refactor (bootloader_support, efuse)!: remove target-specific rom includes

The following two functions in bootloader_support are private now:
* esp_secure_boot_verify_sbv2_signature_block()
* esp_secure_boot_verify_rsa_signature_block()
They have been moved into private header files
inside bootloader_private/

* Removed bootloader_reset_reason.h and
  bootloader_common_get_reset_reason() completely.
  Alternative in ROM component is available.

* made esp_efuse.h independent of target-specific rom header
This commit is contained in:
Jakob Hasse 2022-05-23 12:36:02 +08:00
parent 6291d6220a
commit 33a3616635
25 changed files with 157 additions and 107 deletions

View File

@ -30,6 +30,20 @@
#include "esp_efuse.h" #include "esp_efuse.h"
#include "esp_attr.h" #include "esp_attr.h"
#if CONFIG_IDF_TARGET_ESP32
#include "esp32/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S2
#include "esp32s2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C3
#include "esp32c3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S3
#include "esp32s3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32H2
#include "esp32h2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C2
#include "esp32c2/rom/secure_boot.h"
#endif
#define SUB_TYPE_ID(i) (i & 0x0F) #define SUB_TYPE_ID(i) (i & 0x0F)
/* Partial_data is word aligned so no reallocation is necessary for encrypted flash write */ /* Partial_data is word aligned so no reallocation is necessary for encrypted flash write */
@ -898,7 +912,7 @@ esp_err_t esp_ota_revoke_secure_boot_public_key(esp_ota_secure_boot_public_key_i
} }
esp_err_t ret; esp_err_t ret;
ets_secure_boot_key_digests_t trusted_keys; esp_secure_boot_key_digests_t trusted_keys;
ret = esp_secure_boot_read_key_digests(&trusted_keys); ret = esp_secure_boot_read_key_digests(&trusted_keys);
if (ret != ESP_OK) { if (ret != ESP_OK) {
ESP_LOGE(TAG, "Could not read the secure boot key digests from efuse. Aborting.."); ESP_LOGE(TAG, "Could not read the secure boot key digests from efuse. Aborting..");

View File

@ -5,6 +5,7 @@
*/ */
#include <stdbool.h> #include <stdbool.h>
#include "esp_log.h" #include "esp_log.h"
#include "esp_rom_sys.h"
#include "bootloader_init.h" #include "bootloader_init.h"
#include "bootloader_utility.h" #include "bootloader_utility.h"
#include "bootloader_common.h" #include "bootloader_common.h"
@ -79,7 +80,7 @@ static int selected_boot_partition(const bootloader_state_t *bs)
if (boot_index == INVALID_INDEX) { if (boot_index == INVALID_INDEX) {
return boot_index; // Unrecoverable failure (not due to corrupt ota data or bad partition contents) return boot_index; // Unrecoverable failure (not due to corrupt ota data or bad partition contents)
} }
if (bootloader_common_get_reset_reason(0) != DEEPSLEEP_RESET) { if (esp_rom_get_reset_reason(0) != RESET_REASON_CORE_DEEP_SLEEP) {
// Factory firmware. // Factory firmware.
#ifdef CONFIG_BOOTLOADER_FACTORY_RESET #ifdef CONFIG_BOOTLOADER_FACTORY_RESET
bool reset_level = false; bool reset_level = false;

View File

@ -8,21 +8,6 @@
#include "esp_flash_partitions.h" #include "esp_flash_partitions.h"
#include "esp_image_format.h" #include "esp_image_format.h"
#include "esp_app_format.h" #include "esp_app_format.h"
// [refactor-todo]: we shouldn't expose ROM header files in a public API header, remove them in v5.0
// Tracked in IDF-1968
#if CONFIG_IDF_TARGET_ESP32
#include "esp32/rom/rtc.h"
#elif CONFIG_IDF_TARGET_ESP32S2
#include "esp32s2/rom/rtc.h"
#elif CONFIG_IDF_TARGET_ESP32S3
#include "esp32s3/rom/rtc.h"
#elif CONFIG_IDF_TARGET_ESP32C3
#include "esp32c3/rom/rtc.h"
#elif CONFIG_IDF_TARGET_ESP32H2
#include "esp32h2/rom/rtc.h"
#elif CONFIG_IDF_TARGET_ESP32C2
#include "esp32c2/rom/rtc.h"
#endif
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
@ -196,14 +181,6 @@ esp_err_t bootloader_common_get_partition_description(const esp_partition_pos_t
*/ */
uint32_t bootloader_common_get_chip_ver_pkg(void); uint32_t bootloader_common_get_chip_ver_pkg(void);
/**
* @brief Query reset reason
*
* @param cpu_no CPU number
* @return reset reason enumeration
*/
RESET_REASON bootloader_common_get_reset_reason(int cpu_no);
/** /**
* @brief Check if the image (bootloader and application) has valid chip ID and revision * @brief Check if the image (bootloader and application) has valid chip ID and revision
* *

