334 Commits

Author SHA1 Message Date
Michael (XIAO Xufeng)
ac6f45d290 bootloader: support unlock MXIC flash chips 2022-06-09 12:41:56 +08:00
Cao Sen Miao
168880fe7b spi_flash: move the unlock patch to bootloader and add support for GD 2022-06-09 12:41:56 +08:00
Michael (XIAO Xufeng)
e5ac1eb83f spi_flash: fix the corruption of ROM after calling bootloader_execute_flash_command
The user register, especially dummy related ones, needs to be restored, otherwise the ROM function will not work.

Introduced in dd40123129bc5670ae081c31d519907f0125e4db.
2022-06-09 12:41:56 +08:00
Michael (XIAO Xufeng)
33a8c60b2c bootloader: add xmc spi_flash startup flow to improve reliability 2022-06-09 12:41:56 +08:00
Michael (XIAO Xufeng)
e1bd7b9d8f bootloader: create public bootloader_flash.h header
Move non-public functions into bootloader_flash_priv.h header
2022-06-09 12:41:56 +08:00
Michael (XIAO Xufeng)
9582cbe5b8 bootloader: fix the WRSR format for ISSI flash chips
1. The 2nd bootloader always call `rom_spiflash_unlock()`, but never help to clear the WEL bit when exit. This may cause system unstability.

   This commit helps to clear WEL when flash configuration is done.

   **RISK:** When the app starts, it didn't have to clear the WEL before it actually write/erase. But now the very first write/erase operation should be done after a WEL clear. Though the risk is little (all the following write/erase also need to clear the WEL), we still have to test this carefully, especially for those functions used by the OTA.

2. The `rom_spiflash_unlock()` function in the patch of ESP32 may (1) trigger the QPI, (2) clear the QE or (3) fail to unlock the ISSI chips.

   Status register bitmap of ISSI chip and GD chip:

| SR | ISSI | GD25LQ32C |
| -- | ---- | --------- |
| 0  | WIP  | WIP       |
| 1  | WEL  | WEL       |
| 2  | BP0  | BP0       |
| 3  | BP1  | BP1       |
| 4  | BP2  | BP2       |
| 5  | BP3  | BP3       |
| 6  | QE   | BP4       |
| 7  | SRWD | SRP0      |
| 8  |      | SRP1      |
| 9  |      | QE        |
| 10 |      | SUS2      |
| 11 |      | LB1       |
| 12 |      | LB2       |
| 13 |      | LB3       |
| 14 |      | CMP       |
| 15 |      | SUS1      |

   QE bit of other chips are at the bit 9 of the status register (i.e. bit 1 of SR2), which should be read by RDSR2 command.

   However, the RDSR2 (35H, Read Status 2) command for chip of other vendors happens to be the QIOEN (Enter QPI mode) command of ISSI chips. When the `rom_spiflash_unlock()` function trys to read SR2, it may trigger the QPI of ISSI chips.

   Moreover, when `rom_spiflash_unlock()` try to clear the BP4 bit in the status register, QE (bit 6) of ISSI chip may be cleared by accident. Or if the ISSI chip doesn't accept WRSR command with argument of two bytes (since it only have status register of one byte), it may fail to clear the other protect bits (BP0~BP3) as expected.

   This commit makes the `rom_spiflash_unlock()` check whether the vendor is issi. if so, `rom_spiflash_unlock()` only send RDSR to read the status register, send WRSR with only 1 byte argument, and also avoid clearing the QE bit (bit 6).

3. `rom_spiflash_unlock()` always send WRSR command to clear protection bits even when there is no protection bit active. And the execution of clearing status registers, which takes about 700us, will also happen even when there's no bits cleared.

   This commit skips the clearing of status register if there is no protection bits active.

Also move the execute_flash_command to be a bootloader API; move
implementation of spi_flash_wrap_set to the bootloader
2022-06-09 12:41:56 +08:00
Michael (XIAO Xufeng)
d87d385e6f bootloader: fixed the issue custom_uart_gpio doesn't take effect 2022-03-02 10:53:30 +08:00
Jiang Jiang Jian
7482ad5139 Merge branch 'bugfix/support_esp32s2_eco1_v4.2' into 'release/v4.2'
esp_phy: Update ESP32S2 phy lib to support eco1 chip(v4.2)

See merge request espressif/esp-idf!16722
2022-02-14 12:40:55 +00:00
chenjianxing
10c604475d esp_phy: Update ESP32S2 phy lib to support eco1 chip 2022-02-10 14:00:53 +08:00
Cao Sen Miao
e59e7e1432 spi_flash: add support for th 1M flash 2022-01-10 11:53:37 +08:00
Mahavir Jain
5cc2eb15c9 Merge branch 'bugfix/bootloader_debug_buffers_v4.2' into 'release/v4.2'
bootloader_support: Fix and re-enable bootloader_debug_buffer function (v4.2)

See merge request espressif/esp-idf!16075
2021-12-07 02:34:42 +00:00
Jiang Jiang Jian
38714c37d1 Merge branch 'feature/adds_fault_injection_protection_for_check_anti_rollback_v4.2' into 'release/v4.2'
bootloader_support: Adds fault injection protection for check_anti_rollback (v4.2)

