Omar Chebib
1e8b9f8b9c
fix(bootloader): add legacy retained memory CRC calculation
...
* Closes https://github.com/espressif/esp-idf/issues/12849
In former versions of ESP-IDF, the user custom memory data in the retained memory
was taken into account during the CRC calculation. This was changed in a later
commit, the custom memory was ignored, therefore this can seen as a breaking change.
This commit gives the possibility to choose between the former (legacy) or
new way of calculating the CRC.
2024-03-11 11:03:06 +08:00
Xiao Xufeng
31201cc947
doc(spi_flash): hide unsupported optional features
2024-03-03 23:11:43 +08:00
Xiao Xufeng
c32a56fe3b
spi_flash: fixed issue that enabling HPM-DC by default may cause app unable to restart
2024-03-03 23:11:43 +08:00
harshal.patil
8176a0341e
feat(bootloader_support): Encrypt only the app image instead of the whole partition
...
Currently, when flash encryption is enabled, the whole partition gets encrypted.
This can be optimised by encrypting only the app image instead of encrypting the whole partition.
Closes https://github.com/espressif/esp-idf/issues/12576
2024-01-17 14:06:49 +05:30
Harshit Malpani
c71801f9fa
fix(bootloader): Update kconfig option
2023-09-26 13:31:58 +05:30
KonstantinKondrashov
823024c10c
all: Apply new version logic (major * 100 + minor)
2023-01-06 02:00:52 +08:00
Mahavir Jain
88c3e0b4d4
docs: Fix Secure DL mode documentation about flash read being unsupported
...
Simple flash read command is not supported if Secure DL mode is enabled on the target.
Remove reference of this from the relevant docs part.
Related: https://github.com/espressif/esptool/issues/810
Related: ESPTOOL-567
Closes IDF-6468
2022-12-16 11:51:52 +05:30
Omar Chebib
62ad5c2258
Bootloader: retained memory can now be kept after reboot when custom data enabled
...
User's custom data are not taken into account during the CRC calculation anymore.
Which means taht the retained mem structure is not systematically erased
on each reboot anymore.
2022-11-24 17:35:55 +08:00
Marius Vikhammer
3056d6e53d
bootloader: allow skip image validation on C2
...
BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP is not supported on C2 due to
no RTC memory, but BOOTLOADER_SKIP_VALIDATE_ALWAYS should still be
supported.
2022-09-06 14:21:47 +08:00
KonstantinKondrashov
b4d14902e7
bootloader: Allows app partition length not 64KB aligned for NO SECURE BOOT
2022-06-02 22:40:12 +08:00
KonstantinKondrashov
505e18237a
bootloader: Support Flash Encryption for ESP32-C2
2022-05-31 11:12:21 +00:00
jingli
e70c434780
fix compile error for esp32c2, since esp32c2 no longer support RTC fast mem
2022-05-27 19:29:38 +08:00
Marius Vikhammer
0687daf2c8
kconfig: move remaining kconfig options out of target component
...
The kconfig options are moved to the component where they are used,
mostly esp_hw_support and esp_system.
2022-05-23 17:57:45 +08:00
Sachin Parekh
2c725264f7
esp32c2: Support Secure Boot V2 based on ECDSA scheme
2022-05-11 18:00:03 +05:30
Gustavo Henrique Nihei
8ffb157791
bootloader: Create option for enabling memory region protection
...
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-05-03 09:58:25 -03:00
Marius Vikhammer
d2872095f9
soc: moved kconfig options out of the target component.
...