View File

@ -8,32 +8,13 @@
#include <stdbool.h> #include <stdbool.h>
#include <esp_err.h> #include <esp_err.h>
#include "soc/efuse_periph.h" #include "soc/efuse_periph.h"
#include "soc/soc_caps.h"
#include "esp_image_format.h" #include "esp_image_format.h"
#include "esp_rom_efuse.h" #include "esp_rom_efuse.h"
#include "sdkconfig.h" #include "sdkconfig.h"
#include "esp_rom_crc.h" #include "esp_rom_crc.h"
#include "hal/efuse_ll.h" #include "hal/efuse_ll.h"
#if CONFIG_IDF_TARGET_ESP32
#include "esp32/rom/efuse.h"
#include "esp32/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S2
#include "esp32s2/rom/efuse.h"
#include "esp32s2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C3
#include "esp32c3/rom/efuse.h"
#include "esp32c3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S3
#include "esp32s3/rom/efuse.h"
#include "esp32s3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32H2
#include "esp32h2/rom/efuse.h"
#include "esp32h2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C2
#include "esp32c2/rom/efuse.h"
#include "esp32c2/rom/secure_boot.h"
#endif
#ifdef CONFIG_SECURE_BOOT_V1_ENABLED #ifdef CONFIG_SECURE_BOOT_V1_ENABLED
#if !defined(CONFIG_SECURE_SIGNED_ON_BOOT) || !defined(CONFIG_SECURE_SIGNED_ON_UPDATE) || !defined(CONFIG_SECURE_SIGNED_APPS) #if !defined(CONFIG_SECURE_SIGNED_ON_BOOT) || !defined(CONFIG_SECURE_SIGNED_ON_UPDATE) || !defined(CONFIG_SECURE_SIGNED_APPS)
#error "internal sdkconfig error, secure boot should always enable all signature options" #error "internal sdkconfig error, secure boot should always enable all signature options"
@ -217,34 +198,10 @@ esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig
* Each image can have one or more signature blocks (up to SECURE_BOOT_NUM_BLOCKS). Each signature block includes a public key. * Each image can have one or more signature blocks (up to SECURE_BOOT_NUM_BLOCKS). Each signature block includes a public key.
*/ */
typedef struct { typedef struct {
uint8_t key_digests[SECURE_BOOT_NUM_BLOCKS][ESP_SECURE_BOOT_DIGEST_LEN]; /* SHA of the public key components in the signature block */ uint8_t key_digests[SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS][ESP_SECURE_BOOT_DIGEST_LEN]; /* SHA of the public key components in the signature block */
unsigned num_digests; /* Number of valid digests, starting at index 0 */ unsigned num_digests; /* Number of valid digests, starting at index 0 */
} esp_image_sig_public_key_digests_t; } esp_image_sig_public_key_digests_t;
/** @brief Verify the secure boot signature block for Secure Boot V2.
*
* Performs RSA-PSS or ECDSA verification of the SHA-256 image based on the public key
* in the signature block, compared against the public key digest stored in efuse.
*
* Similar to esp_secure_boot_verify_signature(), but can be used when the digest is precalculated.
* @param sig_block Pointer to signature block data
* @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
* @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
*
*/
esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
/** @brief Legacy function to verify RSA secure boot signature block for Secure Boot V2.
*
* @note This is kept for backward compatibility. It internally calls esp_secure_boot_verify_sbv2_signature_block.
*
* @param sig_block Pointer to RSA signature block data
* @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
* @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
*
*/
esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
#endif // !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_3 #endif // !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_3
/** @brief Legacy ECDSA verification function /** @brief Legacy ECDSA verification function

