Commit Graph

412 Commits

Author SHA1 Message Date
KonstantinKondrashov
6f102125b4 bootloader: Add support esp32s2beta 2019-09-20 16:57:33 +10:00
Angus Gratton
adfc06a530 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-20 10:28:37 +10:00
Angus Gratton
83680bd96b Merge branch 'feature/esp32s2beta' into feature/esp32s2beta_merge 2019-09-19 21:08:20 +10:00
Jiang Jiang Jian
d78831ab2b Merge branch 'bugfix/remove_v40_deprecations' into 'master'
Remove features deprecated before ESP-IDF V4.0

Closes IDF-507

See merge request espressif/esp-idf!5841
2019-09-19 16:07:01 +08:00
suda-morris
dd248ffc32 Add chip revision into image header
Check chip id and chip revision before boot app image

Closes https://github.com/espressif/esp-idf/issues/4000
2019-09-16 18:13:53 +08:00
Angus Gratton
438d513a95 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-16 16:18:48 +10:00
Angus Gratton
62c06047da bootloader_support: Remove deprecated partition load/verify functions
Deprecated since v3.2
2019-09-13 09:44:07 +10:00
KonstantinKondrashov
d3637cd06b rtc_wdt: re-enable RTC_WDT 2019-09-13 00:03:52 +08:00
Angus Gratton
b547aef2a0 flash encryption: Ensure flash encryption can't be disabled if Secure Boot is on 2019-09-10 11:28:11 +10:00
Li Shuai
bd29202520 1. Fix backtrace is incomplete
2. Optimization code style
2019-09-05 18:40:33 +08:00
Angus Gratton
abd6d40796 secure boot: Ensure mbedTLS enables ECDSA if signatures are checked in app
and all ECDSA to be disabled if secure boot is not enabled

Previously if ECDSA disabled in config then secure_boot_signatures.c would
fail to build (whether or not secure boot was enabled).

To avoid breaking apps that might be using the signature scheme with custom OTA
without enabling secure boot signatures in config, this change just disables
this functionality if unavailable in mbedTLS config.

Possible fix for root cause of https://github.com/espressif/esp-idf/pull/3703
2019-08-30 14:56:11 +10:00
Angus Gratton
06898325e6 Merge branch 'bugfix/bootloader_efuse_build_regression' into 'master'
bootloader: add definition of esp_clk_apb_freq

Closes IDFGH-1734

See merge request espressif/esp-idf!5913
2019-08-29 08:35:48 +08:00
Angus Gratton
a21ca2270a Merge branch 'feature/deep_sleep_fast_wake' into 'master'
bootloader: Reduce the time spent in image validation when waking from deep sleep

See merge request espressif/esp-idf!5140
2019-08-28 08:54:28 +08:00
Ivan Grokhotkov
fb72a6f629 bootloader: add definition of esp_clk_apb_freq
Commit 8cd04c80 has added a dependency of efuse component on
esp_clk_apb_freq, however there was no definition of this function in
the bootloader context.

Reported at https://esp32.com/viewtopic.php?f=13&t=12035
2019-08-27 12:01:11 +02:00
Ivan Grokhotkov
12c9d9a564 spi_flash: remove duplicate definition of spi_flash_unlock
The other (static) definition is in flash_ops.c, all references are
also in flash_ops.c.
2019-08-23 12:37:55 +08:00
KonstantinKondrashov
c543aac91e bootloader: API for the fast wakeup and custom using RTC mem
Added "Reserve RTC FAST memory for custom purposes" option.
Added a boot counter.
2019-08-21 11:44:37 +00:00
Tim Nordell
43393cf4d1 bootloader: Support for skipping validation upon wake from deep sleep
This saves time when waking up from deep sleep, but potentially decreases
the security of the system.  If the application able to modify itself
(especially areas that are loaded into RAM) in flash while running
without crashing or is modifies the cached bits of information about
what was last booted from the bootloader, this could cause security
issues if the user does a "deep sleep reset" since the full validation
is skipped.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Tim Nordell
82984f0539 bootloader: Do not obfuscate RAM if we are not doing image validation
No need to take this step if we are not doing image validation.  The
obfuscation only buys us a tiny bit of "security" anyways since the
main parts of flash are memory mapped, too.  This saves a little bit of
wake-up time when waking up from deep sleep when the
BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP option is set.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Tim Nordell
1e32fa2cf7 bootloader: Remove extraneous newlines from some debug statements
ESP_LOGD(...) provides its own new lines so remove these from these
debug strings.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Angus Gratton
6990a7cd54 Merge branch 'master' into feature/esp32s2beta_update 2019-08-19 15:03:43 +10:00
Angus Gratton
18c5cfadae Fix function prototypes 2019-08-13 17:14:16 +10:00
Angus Gratton
eb7ad6ca17 bootloader: Fix SPI dummy clock settings for ESP32S2-beta 2019-08-13 17:14:16 +10:00
Angus Gratton
309376f51a spi_flash: Force legacy mode for ESP32-S2
Can be removed once IDF-763 is merged
2019-08-13 17:14:16 +10:00
Angus Gratton
8f74271d5d esp_rom: Fail immediately if the wrong SoC's header file is included 2019-08-12 16:57:40 +10:00
Michael (XIAO Xufeng)
264ffbeb14 timer_group: use the LL 2019-08-09 13:46:31 +08:00
Angus Gratton
04ae56806c Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 15:26:58 +10:00
Angus Gratton
24d26fccde Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00
fuzhibo
572084821b add Comment for touchpad 2019-08-07 11:39:17 +08:00
fuzhibo
b055bff580 1.update touch driver; 2.update adc/dac driver; 3.add temp sensor driver; 2019-08-05 16:21:18 +08:00
Michael Zimmermann
74a459dd3d make code conform to Wstrict-prototypes
Merges https://github.com/espressif/esp-idf/pull/2937
2019-08-01 16:28:56 +07:00
Anton Maklakov
afbaf74007 tools: Mass fixing of empty prototypes (for -Wstrict-prototypes) 2019-08-01 16:28:56 +07:00
chenjianqiang
d77c74770a bugfix(flash): add flash config in app startup
We fixed some flash bugs in bootloader, but for the users used the old
vrsion bootloader, they can not fix these bugs via OTA, the solution is
add these updates in app startup.