See merge request espressif/esp-idf!16181
2021-12-06 03:56:33 +00:00
Aditya Patwardhan
bffa30785b secure_boot: Fix warning when UART ROM DL mode is disabled
*Additionally use updated calls to enable rom secure download mode
2021-12-02 21:40:49 +08:00
Mahavir Jain
adda59cc97 bootloader: add anti-FI checks around secure version in anti-rollback scheme 2021-12-02 21:17:27 +08:00
Gustavo Henrique Nihei
8ffd02be29 bootloader_support: Fix and re-enable bootloader_debug_buffer function
The body of the bootloader_debug_buffer function was conditioned to
macros that were never defined, resulting in deactivated code.

Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-11-30 21:02:23 +08:00
Sachin Parekh
527e5abae0 secure_boot/esp32s2: Disable read protecting of efuses
When secure boot is enabled, disable the ability to read protect
efuses that contain the digest.
2021-08-26 12:05:39 +05:30
Angus Gratton
f23c9d94ae bootloader: Fix selection of Quad I/O modes on ESP32-U4WDH chip
Closes https://github.com/espressif/esp-idf/issues/6191
2021-06-09 05:10:21 +00:00
Angus Gratton
fa734e6af8 Merge branch 'bugfix/partition_table_integrity_check_v4.2' into 'release/v4.2'
paritition_table: Verify the partition table md5sum when loading in the app (v4.2)

See merge request espressif/esp-idf!13583
2021-06-03 02:19:11 +00:00
Angus Gratton
f8b9cb2864 paritition_table: Verify the partition table md5sum when loading the app
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).

The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
2021-06-02 06:35:45 +00:00
Angus Gratton
fd50bcf704 bootloader: Fix "skip validate in deep sleep" on ESP32 & ESP32-S2
Regression in 83bf2e1ac1, this memory region was shifted from fast to slow RTC
memory (no change on ESP32-C3 as no RTC fast memory on this chip.)
2021-06-01 19:07:15 +10:00
Mahavir Jain
ec510fdf18 Merge branch 'bugfix/deep_sleep_skip_verify_rtc_mem_heap_v4.2' into 'release/v4.2'
Fix bootloader "skip validate on exiting deep sleep" option if "use RTC memory as heap" is enabled (v4.2)

See merge request espressif/esp-idf!13097
2021-05-03 13:44:06 +00:00
KonstantinKondrashov
4200af3e26 secure_boot_v2: Fix case when BLOCK2 is left blank
Closes: https://github.com/espressif/esp-idf/issues/6886
2021-04-20 23:23:32 +00:00
Angus Gratton
8de16142a5 bootloader: Fix "skip validate on exit deep sleep" when "Use RTC fast memory as heap" is enabled
RTC region used to store boot partition needs to remain reserved in the app.
2021-04-16 10:50:55 +10:00
Michael (XIAO Xufeng)
15f406ddb7 spi_flash: add config option to override flash size in bootloader header
Sometimes the flash size read from bootloader is not correct. This may
forbid SPI Flash driver from reading the the area larger than the size
in bootloader header.

When the new config option is enabled, the latest configured
ESPTOOLPY_FLAHSIZE in the app header will be used to override the value
read from bootloader header.
2021-02-22 23:18:17 +08:00
Mahavir Jain
4d1ada8ab5 Merge branch 'bugfix/misc_secure_boot_v4.2' into 'release/v4.2'
Bugfix/misc secure boot v2 (v4.2)

See merge request espressif/esp-idf!11743
2021-01-22 16:27:10 +08:00
Supreet Deshpande
7453507d93 Secure boot v2: Fixes the issue of passing the flash calculated digest for ota verification. 2021-01-12 11:16:23 +00:00
Supreet Deshpande
b979dacc6c Secure Boot v2: Fix the double padding of the image length during flash encryption
Fixes https://github.com/espressif/esp-idf/issues/6236
2021-01-12 11:16:23 +00:00
Morozov-5F
0e4f43ddde secure boot v2: Fix crash if signature verification fails in app
sha_handle is "finished" when verify_secure_boot_signature() returns and
should be nulled out.

Alternative version of fix submitted in https://github.com/espressif/esp-idf/pull/6210

Closes https://github.com/espressif/esp-idf/pull/6210

Signed-off-by: Angus Gratton <angus@espressif.com>
2021-01-08 18:45:49 +11:00
Supreet Deshpande
dd6405fcef Secure Boot V2: Fix an issue leading to manual enablement of Secure Boot v2.
Fixes https://github.com/espressif/esp-idf/issues/6050
2020-11-13 11:33:29 +05:30
Michael (XIAO Xufeng)
c245db59b6 bootloader_support: fix fix spi flash clock config error
Relates to: https://github.com/espressif/esp-idf/issues/5099
2020-10-28 01:38:14 +00:00
Angus Gratton
b34c658554 esp32s2: Use regi2c registers to enable bootloader RNG 2020-10-21 15:09:22 +11:00
Angus Gratton
3cdf0aa18a esp32s2: Enable 8M clock source for RNG also
Either of these options is sufficient to pass dieharder test suite with
bootloader random output, having both enabled is a bonus.
2020-10-19 10:24:37 +11:00
Angus Gratton
0c320bfb0e esp32s2: Support bootloader_random_enable() 2020-10-19 10:24:37 +11:00
KonstantinKondrashov
af7d6f4d89 bootloader: Fix esp_get_flash_encryption_mode(). RELEASE = (CRYPT_CNT == max) or (CRYPT_CNT.write_protect == true)
If the CRYPT_CNT efuse is max it means the same as a write protection bit for this efuse.