View File

@ -0,0 +1,52 @@
/*
* SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include "sdkconfig.h"
#include <esp_err.h>
#include <stdint.h>
#if CONFIG_IDF_TARGET_ESP32
#include "esp32/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S2
#include "esp32s2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C3
#include "esp32c3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S3
#include "esp32s3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32H2
#include "esp32h2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C2
#include "esp32c2/rom/secure_boot.h"
#endif
#if !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_3
/** @brief Verify the secure boot signature block for Secure Boot V2.
*
* Performs RSA-PSS or ECDSA verification of the SHA-256 image based on the public key
* in the signature block, compared against the public key digest stored in efuse.
*
* Similar to esp_secure_boot_verify_signature(), but can be used when the digest is precalculated.
* @param sig_block Pointer to signature block data
* @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
* @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
*
*/
esp_err_t esp_secure_boot_verify_sbv2_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
/** @brief Legacy function to verify RSA secure boot signature block for Secure Boot V2.
*
* @note This is kept for backward compatibility. It internally calls esp_secure_boot_verify_sbv2_signature_block.
*
* @param sig_block Pointer to RSA signature block data
* @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
* @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.)
*
*/
esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
#endif

View File

@ -189,11 +189,6 @@ void bootloader_common_vddsdio_configure(void)
#endif // CONFIG_BOOTLOADER_VDDSDIO_BOOST #endif // CONFIG_BOOTLOADER_VDDSDIO_BOOST
} }
RESET_REASON bootloader_common_get_reset_reason(int cpu_no)
{
return (RESET_REASON)esp_rom_get_reset_reason(cpu_no);
}
uint8_t bootloader_flash_get_cs_io(void) uint8_t bootloader_flash_get_cs_io(void)
{ {
#if SOC_SPI_MEM_SUPPORT_CONFIG_GPIO_BY_EFUSE #if SOC_SPI_MEM_SUPPORT_CONFIG_GPIO_BY_EFUSE

View File

@ -20,6 +20,7 @@
#include "soc/assist_debug_reg.h" #include "soc/assist_debug_reg.h"
#include "esp_cpu.h" #include "esp_cpu.h"
#include "soc/rtc.h" #include "soc/rtc.h"
#include "soc/rtc_cntl_reg.h"
#include "soc/spi_periph.h" #include "soc/spi_periph.h"
#include "soc/extmem_reg.h" #include "soc/extmem_reg.h"
#include "soc/io_mux_reg.h" #include "soc/io_mux_reg.h"

View File

@ -20,6 +20,7 @@
#include "soc/assist_debug_reg.h" #include "soc/assist_debug_reg.h"
#include "esp_cpu.h" #include "esp_cpu.h"
#include "soc/rtc.h" #include "soc/rtc.h"
#include "soc/rtc_cntl_reg.h"
#include "soc/spi_periph.h" #include "soc/spi_periph.h"
#include "soc/extmem_reg.h" #include "soc/extmem_reg.h"
#include "soc/io_mux_reg.h" #include "soc/io_mux_reg.h"

View File

@ -33,6 +33,7 @@
#include "soc/dport_reg.h" #include "soc/dport_reg.h"
#include "soc/extmem_reg.h" #include "soc/extmem_reg.h"
#include "soc/rtc.h" #include "soc/rtc.h"
#include "soc/rtc_cntl_reg.h"
#include "soc/spi_periph.h" #include "soc/spi_periph.h"
#include "esp_efuse.h" #include "esp_efuse.h"
#include "hal/mmu_hal.h" #include "hal/mmu_hal.h"

View File

@ -7,6 +7,7 @@
#include <sys/param.h> #include <sys/param.h>
#include <esp_cpu.h> #include <esp_cpu.h>
#include <bootloader_utility.h> #include <bootloader_utility.h>
#include <bootloader_signature.h>
#include <esp_secure_boot.h> #include <esp_secure_boot.h>
#include <esp_fault.h> #include <esp_fault.h>
#include <esp_log.h> #include <esp_log.h>

View File

@ -11,6 +11,7 @@
#include "esp_log.h" #include "esp_log.h"
#include "esp32/rom/cache.h" #include "esp32/rom/cache.h"
#include "esp32/rom/secure_boot.h"
#include "soc/rtc_periph.h" #include "soc/rtc_periph.h"
#include "bootloader_utility.h" #include "bootloader_utility.h"