These updates include:
1. SPI flash gpio matrix and drive strength configuration
2. SPI flash clock configuration
3. SPI flash read dummy configuration
4. SPI flash cs timing configuration
5. Update flash id of g_rom_flashchip
2019-07-18 14:40:59 +08:00
Angus Gratton
409181361f Merge branch 'bugfix/fix_flash_read_error_in_dio_26MHz_mode' into 'master'
bugfix(flash): fix flash read error in DIO/26MHz mode

See merge request espressif/esp-idf!5381
2019-07-10 08:13:35 +08:00
chenjianqiang
266baa8839 bugfix(flash): fix flash read error in DIO/26MHz mode 2019-07-08 01:50:07 +00:00
Michael (XIAO Xufeng)
25ab8380c8 ci: support to build esp32s2beta simple examples 2019-07-08 09:16:06 +08:00
chenjianqiang
d6c40c7c1d bugfix(flash): improve spi cs timing settings for flash
cs setup time is recomemded to be 1.5T, and cs hold time is recommended to be 2.5T.
(cs_setup = 1, cs_setup_time = 0; cs_hold = 1, cs_hold_time = 1)
2019-07-05 21:21:17 +08:00
Vikram Dattu
4b42f535ed Add mmu pages available check in non-secure image hash check path.
Made MMU pages available check in `esp_image_format.c`
This now makes it possible to map and process bootoader image as well in chunks when image doesn't fit completely into available free pages.

Signed-off-by: Vikram Dattu <vikram.dattu@espressif.com>
2019-07-01 20:04:15 +00:00
Vikram Dattu
eb99b27f2e Bugfix: ota fails with secure boot on for image size greater than 3.2MB
When an OTA image size is larger than 50 MMU pages (approx. 3.2 MB), secure_boot_generate fails while trying to map it into memory:
https://gitlab.espressif.cn:6688/idf/esp-idf/blob/master/components/bootloader_support/src/esp32/secure_boot.c#L72
Instead of trying to map the whole image, secure boot code should split the image into chunks and map them one by one, like it is done in esp_image_format.c:
https://gitlab.espressif.cn:6688/idf/esp-idf/blob/master/components/bootloader_support/src/esp_image_format.c#L372

Closes https://jira.espressif.com:8443/browse/IDF-709

Signed-off-by: Vikram Dattu <vikram.dattu@espressif.com>
2019-07-01 20:04:15 +00:00
Hemal Gujarathi
a68c7c21e1 Improve flash encryption documentation and add Development & Release modes
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
2019-06-25 23:41:18 +00:00
suda-morris
3f7a571c90 fix errors when ci testing for esp32 2019-06-19 15:31:47 +08:00
Wang Jia Lin
e2d1c6234f Merge branch 'bugfix/improve_flash_dio_read_timing' into 'master'
bugfix(flash): fix flash dio read mode configuration error on SPI0

See merge request idf/esp-idf!5086
2019-06-14 12:10:46 +08:00
suda-morris
4a79d750a5 clean up build warnings 2019-06-11 13:07:37 +08:00
Angus Gratton
8d949c3c9d esp32s2beta: Apply new Kconfig names to esp32s2beta
Still using ESP32_xxx prefix on all chips: CORE_DUMP, APP_TRACE

Still using the same config prefix and duplicate names in esp32 & esp32s2beta: SPIRAM, PM
2019-06-11 13:07:37 +08:00
Ivan Grokhotkov
73b30af2b3 confgen.py: don't output compatibility definitions for options which are not defined
For example, if a renamed option CONFIG_NEW is a bool with value "n", kconfiglib will not generate a define for it in the Kconfig file. The define (#define CONFIG_NEW 1) will only be generated if the option is "y" or "m".
However the compatibility definition was always generated: #define CONFIG_OLD CONFIG_NEW. This broke the #ifdef checks which depended on the old option names.
2019-06-11 13:07:37 +08:00
suda-morris
84b2f9f14d build and link hello-world for esp32s2beta 2019-06-11 13:07:37 +08:00
suda-morris
61ce868396 make bootloader_support support esp32s2beta 2019-06-11 13:07:02 +08:00
Angus Gratton
c9bf3a3b17 Merge branch 'bugfix/remove_secure_boot_test_mode' into 'master'
remove secure boot test mode

See merge request idf/esp-idf!5059
2019-06-11 07:25:07 +08:00
Konstantin Kondrashov
399d2d2605 all: Using xxx_periph.h
Using xxx_periph.h in whole IDF instead of xxx_reg.h, xxx_struct.h, xxx_channel.h ... .