Closes: https://github.com/espressif/esp-idf/issues/5747
2020-10-15 02:36:04 +00:00
Angus Gratton
57ce9c2f06 Merge branch 'bugfix/bootloader_anti_rollback_mmap_v4.2' into 'release/v4.2'
bootloader_support: fix issue in memory mapping for getting app descriptor (v4.2)

See merge request espressif/esp-idf!10734
2020-10-14 10:44:00 +08:00
Mahavir Jain
93aeac9728 bootloader_support: fix issue in memory mapping for getting app descriptor
For getting secure_version field in anti rollback case, bootloader tries
to map whole firmware partition but fails for cases where partition size
is beyond available MMU free pages capacity.

Fix here ensures to map only required length upto application descriptor
size in firmware partition.

Closes https://github.com/espressif/esp-idf/issues/5911
2020-10-06 08:49:49 +05:30
Supreet Deshpande
a04d6e7f63 Secure Boot V2: Fixes the OTA regression with secure boot in ESP32-V3
Closes https://github.com/espressif/esp-idf/issues/5905
2020-09-25 14:21:07 +05:30
Angus Gratton
f536db1782 Merge branch 'feature/secure_boot_esp32s2_v4.2' into 'release/v4.2'
Feature/secure boot esp32s2 v4.2

See merge request espressif/esp-idf!9958
2020-09-25 07:31:45 +08:00
Supreet Deshpande
7d57165922 Update to compatible crc & SBv2 enable check api's 2020-09-15 11:29:26 +05:30
Angus Gratton
1c6c6eceb5 secure boot: Fixes for ESP32-S2 first boot logic 2020-09-15 11:23:51 +05:30
Angus Gratton
762e8d5f84 bootloader esp32s2: Fix return type of ROM function signature verification 2020-09-15 11:23:51 +05:30
Supreet Deshpande
0f82fe105c Secure boot v2 support for ESP32-S2 2020-09-15 11:23:51 +05:30
Ivan Grokhotkov
93a3beafb8 bootloader_support: don't check signature when JTAG is attached
If an insecure configuration is enabled (no hardware secure boot, just
software signature check), skip the signature check in bootloader if
JTAG debugger is attached. This allows the debugger to set breakpoints
in Flash before the application runs.

Closes https://github.com/espressif/esp-idf/issues/4734
Closes https://github.com/espressif/esp-idf/issues/4878
2020-09-09 23:39:51 +02:00
Angus Gratton
a2d20f9412 Merge branch 'bugfix/bootloader_common_get_sha256_of_partition_v4.2' into 'release/v4.2'
bootloader_support: Fix bootloader_common_get_sha256_of_partition(), can handle a long image (v4.2)

See merge request espressif/esp-idf!9952
2020-08-24 13:36:09 +08:00
KonstantinKondrashov
d87d9a714e efuse: Add some fields in efuse_table and update esp_efuse_get_pkg_ver()
Closes: IDF-1077
2020-08-10 15:59:02 +08:00
KonstantinKondrashov
2620942568 bootloader_support: Fix bootloader_common_get_sha256_of_partition, can handle a long image
Closes: IDFGH-3594
2020-08-07 08:49:18 +00:00
Angus Gratton
a94685a222 esp32: Use package identifier to look up SPI flash/PSRAM WP Pin, unless overridden
Allows booting in QIO/QOUT mode or with PSRAM on ESP32-PICO-V3 and
ESP32-PICO-V3-O2 without any config changes.

Custom WP pins (needed for fully custom circuit boards) should still be compatible.
2020-07-24 21:45:31 +08:00
chenjianqiang
55a1bd0fb6 feat(esp32): support for esp32-pico-v3-02 2020-07-24 21:20:27 +08:00
Angus Gratton
ae35b6abcd Merge branch 'bugfix/bootloader_header_align_v4.2' into 'release/v4.2'
bootloader: Force bootloader_image_hdr to be word aligned (v4.2)

See merge request espressif/esp-idf!9069
2020-06-24 20:33:47 +08:00
KonstantinKondrashov
a6ac0e8a51 esp32: Reduce using ESP_EARLY_LOGx and move some code after the stdout initialization
After setting _GLOBAL_REENT, ESP_LOGIx can be used instead of ESP_EARLY_LOGx.

Closes: https://github.com/espressif/esp-idf/issues/5343
2020-06-17 13:40:42 +08:00