Commit Graph

72 Commits

Author SHA1 Message Date
Angus Gratton
2c39010b3b Merge branch 'bugfix/anti_rollback_without_test_app' into 'master'
bootloader: Anti-rollback mode doesn't run test_app

See merge request espressif/esp-idf!12225
2021-02-09 14:16:51 +08:00
Yann Pomarède
ee400f8b68 bootloader: SECURE_ENABLE_SECURE_ROM_DL_MODE cannot be y when SECURE_DISABLE_ROM_DL_MODE=y
Closes: https://github.com/espressif/esp-idf/pull/6442
2021-02-05 18:38:17 +08:00
KonstantinKondrashov
25ac1d4d28 bootloader: Anti-rollback mode doesn't run test_app
- Cmake shows an error if the partition table has a test app.
- BOOTLOADER_APP_TEST depends on !BOOTLOADER_APP_ANTI_ROLLBACK.
- Bootloader does not boot the test app if secure version is low.

Closes: https://www.esp32.com/viewtopic.php?f=13&t=19164&p=71302#p71302
2021-02-01 23:24:23 +08:00
Mahavir Jain
e712a91488 spi_flash: add config option to enable encrypted partition read/write
This feature can be disabled to save some IRAM (approx 1KB) for cases
where flash encryption feature is not required.
2021-01-28 12:19:21 +00:00
KonstantinKondrashov
98f726fa4b bootloader/esp32c3: Adds secure boot (not yet supported) 2021-01-19 20:51:13 +08:00
Angus Gratton
66fb5a29bb Whitespace: Automated whitespace fixes (large commit)
Apply the pre-commit hook whitespace fixes to all files in the repo.

(Line endings, blank lines at end of file, trailing whitespace)
2020-11-11 07:36:35 +00:00
morris
9de6cba434 ci: add more build test for esp32-s3 2020-10-27 17:22:17 +08:00
KonstantinKondrashov
5f975a8168 bootloader: Change range of the factory reset pin in Kconfig
Closes: https://github.com/espressif/esp-idf/issues/5489
2020-10-20 21:28:37 +08:00
me-no-dev
b64fd872bc Allow esptool's download stub to be disabled by other options and applications
Currently USB CDC Download requires the `--no-stub` option of `esptool`. This change inverts the Kconfig option to negative, so that it can be `selected` by other options or enabled in applications through `sdkconfig.defaults`.
2020-09-16 03:25:53 +00:00
Supreet Deshpande
e640e148cf Secure boot v2 support for ESP32-S2 2020-07-27 00:01:10 +00:00
Angus Gratton
3755fb6597 Merge branch 'feature/add_esp32s3_bootloader_ld_file' into 'master'
move part of esp32-s3 codes to master (bootloader linker, esp32s3 empty componnet)

See merge request espressif/esp-idf!9608
2020-07-21 14:51:04 +08:00
Angus Gratton
5c58564f90 Merge branch 'feature/support_for_esp32_pico_v3_02' into 'master'
psram: support for esp32-pico-v3-02

See merge request espressif/esp-idf!9405
2020-07-21 13:28:26 +08:00
Angus Gratton
c09fdc0b09 esp32: Use package identifier to look up SPI flash/PSRAM WP Pin, unless overridden
Allows booting in QIO/QOUT mode or with PSRAM on ESP32-PICO-V3 and
ESP32-PICO-V3-O2 without any config changes.

