security: write-protect DIS_ICAHE and DIS_DCACHE

Closes IDF-5177
2024-10-05 20:47:46 -04:00 · 2023-03-08 00:09:45 +08:00 · 2023-03-08 00:09:45 +08:00 · 723b2e86e5
commit 723b2e86e5
parent 266a58f85b
20 changed files with 118 additions and 1 deletions
--- a/components/bootloader_support/src/esp32/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32/flash_encryption_secure_features.c
@ -79,5 +79,13 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_EFUSE_RD_DISABLE);
 #endif

+#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
+    // Set write-protection for DIS_ICACHE to prevent bricking chip in case it will be set accidentally.
+    // esp32 has DIS_ICACHE. Write-protection bit = 3.
+    // List of eFuses with the same write protection bit:
+    // MAC, MAC_CRC, DISABLE_APP_CPU, DISABLE_BT, DIS_CACHE, VOL_LEVEL_HP_INV.
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE);
+#endif
+
    return ESP_OK;
 }
--- a/components/bootloader_support/src/esp32c3/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32c3/flash_encryption_secure_features.c
@ -46,5 +46,14 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
 #endif

+#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
+    // Set write-protection for DIS_ICACHE to prevent bricking chip in case it will be set accidentally.
+    // esp32c3 has DIS_ICACHE. Write-protection bit = 2.
+    // List of eFuses with the same write protection bit:
+    // DIS_ICACHE, DIS_USB_JTAG, DIS_DOWNLOAD_ICACHE, DIS_USB_SERIAL_JTAG,
+    // DIS_FORCE_DOWNLOAD, DIS_TWAI, JTAG_SEL_ENABLE, DIS_PAD_JTAG, DIS_DOWNLOAD_MANUAL_ENCRYPT.
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE);
+#endif
+
    return ESP_OK;
 }
--- a/components/bootloader_support/src/esp32c6/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32c6/flash_encryption_secure_features.c
@ -1,5 +1,5 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2023 Espressif Systems (Shanghai) CO LTD
 *
 * SPDX-License-Identifier: Apache-2.0
 */
@ -46,5 +46,15 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
 #endif

+#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
+    // Set write-protection for DIS_ICACHE to prevent bricking chip in case it will be set accidentally.
+    // esp32c6 has DIS_ICACHE. Write-protection bit = 2.
+    // List of eFuses with the same write protection bit:
+    // SWAP_UART_SDIO_EN, DIS_ICACHE, DIS_USB_JTAG, DIS_DOWNLOAD_ICACHE,
+    // DIS_USB_SERIAL_JTAG, DIS_FORCE_DOWNLOAD, DIS_TWAI, JTAG_SEL_ENABLE,
+    // DIS_PAD_JTAG, DIS_DOWNLOAD_MANUAL_ENCRYPT.
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE);
+#endif
+
    return ESP_OK;
 }
--- a/components/bootloader_support/src/esp32h2/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32h2/flash_encryption_secure_features.c
@ -39,5 +39,14 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
 #endif

+#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
+    // Set write-protection for DIS_ICACHE to prevent bricking chip in case it will be set accidentally.
+    // esp32h2 has DIS_ICACHE. Write-protection bit = 2.
+    // List of eFuses with the same write protection bit:
+    // DIS_ICACHE, DIS_USB_JTAG, POWERGLITCH_EN, DIS_FORCE_DOWNLOAD, SPI_DOWNLOAD_MSPI_DIS,
+    // DIS_TWAI, JTAG_SEL_ENABLE, DIS_PAD_JTAG, DIS_DOWNLOAD_MANUAL_ENCRYPT
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE);
+#endif
+
    return ESP_OK;
 }
--- a/components/bootloader_support/src/esp32h4/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32h4/flash_encryption_secure_features.c
@ -46,5 +46,14 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
 #endif

+#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
+    // Set write-protection for DIS_ICACHE to prevent bricking chip in case it will be set accidentally.
+    // esp32h4 has DIS_ICACHE. Write-protection bit = 2.
+    // List of eFuses with the same write protection bit:
+    // DIS_ICACHE, DIS_USB_JTAG, POWERGLITCH_EN, DIS_FORCE_DOWNLOAD, SPI_DOWNLOAD_MSPI_DIS,
+    // DIS_TWAI, JTAG_SEL_ENABLE, DIS_PAD_JTAG, DIS_DOWNLOAD_MANUAL_ENCRYPT
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE);
+#endif
+
    return ESP_OK;
 }
--- a/components/bootloader_support/src/esp32s2/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32s2/flash_encryption_secure_features.c
@ -47,5 +47,15 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
 #endif

