Sachin Parekh
8ff3dbc05d
secure_boot: Added Kconfig option for aggressive key revoke
...
Applicable to S2, C3, and S3
2021-10-22 12:20:14 +05:30
Mahavir Jain
8c3287e0db
Merge branch 'docs/add_note_for_esp32_sec_dl_mode' into 'master'
...
bootloader: add note about secure download mode for ESP32 target
Closes IDFGH-5857
See merge request espressif/esp-idf!15304
2021-09-30 04:00:50 +00:00
Mahavir Jain
3cff291f95
bootloader: add note about secure download mode for ESP32 target
...
Closes IDFGH-5857
Closes https://github.com/espressif/esp-idf/issues/7557
2021-09-22 15:37:40 +05:30
Sachin Parekh
c4e445b6f3
secure_boot: Enable --no-stub if secure boot enabled
...
ROM code doesn't allow loader stub to be executed in case secure boot in
enabled. Providing --no-stub flag to esptool allows user to flash new
firmware, given download mode hasn't been disabled
2021-09-22 12:45:46 +05:30
Sachin Parekh
2d82560ed5
bootloader: Enable Secure boot V2 for ESP32-S3
2021-08-19 14:08:12 +05:30
Mahavir Jain
012c9e26a4
Merge branch 'fixes/secure_boot' into 'master'
...
secure_boot/esp32(s2,c3): Disable read protecting of efuses
See merge request espressif/esp-idf!14769
2021-08-17 05:05:00 +00:00
Sachin Parekh
f430e86c0f
secure_boot/esp32(s2,c3): Disable read protecting of efuses
...
When secure boot is enabled, disable the ability to read protect
efuses that contain the digest.
2021-08-13 13:41:59 +05:30
Michael (XIAO Xufeng)
dd40123129
bootloader: add xmc spi_flash startup flow to improve reliability
2021-08-12 17:22:42 +08:00
Angus Gratton
072232a934
docs: Expand bootloader section
...
- Cover customization options
- Cross-link to the "general notes" section which explains the low-level details
Closes IDF-313
2021-07-13 17:33:53 +10:00
Angus Gratton
6bbb58c8c2
bootloader: Small cleanup and docs for factory reset level config
...
- Add to docs & config descriptions
- Change to a "choice" to become self-documenting
- Keep the bootloader_common_check_long_hold_gpio() function for compatibility
2021-07-05 12:08:36 +08:00
chegewara
fb7234a13d
bootloader: Add selectable level for factory reset pin
...
Closes https://github.com/espressif/esp-idf/pull/7089
2021-07-05 12:08:36 +08:00
Konstantin Kondrashov
f339b3fc96
efuse(esp32): Deprecate esp_efuse_burn_new_values() & esp_efuse_write_random_key()
...
These functions were used only for esp32 in secure_boot and flash encryption.
Use idf efuse APIs instead of efuse regs.
2021-06-17 07:21:36 +08:00
Michael (XIAO Xufeng)
d6680b689b
Merge branch 'feature/s3beta3_crypto_bringup' into 'master'
...
crypto: initial S3 Beta 3 bringup and testing for SHA/AES/RSA/flash enc
Closes IDF-3004
See merge request espressif/esp-idf!12960
2021-05-19 11:22:05 +00:00
Marius Vikhammer
9b4ba3d707
crypto: initial S3 Beta 3 bringup and testing for SHA/AES/RSA/flash enc
2021-05-18 11:25:41 +08:00
Angus Gratton
ede477ea65
paritition_table: Verify the partition table md5sum when loading the app
...
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).
The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
2021-05-18 01:32:59 +00:00
KonstantinKondrashov
4e23f9f3b7
secure_boot_v2: Adds support SB_V2 for ESP32-C3 ECO3
2021-04-07 19:52:44 +08:00
Angus Gratton
e97ae26f48
doc: Mention pre-encrypting on the host is possible in Release mode
...