View File

@ -15,6 +15,20 @@
#include "esp_efuse.h" #include "esp_efuse.h"
#include "esp_efuse_table.h" #include "esp_efuse_table.h"
#if CONFIG_IDF_TARGET_ESP32
#include "esp32/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S2
#include "esp32s2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C3
#include "esp32c3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S3
#include "esp32s3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32H2
#include "esp32h2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C2
#include "esp32c2/rom/secure_boot.h"
#endif
/* The following API implementations are used only when called /* The following API implementations are used only when called
* from the bootloader code. * from the bootloader code.
*/ */

View File

@ -14,6 +14,8 @@
#include "mbedtls/ecp.h" #include "mbedtls/ecp.h"
#include "rom/ecdsa.h" #include "rom/ecdsa.h"
#include "secure_boot_signature_priv.h"
static const char *TAG = "secure_boot_v2_ecdsa"; static const char *TAG = "secure_boot_v2_ecdsa";
#define ECDSA_INTEGER_LEN 32 #define ECDSA_INTEGER_LEN 32

View File

@ -12,6 +12,8 @@
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h" #include "mbedtls/ctr_drbg.h"
#include "secure_boot_signature_priv.h"
static const char *TAG = "secure_boot_v2_rsa"; static const char *TAG = "secure_boot_v2_rsa";
esp_err_t verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block) esp_err_t verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block)

View File

@ -4,7 +4,20 @@
* SPDX-License-Identifier: Apache-2.0 * SPDX-License-Identifier: Apache-2.0
*/ */
#include "esp_secure_boot.h" #include "esp_secure_boot.h"
#include "esp_log.h"
#if CONFIG_IDF_TARGET_ESP32
#include "esp32/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S2
#include "esp32s2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C3
#include "esp32c3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S3
#include "esp32s3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32H2
#include "esp32h2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C2
#include "esp32c2/rom/secure_boot.h"
#endif
esp_err_t verify_ecdsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block); esp_err_t verify_ecdsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, const ets_secure_boot_sig_block_t *trusted_block);

View File

@ -8,6 +8,7 @@
#include "bootloader_flash_priv.h" #include "bootloader_flash_priv.h"
#include "bootloader_sha.h" #include "bootloader_sha.h"
#include "bootloader_utility.h" #include "bootloader_utility.h"
#include "bootloader_signature.h"
#include "esp_log.h" #include "esp_log.h"
#include "esp_image_format.h" #include "esp_image_format.h"
#include "mbedtls/sha256.h" #include "mbedtls/sha256.h"
@ -108,7 +109,7 @@ static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t
#elif CONFIG_SECURE_BOOT_V2_ENABLED #elif CONFIG_SECURE_BOOT_V2_ENABLED
ESP_LOGI(TAG, "Take trusted digest key(s) from eFuse block(s)"); ESP_LOGI(TAG, "Take trusted digest key(s) from eFuse block(s)");
// Read key digests from efuse // Read key digests from efuse
ets_secure_boot_key_digests_t efuse_trusted; esp_secure_boot_key_digests_t efuse_trusted;
if (esp_secure_boot_read_key_digests(&efuse_trusted) == ESP_OK) { if (esp_secure_boot_read_key_digests(&efuse_trusted) == ESP_OK) {
for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) { for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
if (efuse_trusted.key_digests[i] != NULL) { if (efuse_trusted.key_digests[i] != NULL) {