Moved the following kconfig options out of the target component:
* CONFIG_ESP*_DEFAULT_CPU_FREQ* -> esp_system
* ESP*_REV_MIN -> esp_hw_support
* ESP*_TIME_SYSCALL -> newlib
* ESP*_RTC_* -> esp_hw_support
Where applicable these target specific konfig names were merged into
a single common config, e.g;
CONFIG_ESP*_DEFAULT_CPU_FREQ -> CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ
2022-04-21 12:09:43 +08:00
Mahavir Jain
03aafb5d52
bootloader: use SOC capability macros for security features related configuration
2022-04-01 09:38:34 +00:00
KonstantinKondrashov
754a563750
esp32c3: Adds ECO4 revision
2022-03-30 00:09:46 +08:00
KonstantinKondrashov
21dd929c72
bootloader: Adds a level selection for the app's test pin.
...
Closes https://github.com/espressif/esp-idf/issues/8332
2022-03-09 19:52:37 +08:00
KonstantinKondrashov
ebdc52d4e2
efuse(esp32c2): Support eFuse key APIs
2022-02-01 17:30:31 +08:00
laokaiyao
cf049e15ed
esp8684: rename target to esp32c2
2022-01-19 11:08:57 +08:00
Cao Sen Miao
bf6fa70812
ESP8684: update bootloader, bootloader_support, esp_rom
2021-11-06 17:33:44 +08:00
Sachin Parekh
8ff3dbc05d
secure_boot: Added Kconfig option for aggressive key revoke
...
Applicable to S2, C3, and S3
2021-10-22 12:20:14 +05:30
Mahavir Jain
8c3287e0db
Merge branch 'docs/add_note_for_esp32_sec_dl_mode' into 'master'
...
bootloader: add note about secure download mode for ESP32 target
Closes IDFGH-5857
See merge request espressif/esp-idf!15304
2021-09-30 04:00:50 +00:00
Mahavir Jain
3cff291f95
bootloader: add note about secure download mode for ESP32 target
...
Closes IDFGH-5857
Closes https://github.com/espressif/esp-idf/issues/7557
2021-09-22 15:37:40 +05:30
Sachin Parekh
c4e445b6f3
secure_boot: Enable --no-stub if secure boot enabled
...
ROM code doesn't allow loader stub to be executed in case secure boot in
enabled. Providing --no-stub flag to esptool allows user to flash new
firmware, given download mode hasn't been disabled
2021-09-22 12:45:46 +05:30
Sachin Parekh
2d82560ed5
bootloader: Enable Secure boot V2 for ESP32-S3
2021-08-19 14:08:12 +05:30
Mahavir Jain
012c9e26a4
Merge branch 'fixes/secure_boot' into 'master'
...
secure_boot/esp32(s2,c3): Disable read protecting of efuses
See merge request espressif/esp-idf!14769
2021-08-17 05:05:00 +00:00
Sachin Parekh
f430e86c0f
secure_boot/esp32(s2,c3): Disable read protecting of efuses
...
When secure boot is enabled, disable the ability to read protect
efuses that contain the digest.
2021-08-13 13:41:59 +05:30
Michael (XIAO Xufeng)
dd40123129
bootloader: add xmc spi_flash startup flow to improve reliability
2021-08-12 17:22:42 +08:00
Angus Gratton
072232a934
docs: Expand bootloader section
...
- Cover customization options
- Cross-link to the "general notes" section which explains the low-level details
Closes IDF-313
2021-07-13 17:33:53 +10:00
Angus Gratton
6bbb58c8c2
bootloader: Small cleanup and docs for factory reset level config
...
- Add to docs & config descriptions
- Change to a "choice" to become self-documenting
- Keep the bootloader_common_check_long_hold_gpio() function for compatibility
2021-07-05 12:08:36 +08:00
chegewara
fb7234a13d
bootloader: Add selectable level for factory reset pin
...
Closes https://github.com/espressif/esp-idf/pull/7089
2021-07-05 12:08:36 +08:00
Konstantin Kondrashov
f339b3fc96
efuse(esp32): Deprecate esp_efuse_burn_new_values() & esp_efuse_write_random_key()
...
These functions were used only for esp32 in secure_boot and flash encryption.
Use idf efuse APIs instead of efuse regs.