Closes https://github.com/espressif/esp-idf/issues/5945
2021-04-06 16:58:58 +10:00
Aditya Patwardhan
2095148b31
bootloader/ ESP32_ECO3: Do not disable UART download mode by default
2021-03-23 08:15:32 +00:00
KonstantinKondrashov
95564b4687
secure_boot: Secure Boot V2 verify app signature on update (without Secure boot)
...
- ESP32 ECO3, ESP32-S2/C3/S3
2021-03-15 12:30:20 +00:00
Angus Gratton
6f362b9383
bootloader: Add config options to skip validation of app for minimum boot time
2021-03-10 14:00:46 +11:00
Angus Gratton
cbc58b85e2
Merge branch 'feature/adds_check_in_app_that_flash_enc_is_on' into 'master'
...
bootloader: Adds a check that app is run under FE
Closes IDF-640
See merge request espressif/esp-idf!12368
2021-02-25 22:39:13 +00:00
KonstantinKondrashov
90f2d3199a
secure_boot: Checks secure boot efuses
...
ESP32 V1 and V2 - protection bits.
ESP32xx V2: revoke bits, protection bits
- refactor efuse component
- adds some APIs for esp32 chips as well as for esp32xx chips
2021-02-23 03:56:21 +08:00
KonstantinKondrashov
11a2f2acd3
bootloader: Adds a check that app is run under FE
2021-02-15 20:33:50 +08:00
Angus Gratton
2c39010b3b
Merge branch 'bugfix/anti_rollback_without_test_app' into 'master'
...
bootloader: Anti-rollback mode doesn't run test_app
See merge request espressif/esp-idf!12225
2021-02-09 14:16:51 +08:00
Yann Pomarède
ee400f8b68
bootloader: SECURE_ENABLE_SECURE_ROM_DL_MODE cannot be y when SECURE_DISABLE_ROM_DL_MODE=y
...
Closes: https://github.com/espressif/esp-idf/pull/6442
2021-02-05 18:38:17 +08:00
KonstantinKondrashov
25ac1d4d28
bootloader: Anti-rollback mode doesn't run test_app
...
- Cmake shows an error if the partition table has a test app.
- BOOTLOADER_APP_TEST depends on !BOOTLOADER_APP_ANTI_ROLLBACK.
- Bootloader does not boot the test app if secure version is low.
Closes: https://www.esp32.com/viewtopic.php?f=13&t=19164&p=71302#p71302
2021-02-01 23:24:23 +08:00
Mahavir Jain
e712a91488
spi_flash: add config option to enable encrypted partition read/write
...
This feature can be disabled to save some IRAM (approx 1KB) for cases
where flash encryption feature is not required.
2021-01-28 12:19:21 +00:00
KonstantinKondrashov
98f726fa4b
bootloader/esp32c3: Adds secure boot (not yet supported)
2021-01-19 20:51:13 +08:00
Angus Gratton
66fb5a29bb
Whitespace: Automated whitespace fixes (large commit)
...
Apply the pre-commit hook whitespace fixes to all files in the repo.
(Line endings, blank lines at end of file, trailing whitespace)
2020-11-11 07:36:35 +00:00
morris
9de6cba434
ci: add more build test for esp32-s3
2020-10-27 17:22:17 +08:00
KonstantinKondrashov
5f975a8168
bootloader: Change range of the factory reset pin in Kconfig
...
Closes: https://github.com/espressif/esp-idf/issues/5489
2020-10-20 21:28:37 +08:00
me-no-dev
b64fd872bc
Allow esptool's download stub to be disabled by other options and applications
...
Currently USB CDC Download requires the `--no-stub` option of `esptool`. This change inverts the Kconfig option to negative, so that it can be `selected` by other options or enabled in applications through `sdkconfig.defaults`.