Custom WP pins (needed for fully custom circuit boards) should still be compatible.
2020-07-20 14:08:49 +08:00
morris
b587428e5d bootloader: make bootloader offset address in flash configurable 2020-07-20 10:51:05 +08:00
Ivan Grokhotkov
eff6a1eaab bootloader: fix SECURE_TARGET_HAS_SECURE_ROM_DL_MODE enabled for esp32 2020-07-17 21:04:08 +02:00
Angus Gratton
f64ae4fa99 efuse: Add 'disable Download Mode' & ESP32-S2 'Secure Download Mode' functionality 2020-05-28 17:50:45 +10:00
Felipe Neves
6f27992430 flash_encryption: return more clear error codes when bootloader encryption fails 2020-04-24 12:43:47 -03:00
Felipe Neves
b3d8847406 flash_encryption: added wdt feed during encryption process to avoid undesired reset. 2020-04-24 12:43:47 -03:00
Felipe Neves
7635dce502 bootloader/flash_encrypt: added esp32s2 flash encryption code on build system and enabled example
flash_enctryption: enabled flash encryption example on esp32s2

bootloader: raise WDT overflow value providing sufficient interval to encrypt app partition

flash_ encrypt: Fixed the TODOs on flash encryption key generation for esp32s2

flash_encryption: added secure boot features to flash enctryption for esp32s2

bootloader: leave only esp32s2 compatible potentially insecure options on menuconfig.

flash_encryption: removed secure boot version 1 from esp32s2 encryption code

flash_encryption:  added  CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED option for esp32s2

flash_encryption: fixed the count of left plaintext flash

flash_encryption: disable dcache and icache download when using encryption in release mode

flash_encryption:  add cache potentally insecure options for s2 chips

flash_encryption: fixed bug which bricked some chips in relase mode
2020-04-24 12:43:47 -03:00
Angus Gratton
142f69448f secure boot v2: esp32: Prevent read disabling additional efuses
Also reduce the number of eFuse write cycles during first boot when
Secure Boot and/or Flash Encryption are enabled.
2020-03-30 18:00:40 +11:00
Angus Gratton
26efc5a6d0 bootloader: Set the bootloader optimization level separately to the app
Change the default bootloader config to -Os to save size.

This is a useful feature because it allows switching between debug
and release configs in the app without also needing to account for a
size change in the bootloader.
2020-02-27 14:38:52 +05:30
Supreet Deshpande
a9ccc5e5c8 feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-25 01:28:22 +05:30
morris
e30cd361a8 global: rename esp32s2beta to esp32s2 2020-01-22 12:14:38 +08:00
Ivan Grokhotkov
5830f529d8 Merge branch 'master' into feature/esp32s2beta_merge 2019-10-02 19:01:39 +02:00
Roland Dobai
833822c10b Fix Kconfig issues discovered by upstream Kconfiglib 2019-09-23 16:10:57 +02:00
KonstantinKondrashov
6f102125b4 bootloader: Add support esp32s2beta 2019-09-20 16:57:33 +10:00
Angus Gratton
438d513a95 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-16 16:18:48 +10:00
Angus Gratton
abd6d40796 secure boot: Ensure mbedTLS enables ECDSA if signatures are checked in app
and all ECDSA to be disabled if secure boot is not enabled

Previously if ECDSA disabled in config then secure_boot_signatures.c would
fail to build (whether or not secure boot was enabled).

To avoid breaking apps that might be using the signature scheme with custom OTA
without enabling secure boot signatures in config, this change just disables
this functionality if unavailable in mbedTLS config.

Possible fix for root cause of https://github.com/espressif/esp-idf/pull/3703
2019-08-30 14:56:11 +10:00
Angus Gratton
a21ca2270a Merge branch 'feature/deep_sleep_fast_wake' into 'master'
bootloader: Reduce the time spent in image validation when waking from deep sleep