Cleaned up header files from unnecessary headers (releated to soc/... headers).
2019-06-03 14:15:08 +08:00
Angus Gratton
30d9ee56fb Merge branch 'feature/config_spi_pins_based_on_efuse_value' into 'master'
feat(psram): config SPI psram pins based on efuse value

See merge request idf/esp-idf!4950
2019-05-31 16:15:56 +08:00
Angus Gratton
73b90387cb Merge branch 'bugfix/reset_log_uart_port' into 'master'
esp32: Add reset CONSOLE_UART port

See merge request idf/esp-idf!5011
2019-05-29 14:28:37 +08:00
chenjianqiang
db138ae19b feat(psram): config SPI psram pins based on efuse value 2019-05-28 21:25:16 +08:00
chenjianqiang
d68f1907ef bugfix(flash): improve flash dio read timing
When flash work in DIO Mode, in order to ensure the fast read mode of flash
is a fixed value, we merged the mode bits into address part, and the fast
read mode value is 0 (the default value).
2019-05-28 14:51:04 +08:00
hemal.gujarathi
865b24144e remove secure boot test mode 2019-05-23 14:13:08 +05:30
Roland Dobai
1ad2283641 Rename Kconfig options (components/bootloader) 2019-05-21 09:32:55 +02:00
Roland Dobai
997b29a9ca Rename Kconfig options (components/esptool_py) 2019-05-21 09:32:55 +02:00
Roland Dobai
0ae53691ba Rename Kconfig options (components/esp32) 2019-05-21 09:09:01 +02:00
Konstantin Kondrashov
be6f5563b4 esp32: Add reset uart
Fixed the case when the first part of log was missed
this was happened when:
 * CONFIG_CONSOLE_UART_CUSTOM option is selected (UART1)
 * The selected CONSOLE_UART port is used also for the console component
 * in code esp_restart() or abort() functions were called.
2019-05-21 06:18:28 +00:00
Konstantin Kondrashov
98c77cebb2 bootloader_support: Fix UART RXD pin for console output (CUSTOM option)
The RXD pin is assigned as input (fix for custom uart option).

Closes: https://github.com/espressif/esp-idf/issues/2843

Closes: IDFGH-505
2019-05-16 11:18:56 +00:00
Angus Gratton
fe2565f5d7 Merge branch 'feature/make_bootloader_support_target_dependent' into 'master'
make bootloader_support depend on IDF_TARGET

See merge request idf/esp-idf!4798
2019-04-26 15:36:48 +08:00
suda-morris
3f2d6a0891 make bootloader_support depend on IDF_TARGET
1. move chip-specific code(e.g. encryption) into IDF_TARGET directory
2. splict app-only code to idf directory which won't be compiled into bootloader
2019-04-16 17:37:56 +08:00
Michael (XIAO Xufeng)
562af8f65e global: move the soc component out of the common list
This MR removes the common dependency from every IDF components to the SOC component.

Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components.
But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components.

In CMAKE, we have two kinds of header visibilities (set by include path visibility):

(Assume component A --(depends on)--> B, B is the current component)

1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B)
2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only)

and we have two kinds of depending ways:

(Assume component A --(depends on)--> B --(depends on)--> C, B is the current component)

1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B)
2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B)

1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default.
2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it.
3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers
4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link)

This is a breaking change. Previous code may depends on the long include chain.
You may need to include the following headers for some files after this commit:

- soc/soc.h
- soc/soc_memory_layout.h
- driver/gpio.h
- esp_sleep.h

The major broken include chain includes:

1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h.
2. ets_sys.h no longer includes soc/soc.h
3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h

some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h

BREAKING CHANGE
2019-04-16 13:21:15 +08:00
Anurag Kar
62b0d51c02 Enable secure boot only after encrypting flash
This prevents a device from being bricked in case when both secure boot & flash encryption are enabled and encryption gets interrupted during first boot. After interruption, all partitions on the device need to be reflashed (including the bootloader).

List of changes:
* Secure boot key generation and bootloader digest generation logic, implemented inside function esp_secure_boot_permanently_enable(), has been pulled out into new API esp_secure_boot_generate_digest(). The enabling of R/W protection of secure boot key on EFUSE still happens inside esp_secure_boot_permanently_enable()
* Now esp_secure_boot_permanently_enable() is called only after flash encryption process completes
* esp_secure_boot_generate_digest() is called before flash encryption process starts
2019-04-10 18:17:58 +05:30
Angus Gratton
8e91677701 Merge branch 'bugfix/bootloader_flash_crypt_cnt_ff' into 'master'
flash encryption: reduce FLASH_CRYPT_CNT bit width to 7 bits

See merge request idf/esp-idf!4642
2019-04-09 08:10:06 +08:00
Angus Gratton
4b4cd7fb51 efuse/flash encryption: Reduce FLASH_CRYPT_CNT to a 7 bit efuse field
8th bit is not used by hardware.

As reported https://esp32.com/viewtopic.php?f=2&t=7800&p=40895#p40894
2019-04-03 14:07:20 +11:00
Mahavir Jain
202f689baa bootloader: use mbedTLS for secure boot verification in firmware 2019-04-01 15:46:52 +05:30
morris
c159984264 separate rom from esp32 component to esp_rom
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
2019-03-21 18:51:45 +08:00
morris
fae39dc326 merge esp_flash_data_types into esp_flash_partitions 2019-03-18 08:51:55 +00:00
Angus Gratton
1cc726b2a3 secure boot: Use mbedtls_sha256() not esp_sha()
Latter is probably compiled into most firmwares already, saves some size.