View File

@ -10,6 +10,7 @@
#include "bootloader_flash_priv.h" #include "bootloader_flash_priv.h"
#include "bootloader_sha.h" #include "bootloader_sha.h"
#include "bootloader_utility.h" #include "bootloader_utility.h"
#include "bootloader_signature.h"
#include "esp_log.h" #include "esp_log.h"
#include "esp_image_format.h" #include "esp_image_format.h"
#include "esp_secure_boot.h" #include "esp_secure_boot.h"
@ -66,19 +67,19 @@ static esp_err_t validate_signature_block(const ets_secure_boot_sig_block_t *blo
static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t *public_key_digests) static esp_err_t get_secure_boot_key_digests(esp_image_sig_public_key_digests_t *public_key_digests)
{ {
// Read key digests from efuse // Read key digests from efuse
ets_secure_boot_key_digests_t trusted_keys; esp_secure_boot_key_digests_t trusted_keys;
ets_secure_boot_key_digests_t trusted_key_copies[2]; esp_secure_boot_key_digests_t trusted_key_copies[2];
memset(&trusted_keys, 0, sizeof(ets_secure_boot_key_digests_t)); memset(&trusted_keys, 0, sizeof(esp_secure_boot_key_digests_t));
memset(trusted_key_copies, 0, 2 * sizeof(ets_secure_boot_key_digests_t)); memset(trusted_key_copies, 0, 2 * sizeof(esp_secure_boot_key_digests_t));
esp_err_t err = esp_secure_boot_read_key_digests(&trusted_keys); esp_err_t err = esp_secure_boot_read_key_digests(&trusted_keys);
// Create the copies for FI checks (assuming result is ETS_OK, if it's not then it'll fail the fault check anyhow) // Create the copies for FI checks (assuming result is ETS_OK, if it's not then it'll fail the fault check anyhow)
esp_secure_boot_read_key_digests(&trusted_key_copies[0]); esp_secure_boot_read_key_digests(&trusted_key_copies[0]);
esp_secure_boot_read_key_digests(&trusted_key_copies[1]); esp_secure_boot_read_key_digests(&trusted_key_copies[1]);
ESP_FAULT_ASSERT(memcmp(&trusted_keys, &trusted_key_copies[0], sizeof(ets_secure_boot_key_digests_t)) == 0); ESP_FAULT_ASSERT(memcmp(&trusted_keys, &trusted_key_copies[0], sizeof(esp_secure_boot_key_digests_t)) == 0);
ESP_FAULT_ASSERT(memcmp(&trusted_keys, &trusted_key_copies[1], sizeof(ets_secure_boot_key_digests_t)) == 0); ESP_FAULT_ASSERT(memcmp(&trusted_keys, &trusted_key_copies[1], sizeof(esp_secure_boot_key_digests_t)) == 0);
if (err == ESP_OK) { if (err == ESP_OK) {
for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) { for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {

View File

@ -15,20 +15,6 @@
#include "sdkconfig.h" #include "sdkconfig.h"
#include_next "esp_efuse.h" #include_next "esp_efuse.h"
#if CONFIG_IDF_TARGET_ESP32
#include "esp32/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S2
#include "esp32s2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C3
#include "esp32c3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S3
#include "esp32s3/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32H2
#include "esp32h2/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32C2
#include "esp32c2/rom/secure_boot.h"
#endif
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
@ -60,6 +46,17 @@ typedef enum {
ESP_EFUSE_ROM_LOG_ALWAYS_OFF /**< Disable ROM logging permanently */ ESP_EFUSE_ROM_LOG_ALWAYS_OFF /**< Disable ROM logging permanently */
} esp_efuse_rom_log_scheme_t; } esp_efuse_rom_log_scheme_t;
#if CONFIG_ESP32_REV_MIN_3 || !CONFIG_IDF_TARGET_ESP32
/**
* @brief Pointers to the trusted key digests.
*
* The number of digests depends on the SOC's capabilities.
*/
typedef struct {
const void *key_digests[SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS]; /**< Pointers to the key digests */
} esp_secure_boot_key_digests_t;
#endif
/** /**
* @brief Reads bits from EFUSE field and writes it into an array. * @brief Reads bits from EFUSE field and writes it into an array.
* *
@ -749,13 +746,15 @@ esp_err_t esp_efuse_write_keys(const esp_efuse_purpose_t purposes[], uint8_t key
/** /**
* @brief Read key digests from efuse. Any revoked/missing digests will be marked as NULL * @brief Read key digests from efuse. Any revoked/missing digests will be marked as NULL
* *
* @param[out] trusted_keys The number of digest in range 0..2 * @param[out] trusted_key_digests Trusted keys digests, stored in this parameter after successfully
* completing this function.
* The number of digests depends on the SOC's capabilities.
* *
* @return * @return
* - ESP_OK: Successful. * - ESP_OK: Successful.
* - ESP_FAIL: If trusted_keys is NULL or there is no valid digest. * - ESP_FAIL: If trusted_keys is NULL or there is no valid digest.
*/ */
esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys); esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_key_digests);
#endif #endif
/** /**