2021-06-17 07:21:36 +08:00
Michael (XIAO Xufeng)
d6680b689b
Merge branch 'feature/s3beta3_crypto_bringup' into 'master'
...
crypto: initial S3 Beta 3 bringup and testing for SHA/AES/RSA/flash enc
Closes IDF-3004
See merge request espressif/esp-idf!12960
2021-05-19 11:22:05 +00:00
Marius Vikhammer
9b4ba3d707
crypto: initial S3 Beta 3 bringup and testing for SHA/AES/RSA/flash enc
2021-05-18 11:25:41 +08:00
Angus Gratton
ede477ea65
paritition_table: Verify the partition table md5sum when loading the app
...
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).
The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
2021-05-18 01:32:59 +00:00
KonstantinKondrashov
4e23f9f3b7
secure_boot_v2: Adds support SB_V2 for ESP32-C3 ECO3
2021-04-07 19:52:44 +08:00
Angus Gratton
e97ae26f48
doc: Mention pre-encrypting on the host is possible in Release mode
...
Closes https://github.com/espressif/esp-idf/issues/5945
2021-04-06 16:58:58 +10:00
Aditya Patwardhan
2095148b31
bootloader/ ESP32_ECO3: Do not disable UART download mode by default
2021-03-23 08:15:32 +00:00
KonstantinKondrashov
95564b4687
secure_boot: Secure Boot V2 verify app signature on update (without Secure boot)
...
- ESP32 ECO3, ESP32-S2/C3/S3
2021-03-15 12:30:20 +00:00
Angus Gratton
6f362b9383
bootloader: Add config options to skip validation of app for minimum boot time
2021-03-10 14:00:46 +11:00
Angus Gratton
cbc58b85e2
Merge branch 'feature/adds_check_in_app_that_flash_enc_is_on' into 'master'
...
bootloader: Adds a check that app is run under FE
Closes IDF-640
See merge request espressif/esp-idf!12368
2021-02-25 22:39:13 +00:00
KonstantinKondrashov
90f2d3199a
secure_boot: Checks secure boot efuses
...
ESP32 V1 and V2 - protection bits.
ESP32xx V2: revoke bits, protection bits
- refactor efuse component
- adds some APIs for esp32 chips as well as for esp32xx chips
2021-02-23 03:56:21 +08:00
KonstantinKondrashov
11a2f2acd3
bootloader: Adds a check that app is run under FE
2021-02-15 20:33:50 +08:00
Angus Gratton
2c39010b3b
Merge branch 'bugfix/anti_rollback_without_test_app' into 'master'
...
bootloader: Anti-rollback mode doesn't run test_app
See merge request espressif/esp-idf!12225
2021-02-09 14:16:51 +08:00
Yann Pomarède
ee400f8b68
bootloader: SECURE_ENABLE_SECURE_ROM_DL_MODE cannot be y when SECURE_DISABLE_ROM_DL_MODE=y
...
Closes: https://github.com/espressif/esp-idf/pull/6442
2021-02-05 18:38:17 +08:00
KonstantinKondrashov
25ac1d4d28
bootloader: Anti-rollback mode doesn't run test_app
...
- Cmake shows an error if the partition table has a test app.
- BOOTLOADER_APP_TEST depends on !BOOTLOADER_APP_ANTI_ROLLBACK.
- Bootloader does not boot the test app if secure version is low.
Closes: https://www.esp32.com/viewtopic.php?f=13&t=19164&p=71302#p71302
2021-02-01 23:24:23 +08:00
Mahavir Jain
e712a91488
spi_flash: add config option to enable encrypted partition read/write
...
This feature can be disabled to save some IRAM (approx 1KB) for cases
where flash encryption feature is not required.
2021-01-28 12:19:21 +00:00
KonstantinKondrashov
98f726fa4b
bootloader/esp32c3: Adds secure boot (not yet supported)
2021-01-19 20:51:13 +08:00