Ref https://github.com/espressif/esp-idf/issues/3127
2019-03-14 05:56:06 +00:00
Konstantin Kondrashov
509e1264b9 efuse: Fix to pass CI tests 2019-02-28 07:31:29 +00:00
Ivan Grokhotkov
8cc6226051 soc: define named constants for DPORT_CPUPERIOD_SEL values 2019-02-26 17:07:59 +08:00
Ivan Grokhotkov
178e5b25e6 bootloader: check previously used clock frequency at run time
In the situation when bootloader was compiled for 240MHz, and app was
compiled for 160MHz, and the chip is a revision 0 chip, the
bootloader will assume that the application has also been running at
240MHz. This will cause the chip to lock up later. Modify this to use
a run time check of DPORT_CPUPERIOD_SEL, which indicates which of the
PLL frequencies was used.

Closes https://github.com/espressif/esp-idf/issues/2731.
2019-02-26 17:02:34 +08:00
Konstantin Kondrashov
e916cf52a3 bootloader: Add support of anti-rollback
Added:
* set a secure version in app/bootloader.
* description anti-rollback to ota part
* emulate the secure_version write and read operations
* efuse_em partition.
* a description about a rollback for native_ota_example.

Closes: TW26335
2019-02-14 18:51:43 +08:00
Ivan Grokhotkov
96d0f7f5e2 bootloader: account for load address when mapping cache pages
Bootloader used to calculate the number of cache pages assuming that
load address was aligned, while in reality load address for DROM and
IROM was offset by 0x20 bytes from the start of 64kB page. This
caused the bootloader to map one less page if the size of the image
was 0x4..0x1c less than a multiple of 64kB.

Reported in https://esp32.com/viewtopic.php?f=13&t=6952.
2019-01-19 14:44:55 +08:00
Ivan Grokhotkov
182e917d78 bootloader: fix IROM and DROM swapped in log messages 2019-01-19 14:44:55 +08:00
Konstantin Kondrashov
dde1fd9b94 bootloader: Add support flags for rollback app
Added
* Set actual ota_seq if both ota are init or incorrect.
* Description of rollback
* UT tests

Closes TW15459
2018-12-11 11:54:21 +08:00
Konstantin Kondrashov
f9522a0eb6 bootloader app_update: Refactoring otadata part 2018-12-05 11:20:03 +08:00
Konstantin Kondrashov
3b9cb25fe1 esp32: Add firmware version to app
Added a new structure esp_app_desc_t. It has info about firmware:
version, secure_version, project_name, time/date build and IDF version.
Added the ability to add a custom structure with a description of the firmware.

The esp_app_desc_t is located in fixed place in start of ROM secotor. It is located after structures esp_image_header_t and esp_image_segment_header_t.

app_version is filed from PROJECT_VER variable (if set in custom make file) or PROJECT_PATH/version.txt or git repo (git describe).

Add API to get app_desc from partition.
2018-12-03 16:52:04 +08:00
Ivan Grokhotkov
964f5a91f7 bootloader, esp32: add workaround for Tensilica erratum 572
If zero-overhead loop buffer is enabled, under certain rare conditions
when executing a zero-overhead loop, the CPU may attempt to execute an invalid instruction. Work around by disabling the buffer.
2018-11-19 04:39:35 +00:00
Ivan Grokhotkov
73d1b5a7a0 bootloader: verify that loaded image does not overlap bootloader code
Fixes CVE-2018-18558
2018-10-26 12:44:10 +08:00
Ivan Grokhotkov
bd11965f6c Merge branch 'bugfix/ndebug_build' into 'master'
soc,sdmmc: fix build failures when NDEBUG is used

See merge request idf/esp-idf!3352
2018-10-19 11:55:37 +08:00
Angus Gratton
f53fef9936 Secure Boot & Flash encryption: Support 3/4 Coding Scheme
Includes esptool update to v2.6-beta1
2018-10-16 16:24:10 +11:00
Ivan Grokhotkov
a1f809fcc5 bootloader: provide implementation of abort
ROM definition of `abort` was removed in 9240bbb. The old definition
resulted in a panic due to a jump to a null pointer (abort member in
ROM stub table was zero). The new definition triggers a debug
exception if JTAG is connected, or goes into an infinite loop to be
reset by the WDT.
2018-10-15 15:02:56 +08:00
Angus Gratton
326d791ebb bootloader: Fix secure boot digest generation for image length where (len%128 < 32) 2018-10-02 15:17:14 +10:00
Angus Gratton
98b42a8b71 Merge branch 'bugfix/disable_coding_scheme_security_features' into 'master'
bootloader: Don't enable secure boot or flash encryption for 3/4 Coding Scheme

See merge request idf/esp-idf!3369
2018-10-02 07:54:11 +08:00
Ivan Grokhotkov
22b840f3df bootloader: don’t reload RTC_FAST DRAM after deep sleep
When CONFIG_ESP32_RTCDATA_IN_FAST_MEM is enabled, RTC data is placed
into RTC_FAST memory region, viewed from the data bus. However the
bootloader was missing a check that this region should not be
overwritten after deep sleep, which caused .rtc.bss segment to loose
its contents after wakeup.
2018-09-29 14:02:16 +08:00
Angus Gratton
ff33406e74 bootloader: Don't enable secure boot or flash encryption for 3/4 Coding Scheme 2018-09-26 18:26:06 +10:00
Sagar Bijwe
48fccbf5dd nvs_flash: Add support for nvs encryption 2018-09-24 11:25:21 +05:30
Angus Gratton
2ec0fd8fd6 Merge branch 'feature/signature_verify_updates' into 'master'
secure boot: Support signed app verification without hardware secure boot

See merge request idf/esp-idf!2814
2018-09-04 18:56:47 +08:00
Angus Gratton
e54f3d9616 Merge branch 'bugfix/bootloader_random_in_app' into 'master'
esp32: Allow bootloader_random.h use in app, add esp_fill_random() function

See merge request idf/esp-idf!3124
2018-09-04 10:39:12 +08:00
Konstantin Kondrashov
9c715d7946 bootloader_support: Fix enable rtc_wdt for resolve issue with varying supply
Eliminates the issue with the lock up in the bootloader due to a power drawdown during its operation.