+#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
+    // Set write-protection for DIS_ICACHE and DIS_DCACHE to prevent bricking chip in case it will be set accidentally.
+    // esp32s2 has DIS_ICACHE and DIS_DCACHE. Write-protection bit = 2 for both.
+    // List of eFuses with the same write protection bit:
+    // DIS_ICACHE, DIS_DCACHE, DIS_DOWNLOAD_ICACHE, DIS_DOWNLOAD_DCACHE,
+    // DIS_FORCE_DOWNLOAD, DIS_USB, DIS_TWAI, DIS_BOOT_REMAP, SOFT_DIS_JTAG,
+    // HARD_DIS_JTAG, DIS_DOWNLOAD_MANUAL_ENCRYPT.
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE);
+#endif
+
    return ESP_OK;
 }
--- a/components/bootloader_support/src/esp32s3/flash_encryption_secure_features.c
+++ b/components/bootloader_support/src/esp32s3/flash_encryption_secure_features.c
@ -47,5 +47,15 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
 #endif

+#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
+    // Set write-protection for DIS_ICACHE and DIS_DCACHE to prevent bricking chip in case it will be set accidentally.
+    // esp32s3 has DIS_ICACHE and DIS_DCACHE. Write-protection bit = 2 for both.
+    // List of eFuses with the same write protection bit:
+    // DIS_ICACHE, DIS_DCACHE, DIS_DOWNLOAD_ICACHE, DIS_DOWNLOAD_DCACHE,
+    // DIS_FORCE_DOWNLOAD, DIS_USB_OTG, DIS_TWAI, DIS_APP_CPU, DIS_PAD_JTAG,
+    // DIS_DOWNLOAD_MANUAL_ENCRYPT, DIS_USB_JTAG, DIS_USB_SERIAL_JTAG, STRAP_JTAG_SEL, USB_PHY_SEL.
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE);
+#endif
+
    return ESP_OK;
 }
--- a/components/bootloader_support/src/flash_encrypt.c
+++ b/components/bootloader_support/src/flash_encrypt.c
@ -200,6 +200,14 @@ void esp_flash_encryption_set_release_mode(void)
 #endif // CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED
 #endif // !CONFIG_IDF_TARGET_ESP32

+#ifdef CONFIG_IDF_TARGET_ESP32
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE);
+#else
+#if SOC_EFUSE_DIS_ICACHE
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE);
+#endif
+#endif // !CONFIG_IDF_TARGET_ESP32
+
 #if CONFIG_SOC_SUPPORTS_SECURE_DL_MODE
    esp_efuse_enable_rom_secure_download_mode();
 #else
@ -272,6 +280,12 @@ bool esp_flash_encryption_cfg_verify_release_mode(void)
        ESP_LOGW(TAG, "Not disabled ROM BASIC interpreter fallback (set CONSOLE_DEBUG_DISABLE->1)");
    }

+    secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_DIS_CACHE);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not write-protected DIS_CACHE (set WR_DIS_DIS_CACHE->1)");
+    }
+
    secure = esp_efuse_read_field_bit(ESP_EFUSE_RD_DIS_BLK1);
    result &= secure;
    if (!secure) {
@ -376,6 +390,14 @@ bool esp_flash_encryption_cfg_verify_release_mode(void)
    }
 #endif

+#if SOC_EFUSE_DIS_ICACHE
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_DIS_ICACHE);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not write-protected DIS_ICACHE (set WR_DIS_DIS_ICACHE->1)");
+    }
+#endif
+
    esp_efuse_purpose_t purposes[] = {
 #if SOC_FLASH_ENCRYPTION_XTS_AES_256
        ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1,
--- a/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32c3/include/soc/Kconfig.soc_caps.in
@ -767,6 +767,10 @@ config SOC_EFUSE_SOFT_DIS_JTAG
    bool
    default y

+config SOC_EFUSE_DIS_ICACHE
+    bool
+    default y
+
 config SOC_SECURE_BOOT_V2_RSA
    bool
    default y
--- a/components/soc/esp32c3/include/soc/soc_caps.h
+++ b/components/soc/esp32c3/include/soc/soc_caps.h
@ -339,6 +339,7 @@
 #define SOC_EFUSE_DIS_USB_JTAG 1
 #define SOC_EFUSE_DIS_DIRECT_BOOT 1
 #define SOC_EFUSE_SOFT_DIS_JTAG 1
+#define SOC_EFUSE_DIS_ICACHE 1

 /*-------------------------- Secure Boot CAPS----------------------------*/
 #define SOC_SECURE_BOOT_V2_RSA              1
--- a/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32c6/include/soc/Kconfig.soc_caps.in
@ -979,6 +979,10 @@ config SOC_EFUSE_SOFT_DIS_JTAG
    bool
    default y