View File

@ -365,7 +365,7 @@ esp_err_t esp_efuse_set_write_protect_of_digest_revoke(unsigned num_digest)
return esp_efuse_write_field_bit(s_revoke_table[num_digest].revoke_wr_dis); return esp_efuse_write_field_bit(s_revoke_table[num_digest].revoke_wr_dis);
} }
esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys) esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_keys)
{ {
bool found = false; bool found = false;
esp_efuse_block_t key_block; esp_efuse_block_t key_block;
@ -374,7 +374,7 @@ esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *truste
return ESP_FAIL; return ESP_FAIL;
} }
for (unsigned i = 0; i < MAX_KEY_DIGESTS; i++) { for (unsigned i = 0; i < SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS; i++) {
trusted_keys->key_digests[i] = NULL; trusted_keys->key_digests[i] = NULL;
if (esp_efuse_get_digest_revoke(i)) { if (esp_efuse_get_digest_revoke(i)) {
continue; continue;
@ -390,8 +390,6 @@ esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *truste
found = found || (trusted_keys->key_digests[i] != NULL); found = found || (trusted_keys->key_digests[i] != NULL);
} }
trusted_keys->allow_key_revoke = false;
if (!found) { if (!found) {
return ESP_FAIL; return ESP_FAIL;
} }

View File

@ -238,7 +238,7 @@ err_exit:
return err; return err;
} }
esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys) esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_keys)
{ {
if (trusted_keys == NULL) { if (trusted_keys == NULL) {
return ESP_FAIL; return ESP_FAIL;

View File

@ -241,7 +241,7 @@ err_exit:
} }
#if CONFIG_ESP32_REV_MIN_3 #if CONFIG_ESP32_REV_MIN_3
esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys) esp_err_t esp_secure_boot_read_key_digests(esp_secure_boot_key_digests_t *trusted_keys)
{ {
if (trusted_keys == NULL) { if (trusted_keys == NULL) {
return ESP_FAIL; return ESP_FAIL;

View File

@ -5,6 +5,7 @@
*/ */
#include <string.h> #include <string.h>
#include "esp32s2/rom/ets_sys.h"
#include "esp32s2/rom/hmac.h" #include "esp32s2/rom/hmac.h"
#include "esp_hmac.h" #include "esp_hmac.h"
#include "esp_crypto_lock.h" #include "esp_crypto_lock.h"

View File

@ -28,13 +28,16 @@
#include "soc/dport_reg.h" #include "soc/dport_reg.h"
#include "esp32/rtc.h" #include "esp32/rtc.h"
#include "esp32/rom/cache.h" #include "esp32/rom/cache.h"
#include "esp32/rom/secure_boot.h"
#elif CONFIG_IDF_TARGET_ESP32S2 #elif CONFIG_IDF_TARGET_ESP32S2
#include "esp32s2/rtc.h" #include "esp32s2/rtc.h"
#include "esp32s2/rom/cache.h" #include "esp32s2/rom/cache.h"
#include "esp32s2/rom/secure_boot.h"
#include "esp32s2/memprot.h" #include "esp32s2/memprot.h"
#elif CONFIG_IDF_TARGET_ESP32S3 #elif CONFIG_IDF_TARGET_ESP32S3
#include "esp32s3/rtc.h" #include "esp32s3/rtc.h"
#include "esp32s3/rom/cache.h" #include "esp32s3/rom/cache.h"
#include "esp32s3/rom/secure_boot.h"
#include "esp_memprot.h" #include "esp_memprot.h"
#include "soc/assist_debug_reg.h" #include "soc/assist_debug_reg.h"
#include "soc/system_reg.h" #include "soc/system_reg.h"
@ -42,15 +45,18 @@
#elif CONFIG_IDF_TARGET_ESP32C3 #elif CONFIG_IDF_TARGET_ESP32C3
#include "esp32c3/rtc.h" #include "esp32c3/rtc.h"
#include "esp32c3/rom/cache.h" #include "esp32c3/rom/cache.h"
#include "esp32c3/rom/secure_boot.h"
#include "esp_memprot.h" #include "esp_memprot.h"
#elif CONFIG_IDF_TARGET_ESP32H2 #elif CONFIG_IDF_TARGET_ESP32H2
#include "esp32h2/rtc.h" #include "esp32h2/rtc.h"
#include "esp32h2/rom/cache.h" #include "esp32h2/rom/cache.h"
#include "esp32h2/rom/secure_boot.h"
#include "esp_memprot.h" #include "esp_memprot.h"
#elif CONFIG_IDF_TARGET_ESP32C2 #elif CONFIG_IDF_TARGET_ESP32C2
#include "esp32c2/rtc.h" #include "esp32c2/rtc.h"
#include "esp32c2/rom/cache.h" #include "esp32c2/rom/cache.h"
#include "esp32c2/rom/rtc.h" #include "esp32c2/rom/rtc.h"
#include "esp32c2/rom/secure_boot.h"
#include "esp32c2/memprot.h" #include "esp32c2/memprot.h"
#endif #endif