Closes https://github.com/espressif/esp-idf/issues/1814
2018-09-03 05:43:01 +00:00
Angus Gratton
83a179abb0 esp32: Add esp_fill_random() function
Convenience function to fill a buffer with random bytes.

Add some unit tests (only sanity checks, really.)
2018-09-03 04:39:45 +00:00
Mahavir Jain
62746e414e bootloader: add API for erasing flash region
Signed-off-by: Mahavir Jain <mahavir@espressif.com>
2018-08-29 12:04:32 +00:00
Angus Gratton
b364f23e17 secure boot: Support secure boot signatures without hardware secure boot
Allows OTA updates to be secured via signature checks, without requiring the overhead or complexity
of a full secure boot implementation.

Uses same signing mechanisms (build system and/or espsecure.py as Secure Boot).

Requires:
* [ ] More testing
* [ ] Documentation
2018-08-29 17:05:29 +08:00
Ivan Grokhotkov
90f5456dba Merge branch 'feature/rtc_cpu_freq_config' into 'master'
soc/rtc: Refactoring, support CPU frequencies lower than XTAL

See merge request idf/esp-idf!2856
2018-08-22 11:32:08 +08:00
Ivan Grokhotkov
c722cf3e06 bootloader: use new CPU frequency setting API 2018-08-21 13:02:46 +08:00
Jiang Jiang Jian
98eaa5c2ec Merge branch 'docs/security' into 'master'
docs: Added more wordings to capture secure boot and flash encryption dependency.

See merge request idf/esp-idf!2947
2018-08-16 19:31:36 +08:00
Konstantin Kondrashov
a8e46775c6 soc/rtc_wdt: Add API functions for rtc_wdt
Added functions:
rtc_wdt_protect_off/on
rtc_wdt_set_length_of_reset_signal
rtc_wdt_set_stage
rtc_wdt_set_time
rtc_wdt_feed
rtc_wdt_disable/enable
2018-08-14 17:48:02 +05:00
Sagar Bijwe
b27773e87c docs: Added more wordings to capture secure boot and flash encryption dependency. 2018-08-14 11:27:29 +05:30
Konstantin Kondrashov
117c79eae5 app_update: Add API for getting sha256_of_partition
Added bootloader_common_get_sha256_of_partition() and esp_partition_get_sha256() - get or calculate SHA-256
digest for app and data partitions.
Added bootloader_sha256_hex_to_str() - helps to print SHA-256 digest
Added esp_partition_check_identity() - compares two partitions by SHA-256 digest

Refactoring a function esp_image_load() in bootloader space to esp_image_verify() and
bootloader_load_image(). Old name function esp_image_load is deprecated
and will remove in V4.0 version.

spi_flash/sim: Fix error test_host. Add stub for bootloader_common_get_sha256_of_partition in sim/stubs
2018-08-13 13:59:07 +05:00
Konstantin Kondrashov
8c808c2d9a bootloader: Fix issue - bs->app_count is zero but ota_data have valid entry
If we have the partition table without any ota_apps but in ota_data have
valide entry, in this case we get an error(hang). This commit fix this
case. If bs->app_count is zero when selecting the factory app.

Closes https://github.com/espressif/esp-idf/issues/2218
2018-07-24 13:09:32 +08:00
Angus Gratton
e75a1129e0 Merge branch 'bugfix/bootloader_noreturn_always' into 'master'
bootloader: Ensure bootloader never returns to caller

See merge request idf/esp-idf!2815
2018-07-23 11:56:14 +08:00
Angus Gratton
f0d74b1c64 bootloader: Ensure bootloader never returns to caller
* Fixes some "noreturn" functions in bootloader utils which did return (causing fatal CPU
  exceptions).
* Marks bootloader entry as "noreturn", preventing "user code done" from stalling boot
  Partial fix for https://github.com/espressif/esp-idf/issues/1814 TW20016
  (Comprehensive fix for this issue will be enabling WDT during bootloader, coming shortly.)
2018-07-19 16:24:11 +10:00
Angus Gratton
57b601ab7f secure boot: Pad to avoid data after the signature mapping into the address space
Because address space is mapped in 64KB pages, it was possible for unauthenticated data after the
app .bin to become mapped into the flash cache address space.

This problem is solved by 2 changes:

* "esptool elf2image --secure-pad" will pad the image so that the signature block ends close to the
  64KB boundary. Due to alignment constraints it will be 12 bytes too short after signing (but
  with flash encryption, these 12 bytes are still encrypted as part of the last block and can't be
  arbitrarily changed).
* By default, secure boot now requires all app partitions to be a multiple of 64KB in size.
2018-07-17 15:33:47 +10:00
Jiang Jiang Jian
7f382f461c Merge branch 'feature/support_for_XM25QU64A' into 'master'
feature(flash): set QIO mode for XM25QU64A(1V8_64M_flash)

See merge request idf/esp-idf!2753
2018-07-16 12:16:13 +08:00
Angus Gratton
fb439e48f5 bootloader: Don't verify Partition Table as part of Secure Boot
Partition Tables are still signed for backwards compatibility, but signature is no longer checked as
part of bootloader.