2020-09-16 03:25:53 +00:00
Supreet Deshpande
e640e148cf
Secure boot v2 support for ESP32-S2
2020-07-27 00:01:10 +00:00
Angus Gratton
3755fb6597
Merge branch 'feature/add_esp32s3_bootloader_ld_file' into 'master'
...
move part of esp32-s3 codes to master (bootloader linker, esp32s3 empty componnet)
See merge request espressif/esp-idf!9608
2020-07-21 14:51:04 +08:00
Angus Gratton
5c58564f90
Merge branch 'feature/support_for_esp32_pico_v3_02' into 'master'
...
psram: support for esp32-pico-v3-02
See merge request espressif/esp-idf!9405
2020-07-21 13:28:26 +08:00
Angus Gratton
c09fdc0b09
esp32: Use package identifier to look up SPI flash/PSRAM WP Pin, unless overridden
...
Allows booting in QIO/QOUT mode or with PSRAM on ESP32-PICO-V3 and
ESP32-PICO-V3-O2 without any config changes.
Custom WP pins (needed for fully custom circuit boards) should still be compatible.
2020-07-20 14:08:49 +08:00
morris
b587428e5d
bootloader: make bootloader offset address in flash configurable
2020-07-20 10:51:05 +08:00
Ivan Grokhotkov
eff6a1eaab
bootloader: fix SECURE_TARGET_HAS_SECURE_ROM_DL_MODE enabled for esp32
2020-07-17 21:04:08 +02:00
Angus Gratton
f64ae4fa99
efuse: Add 'disable Download Mode' & ESP32-S2 'Secure Download Mode' functionality
2020-05-28 17:50:45 +10:00
Felipe Neves
6f27992430
flash_encryption: return more clear error codes when bootloader encryption fails
2020-04-24 12:43:47 -03:00
Felipe Neves
b3d8847406
flash_encryption: added wdt feed during encryption process to avoid undesired reset.
2020-04-24 12:43:47 -03:00
Felipe Neves
7635dce502
bootloader/flash_encrypt: added esp32s2 flash encryption code on build system and enabled example
...
flash_enctryption: enabled flash encryption example on esp32s2
bootloader: raise WDT overflow value providing sufficient interval to encrypt app partition
flash_ encrypt: Fixed the TODOs on flash encryption key generation for esp32s2
flash_encryption: added secure boot features to flash enctryption for esp32s2
bootloader: leave only esp32s2 compatible potentially insecure options on menuconfig.
flash_encryption: removed secure boot version 1 from esp32s2 encryption code
flash_encryption: added CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED option for esp32s2
flash_encryption: fixed the count of left plaintext flash
flash_encryption: disable dcache and icache download when using encryption in release mode
flash_encryption: add cache potentally insecure options for s2 chips
flash_encryption: fixed bug which bricked some chips in relase mode
2020-04-24 12:43:47 -03:00
Angus Gratton
142f69448f
secure boot v2: esp32: Prevent read disabling additional efuses
...
Also reduce the number of eFuse write cycles during first boot when
Secure Boot and/or Flash Encryption are enabled.
2020-03-30 18:00:40 +11:00
Angus Gratton
26efc5a6d0
bootloader: Set the bootloader optimization level separately to the app
...
Change the default bootloader config to -Os to save size.
This is a useful feature because it allows switching between debug
and release configs in the app without also needing to account for a
size change in the bootloader.
2020-02-27 14:38:52 +05:30
Supreet Deshpande
a9ccc5e5c8
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-02-25 01:28:22 +05:30
morris
e30cd361a8
global: rename esp32s2beta to esp32s2
2020-01-22 12:14:38 +08:00
Ivan Grokhotkov
5830f529d8
Merge branch 'master' into feature/esp32s2beta_merge
2019-10-02 19:01:39 +02:00
Roland Dobai
833822c10b
Fix Kconfig issues discovered by upstream Kconfiglib
2019-09-23 16:10:57 +02:00
KonstantinKondrashov
6f102125b4
bootloader: Add support esp32s2beta
2019-09-20 16:57:33 +10:00
Angus Gratton
438d513a95
Merge branch 'master' into feature/esp32s2beta_merge
2019-09-16 16:18:48 +10:00