+config SOC_EFUSE_DIS_ICACHE
+    bool
+    default y
+
 config SOC_SECURE_BOOT_V2_RSA
    bool
    default y
--- a/components/soc/esp32c6/include/soc/soc_caps.h
+++ b/components/soc/esp32c6/include/soc/soc_caps.h
@ -403,6 +403,7 @@
 #define SOC_EFUSE_DIS_USB_JTAG 1
 #define SOC_EFUSE_DIS_DIRECT_BOOT 1
 #define SOC_EFUSE_SOFT_DIS_JTAG 1
+#define SOC_EFUSE_DIS_ICACHE 1

 /*-------------------------- Secure Boot CAPS----------------------------*/
 #define SOC_SECURE_BOOT_V2_RSA              1
--- a/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32h2/include/soc/Kconfig.soc_caps.in
@ -943,6 +943,10 @@ config SOC_EFUSE_SOFT_DIS_JTAG
    bool
    default y

+config SOC_EFUSE_DIS_ICACHE
+    bool
+    default y
+
 config SOC_SECURE_BOOT_V2_RSA
    bool
    default y
--- a/components/soc/esp32h2/include/soc/soc_caps.h
+++ b/components/soc/esp32h2/include/soc/soc_caps.h
@ -400,6 +400,7 @@
 #define SOC_EFUSE_DIS_USB_JTAG 1
 #define SOC_EFUSE_DIS_DIRECT_BOOT 1
 #define SOC_EFUSE_SOFT_DIS_JTAG 1
+#define SOC_EFUSE_DIS_ICACHE 1

 /*-------------------------- Secure Boot CAPS----------------------------*/
 #define SOC_SECURE_BOOT_V2_RSA              1
--- a/components/soc/esp32h4/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32h4/include/soc/Kconfig.soc_caps.in
@ -739,6 +739,10 @@ config SOC_EFUSE_SOFT_DIS_JTAG
    bool
    default y

+config SOC_EFUSE_DIS_ICACHE
+    bool
+    default y
+
 config SOC_SECURE_BOOT_V2_RSA
    bool
    default y
--- a/components/soc/esp32h4/include/soc/soc_caps.h
+++ b/components/soc/esp32h4/include/soc/soc_caps.h
@ -350,6 +350,7 @@
 #define SOC_EFUSE_DIS_USB_JTAG 1
 #define SOC_EFUSE_DIS_DIRECT_BOOT 1
 #define SOC_EFUSE_SOFT_DIS_JTAG 1
+#define SOC_EFUSE_DIS_ICACHE 1

 /*-------------------------- Secure Boot CAPS----------------------------*/
 #define SOC_SECURE_BOOT_V2_RSA              1
--- a/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32s2/include/soc/Kconfig.soc_caps.in
@ -863,6 +863,10 @@ config SOC_EFUSE_DIS_LEGACY_SPI_BOOT
    bool
    default y

+config SOC_EFUSE_DIS_ICACHE
+    bool
+    default y
+
 config SOC_SECURE_BOOT_V2_RSA
    bool
    default y
--- a/components/soc/esp32s2/include/soc/soc_caps.h
+++ b/components/soc/esp32s2/include/soc/soc_caps.h
@ -375,6 +375,7 @@
 #define SOC_EFUSE_SOFT_DIS_JTAG 1
 #define SOC_EFUSE_DIS_BOOT_REMAP 1
 #define SOC_EFUSE_DIS_LEGACY_SPI_BOOT 1
+#define SOC_EFUSE_DIS_ICACHE 1

 /*-------------------------- Secure Boot CAPS----------------------------*/
 #define SOC_SECURE_BOOT_V2_RSA              1
--- a/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32s3/include/soc/Kconfig.soc_caps.in
@ -1091,6 +1091,10 @@ config SOC_EFUSE_DIS_DIRECT_BOOT
    bool
    default y

+config SOC_EFUSE_DIS_ICACHE
+    bool
+    default y
+
 config SOC_SECURE_BOOT_V2_RSA
    bool
    default y
--- a/components/soc/esp32s3/include/soc/soc_caps.h
+++ b/components/soc/esp32s3/include/soc/soc_caps.h
@ -439,6 +439,7 @@
 #define SOC_EFUSE_DIS_USB_JTAG 1
 #define SOC_EFUSE_SOFT_DIS_JTAG 1
 #define SOC_EFUSE_DIS_DIRECT_BOOT 1
+#define SOC_EFUSE_DIS_ICACHE 1

 /*-------------------------- Secure Boot CAPS----------------------------*/
 #define SOC_SECURE_BOOT_V2_RSA              1