLOADER_LEVEL=2 +CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y +CONFIG_BOOTLOADER_LOG_LEVEL=2 CONFIG_LOG_DEFAULT_LEVEL_WARN=y CONFIG_LOG_DEFAULT_LEVEL=2 diff --git a/examples/system/ulp_adc/sdkconfig.defaults b/examples/system/ulp_adc/sdkconfig.defaults index 1ef03d0e6c..a5e2b8ccd7 100644 --- a/examples/system/ulp_adc/sdkconfig.defaults +++ b/examples/system/ulp_adc/sdkconfig.defaults @@ -2,7 +2,7 @@ CONFIG_ESP32_ULP_COPROC_ENABLED=y CONFIG_ESP32_ULP_COPROC_RESERVE_MEM=1024 # Set log level to Warning to produce clean output -CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y -CONFIG_LOG_BOOTLOADER_LEVEL=2 +CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y +CONFIG_BOOTLOADER_LOG_LEVEL=2 CONFIG_LOG_DEFAULT_LEVEL_WARN=y CONFIG_LOG_DEFAULT_LEVEL=2 diff --git a/examples/wifi/simple_sniffer/sdkconfig.defaults b/examples/wifi/simple_sniffer/sdkconfig.defaults index a67ef4dc9d..2337962819 100644 --- a/examples/wifi/simple_sniffer/sdkconfig.defaults +++ b/examples/wifi/simple_sniffer/sdkconfig.defaults @@ -1,6 +1,6 @@ # Reduce bootloader log verbosity -CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y -CONFIG_LOG_BOOTLOADER_LEVEL=2 +CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y +CONFIG_BOOTLOADER_LOG_LEVEL=2 # Increase main task stack size CONFIG_ESP_MAIN_TASK_STACK_SIZE=7168 diff --git a/tools/ldgen/samples/sdkconfig b/tools/ldgen/samples/sdkconfig index f78145b911..fcbe556260 100644 --- a/tools/ldgen/samples/sdkconfig +++ b/tools/ldgen/samples/sdkconfig @@ -8,13 +8,13 @@ CONFIG_SDK_MAKE_WARN_UNDEFINED_VARIABLES=y # # Bootloader config # -CONFIG_LOG_BOOTLOADER_LEVEL_NONE= -CONFIG_LOG_BOOTLOADER_LEVEL_ERROR= -CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y -CONFIG_LOG_BOOTLOADER_LEVEL_INFO= -CONFIG_LOG_BOOTLOADER_LEVEL_DEBUG= -CONFIG_LOG_BOOTLOADER_LEVEL_VERBOSE= -CONFIG_LOG_BOOTLOADER_LEVEL=2 +CONFIG_BOOTLOADER_LOG_LEVEL_NONE= +CONFIG_BOOTLOADER_LOG_LEVEL_ERROR= +CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y +CONFIG_BOOTLOADER_LOG_LEVEL_INFO= +CONFIG_BOOTLOADER_LOG_LEVEL_DEBUG= +CONFIG_BOOTLOADER_LOG_LEVEL_VERBOSE= +CONFIG_BOOTLOADER_LOG_LEVEL=2 CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_8V= CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V=y @@ -22,7 +22,7 @@ CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V=y # Security features # CONFIG_SECURE_BOOT_ENABLED= -CONFIG_FLASH_ENCRYPTION_ENABLED= +CONFIG_SECURE_FLASH_ENC_ENABLED= # # Serial flasher config diff --git a/tools/unit-test-app/sdkconfig.defaults b/tools/unit-test-app/sdkconfig.defaults index 002431e878..fca065641e 100644 --- a/tools/unit-test-app/sdkconfig.defaults +++ b/tools/unit-test-app/sdkconfig.defaults @@ -1,4 +1,4 @@ -CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y +CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y CONFIG_ESPTOOLPY_BAUD_921600B=y CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y CONFIG_ESPTOOLPY_FLASHSIZE_DETECT=n