Closes https://github.com/espressif/esp-idf/issues/1641
2018-07-13 15:45:15 +10:00
chenjianqiang
542373b6ef feature(flash): support for QIO mode of XM25QU64A 2018-07-11 22:28:01 +08:00
Anton Maklakov
f42b91fe46 spi_flash: fix errors for GCC 8 support
components/spi_flash/partition.c: In function 'load_partitions':
components/spi_flash/partition.c:179:66: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess]
         strncpy(item->info.label, (const char*) it->label, sizeof(it->label));
                                                                  ^
2018-07-02 09:05:00 +00:00
Ivan Grokhotkov
f525c9ef96 Merge branch 'feature/move_to_soc_rtc_gpio_desc' into 'master'
soc: Fix check_long_hold_gpio and move def to soc

See merge request idf/esp-idf!2550
2018-06-25 12:33:27 +08:00
Konstantin Kondrashov
899fa2dc55 assert: Fix. Move useful functions from wrapped assert functions
Moved useful functions from wrapped assert functions, because option `CONFIG_OPTIMIZATION_ASSERTIONS_DISABLED=y` will remove this functions.

Closes https://github.com/espressif/esp-idf/issues/2068
2018-06-22 15:17:55 +05:00
Konstantin Kondrashov
32da455384 soc: Fix check_long_hold_gpio and move def to soc
Fix factory_reset_pin init as input
Move definition a structure rtc_gpio_desc to soc

Closes https://github.com/espressif/esp-idf/issues/2030
2018-06-22 09:20:27 +05:00
Konstantin Kondrashov
3e0ac4db79 partition_table: Expanding the space under the bootloader
Allows you to move the partition table, it gives more space for the bootloader.
Added a new utility - parttool.py. This utility can search for the offset and/or size of the partitions by name and type/subtype. Use for getting APP_OFFSET and PHY_DATA_OFFSET.
The linker(esp32.bootloader.ld) made changes that allow you to write a custom bootloader code more.

TW14125
2018-06-08 18:47:29 +05:00
Angus Gratton
d775cc4c4c soc: Fix description of rtc_config_t.tieh, add macros
Usage of TIEH was correct but description had 1.8V & 3.3V backwards.

Add macro definitions for TIEH values to improve readability.
2018-05-25 14:58:37 +10:00
Konstantin Kondrashov
ae10abff2f bootloader: Add factory reset and start test app
Added feature:
- reset firmware to Factory app.(by long pressing of the button)
- boot Test app. (by long pressing of the button)
- Added feature erase data partitions from factory reset.

TW10281
TW10280
2018-05-24 16:56:49 +05:00
Wangjialin
f6927ccde9 bootloader(flash): fix flash QIO mode configuration error.
reported from github: https://github.com/espressif/esp-idf/issues/1944

1. Add SPI register setup in execute_flash_command.
2. Save and recover the SPI ctrl register in execute_flash_command.
2018-05-16 12:42:29 +00:00
Ivan Grokhotkov
254e29aca4 mbedtls: update usage of deprecated mbedtls_shaX APIs
The following mbedTLS APIs have been deprecated and replaced with the
new ones which return error codes:

mbedtls_shaX_starts -> mbedtls_shaX_starts_ret
mbedtls_shaX_update -> mbedtls_shaX_update_ret
mbedtls_shaX_finish -> mbedtls_shaX_finish_ret
mbedtls_shaX_process -> mbedtls_shaX_internal_process

Update hardware implementations of SHA functions, and other IDF
components which used above functions, to use new versions.
2018-05-09 23:15:28 +08:00
Angus Gratton
bb1f3ae264 Merge branch 'feature/psram_configure_in_runtime' into 'master'
feature(psram): update psram and flash SPI frequency in runtime

See merge request idf/esp-idf!1776
2018-05-08 15:23:47 +08:00
Alexey Gerenkov
439140d269 esp32: Adds support for SW breakpoints in flash
Disables app image integrity checks when running under OpenOCD control.
Allows setting breakpoints in flash before application start (just after reset).
2018-04-26 10:17:02 +03:00
Wangjialin
b1dcb52fec feature(psram): configure flash and psram speed during runtime
1. Bootloader reads SPI configuration from bin header, so that the burning configuration can be different with compiling configuration.
2. Psram mode init will overwrite original flash speed mode, so that users can change psram and flash speed after OTA.
3. Flash read mode(QIO/DIO…) will not be changed in app bin. It is decided by bootloader, OTA can not change this mode.
4. Add read flash ID function, and save flash ID in g_rom_flashchip
5. Set drive ability for all related GPIOs
6. Check raise VDDSDIO voltage in 80Mhz mode
7. Add check flash ID and update settings in bootloader
8. Read flash ID once and keep in global variable
9. Read flash image header once and reuse the result

Tested cases:
1. Test new and old version of bootloader
boot Flash 20M —> app Flash 80M + Psram 80M
boot Flash 40M —> app Flash 80M + Psram 80M
boot Flash 80M —> app Flash 80M + Psram 80M
boot Flash 20M —> app Flash 80M + Psram 40M
boot Flash 40M —> app Flash 80M + Psram 40M
boot Flash 80M —> app Flash 80M + Psram 40M
boot Flash 20M —> app Flash 40M + Psram 40M
boot Flash 40M —> app Flash 40M + Psram 40M
boot Flash 80M —> app Flash 40M + Psram 40M
2. Working after esp_restart reboot.
2018-04-20 20:51:44 +08:00
Konstantin Kondrashov
86256b3541 bootloader: Refactoring
Need to make the bootloader modular so that users can redefine its functional part.

