Commit Graph

16 Commits

Author SHA1 Message Date
Michael (XIAO Xufeng)
fefdee1349 bootloader: fix the WRSR format for ISSI flash chips
1. The 2nd bootloader always call `rom_spiflash_unlock()`, but never help to clear the WEL bit when exit. This may cause system unstability.

   This commit helps to clear WEL when flash configuration is done.

   **RISK:** When the app starts, it didn't have to clear the WEL before it actually write/erase. But now the very first write/erase operation should be done after a WEL clear. Though the risk is little (all the following write/erase also need to clear the WEL), we still have to test this carefully, especially for those functions used by the OTA.

2. The `rom_spiflash_unlock()` function in the patch of ESP32 may (1) trigger the QPI, (2) clear the QE or (3) fail to unlock the ISSI chips.

   Status register bitmap of ISSI chip and GD chip:

| SR | ISSI | GD25LQ32C |
| -- | ---- | --------- |
| 0  | WIP  | WIP       |
| 1  | WEL  | WEL       |
| 2  | BP0  | BP0       |
| 3  | BP1  | BP1       |
| 4  | BP2  | BP2       |
| 5  | BP3  | BP3       |
| 6  | QE   | BP4       |
| 7  | SRWD | SRP0      |
| 8  |      | SRP1      |
| 9  |      | QE        |
| 10 |      | SUS2      |
| 11 |      | LB1       |
| 12 |      | LB2       |
| 13 |      | LB3       |
| 14 |      | CMP       |
| 15 |      | SUS1      |

   QE bit of other chips are at the bit 9 of the status register (i.e. bit 1 of SR2), which should be read by RDSR2 command.

   However, the RDSR2 (35H, Read Status 2) command for chip of other vendors happens to be the QIOEN (Enter QPI mode) command of ISSI chips. When the `rom_spiflash_unlock()` function trys to read SR2, it may trigger the QPI of ISSI chips.

   Moreover, when `rom_spiflash_unlock()` try to clear the BP4 bit in the status register, QE (bit 6) of ISSI chip may be cleared by accident. Or if the ISSI chip doesn't accept WRSR command with argument of two bytes (since it only have status register of one byte), it may fail to clear the other protect bits (BP0~BP3) as expected.

   This commit makes the `rom_spiflash_unlock()` check whether the vendor is issi. if so, `rom_spiflash_unlock()` only send RDSR to read the status register, send WRSR with only 1 byte argument, and also avoid clearing the QE bit (bit 6).

3. `rom_spiflash_unlock()` always send WRSR command to clear protection bits even when there is no protection bit active. And the execution of clearing status registers, which takes about 700us, will also happen even when there's no bits cleared.

   This commit skips the clearing of status register if there is no protection bits active.

Also move the execute_flash_command to be a bootloader API; move
implementation of spi_flash_wrap_set to the bootloader
2020-09-19 10:51:51 +08:00
Renz Bagaporo
14902da344 esp32: move disabling rom log to esp_rom 2020-08-17 19:08:56 +08:00
Angus Gratton
a2dc60b254 Merge branch 'feature/secure_boot_esp32s2' into 'master'
Feature/secure boot esp32s2

See merge request espressif/esp-idf!8254
2020-07-28 16:39:34 +08:00
morris
2917651478 esp_rom: extract common ets apis into esp_rom_sys.h 2020-07-27 15:27:01 +08:00
Angus Gratton
a91bd4078f secure boot: Fixes for ESP32-S2 first boot logic 2020-07-27 00:01:10 +00:00
morris
345606e7f3 esp_rom: extract common uart apis into esp_rom_uart.h 2020-07-17 16:00:59 +08:00
Ivan Grokhotkov
4f8c42ca73 esp_rom: add patch to set USB device serial descriptor to MAC address 2020-06-24 15:50:51 +02:00
Ivan Grokhotkov
4901917ea3 esp_rom: add USB related headers from the ROM code 2020-06-24 15:50:51 +02:00
morris
a34409cffc esp_rom: extract common CRC apis into esp_rom_crc.h 2020-06-23 16:40:14 +08:00
morris
0daff849a4 esp_rom: remove unsupported library on esp32s2
Closes https://github.com/espressif/esp-idf/issues/5434
2020-06-11 21:40:08 +08:00
morris
9cc0f33ed5 esp_rom: add esp32s3 rom symbols 2020-06-11 21:40:08 +08:00
Angus Gratton
d40c69375c bootloader: Add fault injection resistance to Secure Boot bootloader verification
Goal is that multiple faults would be required to bypass a boot-time signature check.

- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32

Add some additional checks for invalid sections:

- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
2020-02-27 14:37:19 +05:30
Michael (XIAO Xufeng)
278634dcbd sdspi: support crc16_be for esp32s2 2020-02-12 15:15:46 +08:00
Wangjialin
aaf119e930 flash(esp32s2): fix setting address field in spi user mode. 2020-02-07 16:10:51 +01:00
morris
405b0e7f06 esp_rom: splict libgcc and libc outof rom.ld bundle file 2020-01-23 00:27:47 +08:00
morris
e30cd361a8 global: rename esp32s2beta to esp32s2 2020-01-22 12:14:38 +08:00