View File

@ -20,6 +20,12 @@ Cache Error Interrupt
The old headers ``{IDF_TARGET_NAME}/cache_err_int.h`` have been removed. Please include ``esp_private/cache_err_int.h`` instead. The old headers ``{IDF_TARGET_NAME}/cache_err_int.h`` have been removed. Please include ``esp_private/cache_err_int.h`` instead.
Bootloader Support
------------------
* The function ``bootloader_common_get_reset_reason()`` has been removed. Please use the function ``esp_rom_get_reset_reason()`` in the ROM component.
* The functions ``esp_secure_boot_verify_sbv2_signature_block()`` and ``esp_secure_boot_verify_rsa_signature_block()`` have been removed without replacement. We don't expect users to use these directly. If they are indeed still neccessary, please open a feature request on github explaining why these functions are necessary to you.
Brownout Brownout
-------- --------
@ -49,6 +55,11 @@ PSRAM
- The target specific header files ``spiram.h`` have been deleted. The header file ``esp_spiram.h`` has been deleted. A new component ``esp_psram`` is created, you should include ``esp_psram.h`` instead. Besides, you might need to add ``esp_psram`` component to the list of component requirements in CMakeLists.txt. - The target specific header files ``spiram.h`` have been deleted. The header file ``esp_spiram.h`` has been deleted. A new component ``esp_psram`` is created, you should include ``esp_psram.h`` instead. Besides, you might need to add ``esp_psram`` component to the list of component requirements in CMakeLists.txt.
- ``esp_spiram_get_chip_size`` and ``esp_spiram_get_size`` have been deleted. You should use ``esp_psram_get_size`` instead. - ``esp_spiram_get_chip_size`` and ``esp_spiram_get_size`` have been deleted. You should use ``esp_psram_get_size`` instead.
Efuse
----------
The parameter type of function ``esp_secure_boot_read_key_digests()`` changed from ``ets_secure_boot_key_digests_t*`` to ``esp_secure_boot_key_digests_t*``. ``ets_secure_boot_key_digests_t*``. The new type is the same as the old one, except that the ``allow_key_revoke`` flag has been removed. The latter was always set to ``true`` in current code, hence, it didn't provide additional information.
ESP Common ESP Common
---------- ----------

View File

@ -7,6 +7,7 @@
CONDITIONS OF ANY KIND, either express or implied. CONDITIONS OF ANY KIND, either express or implied.
*/ */
#include <stdio.h> #include <stdio.h>
#include "sdkconfig.h"
#include "freertos/FreeRTOS.h" #include "freertos/FreeRTOS.h"
#include "freertos/task.h" #include "freertos/task.h"
#include "soc/efuse_reg.h" #include "soc/efuse_reg.h"
@ -54,7 +55,7 @@ static void example_print_chip_info(void)
static void example_secure_boot_status(void) static void example_secure_boot_status(void)
{ {
ets_secure_boot_key_digests_t trusted_keys = { 0}; esp_secure_boot_key_digests_t trusted_keys = { 0};
ESP_LOGI(TAG, "Checking for Secure Boot.."); ESP_LOGI(TAG, "Checking for Secure Boot..");
if(esp_secure_boot_enabled()) { if(esp_secure_boot_enabled()) {
@ -62,7 +63,7 @@ static void example_secure_boot_status(void)
ESP_ERROR_CHECK( esp_secure_boot_read_key_digests(&trusted_keys) ); ESP_ERROR_CHECK( esp_secure_boot_read_key_digests(&trusted_keys) );
unsigned total = 0; unsigned total = 0;
for (int i = 0; i < MAX_KEY_DIGESTS; i++) { for (int i = 0; i < SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS; i++) {
ESP_LOGI(TAG, "Key slot %d:", i); ESP_LOGI(TAG, "Key slot %d:", i);
if (trusted_keys.key_digests[i]) { if (trusted_keys.key_digests[i]) {
ESP_LOG_BUFFER_HEXDUMP("trusted key", trusted_keys.key_digests[i], DIGEST_LEN, ESP_LOG_INFO); ESP_LOG_BUFFER_HEXDUMP("trusted key", trusted_keys.key_digests[i], DIGEST_LEN, ESP_LOG_INFO);