- refactoring and moving functions to the bootloader_support component
- Changed function to `void` bootloader_utility_load_image(...);

TW19596
2018-04-17 16:36:49 +05:00
Jiang Jiang Jian
8eaae96658 Merge branch 'bugfix/flash_mapp' into 'master'
spi_flash: add api to get valid mmu table pages number

See merge request idf/esp-idf!2070
2018-03-30 19:32:35 +08:00
Tian Zhong Xing
fa68774344 spi_flash:
1. add test code for new api
2. resolve some comments
2018-03-26 10:24:42 +08:00
Konstantin Kondrashov
f7df532ec0 bugfix/rtc_clk_32k_bootstrap: Fix starting 32k RTC
1. External 32kHz crystal is started for too long or it may not start at all. It is often observed at the first start.
2. At the first start, it is possible that the crystal did not start. And the recorded period was recorded as 0. Which led to a division error by zero during the transition to the deep sleep mode (Maybe somewhere else).
3. Added a unit test to test a new method of oscillation an external crystal.
4. Added a new method of oscillating of an external crystal. The legs of the crystal are fed with a 32 kHz frequency.

The new method eliminates these errors.

Added unit test: `\esp-idf\components\soc\esp32\test\test_rtc_clk.c`: `make TEST_COMPONENTS=soc`
- 8 Test starting external RTC crystal. Will pass.

`Bootstrap cycles for external 32kHz crystal` - is specified in the file Kconfig by default 100.

QA tested a new method of oscillation the crystal on 25 boards. The supply of square waves on the crystal showed a 100% result in contrast to the previous method of launching the crystal. After the tests, the old method was deleted.

Closes TW19143
2018-03-21 13:27:56 +05:00
Tian Zhong Xing
7555031553 add api get valid mmu table pages number 2018-03-16 10:40:55 +08:00
Roland Dobai
cf7a4cc650 Protect partition table by MD5 checksum 2018-02-05 11:36:03 +01:00
Ivan Grokhotkov
f8bda324ec Merge branch 'bugfix/bootloader_v10_backwards_compat' into 'master'
esp32: Fix backwards compatibility for pre-v2.1 bootloaders

See merge request !1673
2017-12-18 17:20:08 +08:00
Angus Gratton
c69af42b96 esp32: Fix backwards compatibility for pre-v2.1 bootloaders
Older bootloaders don't set RTC_XTAL_FREQ_REG or call rtc_clk_init(),
app needs to pick this up.

Reported at
https://esp32.com/viewtopic.php?f=2&t=3939&p=17836
2017-12-18 13:45:57 +11:00
Angus Gratton
ea2afa83a8 log: Remove non-static TAG variables 2017-12-15 10:59:48 +11:00
Angus Gratton
7a18575af8 flash encryption: Also always disable ROM BASIC console when enabling flash encryption 2017-08-29 14:52:00 +10:00
Angus Gratton
1e22bcdfde esp32: Add KConfig option to disable ROM Console fallback on first boot 2017-08-29 14:52:00 +10:00
Angus Gratton
7755015f4f secure boot: Fix enabling secure boot on first bootloader boot
Bootloader would accidentally check its own image for a secure boot signature,
but bootloader is unsigned (protected by secure boot digest).
2017-08-23 11:19:42 +10:00
Angus Gratton
5eef5e7a5d bootloader: Fallback if OTA data is invalid
Make bootloader more robust if either OTA data or some OTA app slots are corrupt.
2017-08-15 09:42:19 +10:00
Angus Gratton
17adb40ca8 bootloader: Calculate SHA256 hash of image on every boot
Makes app image booting more reliable (256-bit rather than 8-bit verification.)

Some measurements, time to boot a 655KB app.bin file and run to app_main() execution.

(All for rev 1 silicon, ie no 340ms spurious WDT delay.)

80MHz QIO mode:
before = 300ms
after = 140ms

40MHz DIO mode:
before = 712ms
after = 577ms

40MHz DIO mode, secure boot enabled
before = 1380ms
after = 934ms

(Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-07-19 18:31:59 +10:00
Angus Gratton
43b99edf2b bootloader: Calculate SHA-256 of image while loading/verifying 2017-07-19 18:25:17 +10:00
Angus Gratton
8f6134dd96 bootloader: Obfuscate loaded memory until verification is complete 2017-07-19 18:25:17 +10:00
Angus Gratton
0c8888d68f bootloader: Combine loading from flash & verifying to save boot time
Still needs updating to account for secure boot.
2017-07-19 18:25:17 +10:00
Tian Hao
26a3cb93c7 component/soc : move dport access header files to soc
1. move dport access header files to soc
2. reduce dport register write protection. Only protect read operation
2017-05-09 18:06:00 +08:00
Tian Hao
f7e8856520 component/esp32 : fix dualcore bug
1. When dual core cpu run access DPORT register, must do protection.
2. If access DPORT register, must use DPORT_REG_READ/DPORT_REG_WRITE and DPORT_XXX register operation macro.
2017-05-08 21:53:43 +08:00
Angus Gratton
e2479b46f7 secure boot: Fix bootloader image verification failure
* Failure prevented secure boot from enabling.
* Also adds unit test cases for esp_image_basic_verify()

Ref https://esp32.com/viewtopic.php?f=2&t=1602
TW11878
2017-04-26 11:23:35 +10:00
Ivan Grokhotkov
8a9516a973 Merge branch 'bugfix/bootloader_error_handling_code' into 'master'
Add error handling code in bootloader

Forgotten error handling

See merge request !650
2017-04-13 15:28:49 +08:00
Anton Maklakov
e4353f2119 bootloader: Add error handling code 2017-04-11 18:15:36 +08:00
Alexey Gerenkov
0860f46220 spi_flash: Fixed bug in SPI flash ROM driver to work with embedded flash chip
1) fixed SPI_read_status: added check for flash busy flag in matrix mode
2) fixed SPI_page_program: enable write before writing data to SPI FIFO
3) SPI flash ROM funcs replacement is controlled via menuconfig option
2017-04-11 10:51:19 +08:00
Ivan Grokhotkov
8911e666a0 Merge branch 'feature/docs_partition_ota_flash' into 'master'
Partition/SPI/OTA docs & OTA new functionality

* Update partition, SPI flash & OTA docs to reflect functionality changes
* Refactor OTA implementation to perform checks mentioned in API doc
* Add new functions to OTA API: esp_ota_get_running_partition() & esp_ota_get_next_update_partition() functions
* Add spi_flash_cache2phys() & spi_flash_phys2cache() functions to support esp_ota_get_running_partition()


See merge request !513
2017-03-03 11:27:01 +08:00
Angus Gratton
4d67a2ba8b esp32 phy_init: Move DPORT Wifi clock masks to macro values
Amended fix for c642079 !534
2017-03-01 12:11:57 +11:00
Angus Gratton
25f739c183 ota ops: Add new functions esp_ota_get_next_update_partition / esp_ota_get_running_partition
* Update OTA example to use these.
* Refactor esp_ota_begin() to return ESP_ERR_OTA_PARTITION_CONFLICT as documented
2017-02-22 10:24:42 +11:00
Ivan Grokhotkov
3b583c150f bootloader: disconnect VRTC from SAR input in bootloader_random_disable
Bootloader enables SAR ADC in test mode to get some entropy for the RNG.
The bits which control the ADC test mux were not disabled, which caused
extra ~24uA current to be drawn from VRTC, increasing deep sleep current
consumption. This change disables relevant test mode bits in
bootloader_random_disable.
2017-02-21 17:07:15 +08:00
Angus Gratton
eea2788f5a OTA: Fix issues with encrypted OTA
- OTA source can write non-16-byte multiples of data
- Assumption that empty ota_data is 0xFFFFFFFF untrue when encrypted
2017-01-26 18:52:35 +11:00
Tian Zhong Xing
2173ad3b45 bootloader_support: fix bug OTA & flash encryption incompatible
ota data partition should be encrypted unconditionally when flash encrypt enable
2017-01-26 16:20:06 +11:00
Angus Gratton
7d40f17d1d bootloader_random: Restore all SARADC/I2S registers to reset values
Fix for issue with I2S0 not being usable after bootloader_random_enable()
2017-01-13 12:19:13 +11:00
Angus Gratton
3922ce47b2 bootloader: Enable early boot RNG entropy source
This reverts commit ceb8566970.
2017-01-04 17:07:12 +11:00
Angus Gratton
3783e28f0e bootloader: Check all partitions fit inside configured flash size 2016-12-30 14:19:46 +11:00
Angus Gratton
ceb8566970 Flash encryption / secure boot: Temporarily disable on-device key generation
Will be enabled after seeding of HWRNG in bootloader is fully tested/qualified.
2016-12-01 23:49:13 -08:00
Angus Gratton
506c8cd964 secure boot & flash encryption: Rework configuration options
Add UART bootloader disable options for flash encryption
2016-12-01 23:49:12 -08:00
Angus Gratton
9eb135fd73 Flash encryption: Support enabling flash encryption in bootloader, app support
* App access functions are all flash encryption-aware
* Documentation for flash encryption
* Partition read/write is flash aware
* New encrypted write function
2016-12-01 23:49:12 -08:00
Angus Gratton
c48612e516 mbedTLS SHA acceleration: Allow concurrent digest calculation, works with TLS
SHA hardware allows each of SHA1, SHA256, SHA384&SHA512 to calculate digests
concurrently.

Currently incompatible with AES acceleration due to a hardware reset problem.

Ref TW7111.
2016-11-22 20:42:38 +11:00
Angus Gratton
60f29236f6 Build system: Raise warning level
Default esp-idf builds now show -Wextra warnings (except for a few:
signed/unsigned comparison, unused parameters, old-style C declarations.)

CI building of examples runs with that level raised to -Werror, to catch
those changes going into the main repo.
2016-11-16 15:57:34 +11:00
Angus Gratton
8691b54758 secure boot: Rename efuse option for UART bootloader to option for ROM interpreter 2016-11-14 11:08:42 +11:00
Angus Gratton
e459f803da secure boot: Functional partition table & app signature verification 2016-11-14 11:08:42 +11:00
Angus Gratton
fe66dd85f0 secure boot: Enable based on sdkconfig, remove "secure boot flag" from binary image 2016-11-14 11:08:42 +11:00
Angus Gratton
7402a1b973 partition_table: Move from 0x4000 to 0x8000
Also fix a bug with correctly padding bootloader image when length is
already a multiple of 16.
2016-11-14 11:08:42 +11:00
Angus Gratton
b5de581399 Secure boot: initial image signature support 2016-11-14 11:08:42 +11:00
Angus Gratton
98a0387854 bootloader_support: Move secure boot code to bootloader_support 2016-11-08 11:13:54 +11:00
Angus Gratton
aceb6517c0 Refactor existing bootloader common functionality into bootloader_support component 2016-11-02 17:58:41 +11:00