See merge request espressif/esp-idf!5140
2019-08-28 08:54:28 +08:00
Ivan Grokhotkov
12c9d9a564 spi_flash: remove duplicate definition of spi_flash_unlock
The other (static) definition is in flash_ops.c, all references are
also in flash_ops.c.
2019-08-23 12:37:55 +08:00
KonstantinKondrashov
c543aac91e bootloader: API for the fast wakeup and custom using RTC mem
Added "Reserve RTC FAST memory for custom purposes" option.
Added a boot counter.
2019-08-21 11:44:37 +00:00
Tim Nordell
43393cf4d1 bootloader: Support for skipping validation upon wake from deep sleep
This saves time when waking up from deep sleep, but potentially decreases
the security of the system.  If the application able to modify itself
(especially areas that are loaded into RAM) in flash while running
without crashing or is modifies the cached bits of information about
what was last booted from the bootloader, this could cause security
issues if the user does a "deep sleep reset" since the full validation
is skipped.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Angus Gratton
24d26fccde Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00
Hemal Gujarathi
a68c7c21e1 Improve flash encryption documentation and add Development & Release modes
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
2019-06-25 23:41:18 +00:00
suda-morris
3f7a571c90 fix errors when ci testing for esp32 2019-06-19 15:31:47 +08:00
suda-morris
12f00d9a5e make bootloader support esp32s2beta 2019-06-11 13:06:32 +08:00
hemal.gujarathi
865b24144e remove secure boot test mode 2019-05-23 14:13:08 +05:30
Roland Dobai
1ad2283641 Rename Kconfig options (components/bootloader) 2019-05-21 09:32:55 +02:00
Roland Dobai
997b29a9ca Rename Kconfig options (components/esptool_py) 2019-05-21 09:32:55 +02:00
Roland Dobai
0ae53691ba Rename Kconfig options (components/esp32) 2019-05-21 09:09:01 +02:00
Mahavir Jain
202f689baa bootloader: use mbedTLS for secure boot verification in firmware 2019-04-01 15:46:52 +05:30
Konstantin Kondrashov
e916cf52a3 bootloader: Add support of anti-rollback
Added:
* set a secure version in app/bootloader.
* description anti-rollback to ota part
* emulate the secure_version write and read operations
* efuse_em partition.
* a description about a rollback for native_ota_example.

Closes: TW26335
2019-02-14 18:51:43 +08:00
Roland Dobai
37126d3451 Correct Kconfigs according to the coding style 2019-01-29 13:37:01 +01:00
Konstantin Kondrashov
dde1fd9b94 bootloader: Add support flags for rollback app
Added
* Set actual ota_seq if both ota are init or incorrect.
* Description of rollback
* UT tests

Closes TW15459
2018-12-11 11:54:21 +08:00
Angus Gratton
f53fef9936 Secure Boot & Flash encryption: Support 3/4 Coding Scheme
Includes esptool update to v2.6-beta1
2018-10-16 16:24:10 +11:00
Angus Gratton
2ec0fd8fd6 Merge branch 'feature/signature_verify_updates' into 'master'
secure boot: Support signed app verification without hardware secure boot

See merge request idf/esp-idf!2814
2018-09-04 18:56:47 +08:00
Konstantin Kondrashov
9c715d7946 bootloader_support: Fix enable rtc_wdt for resolve issue with varying supply
Eliminates the issue with the lock up in the bootloader due to a power drawdown during its operation.

Closes https://github.com/espressif/esp-idf/issues/1814
2018-09-03 05:43:01 +00:00
Angus Gratton
b364f23e17 secure boot: Support secure boot signatures without hardware secure boot
Allows OTA updates to be secured via signature checks, without requiring the overhead or complexity
of a full secure boot implementation.

Uses same signing mechanisms (build system and/or espsecure.py as Secure Boot).

Requires:
* [ ] More testing
* [ ] Documentation
2018-08-29 17:05:29 +08:00
Angus Gratton
57b601ab7f secure boot: Pad to avoid data after the signature mapping into the address space
Because address space is mapped in 64KB pages, it was possible for unauthenticated data after the
app .bin to become mapped into the flash cache address space.

This problem is solved by 2 changes:

* "esptool elf2image --secure-pad" will pad the image so that the signature block ends close to the
  64KB boundary. Due to alignment constraints it will be 12 bytes too short after signing (but
  with flash encryption, these 12 bytes are still encrypted as part of the last block and can't be
  arbitrarily changed).
* By default, secure boot now requires all app partitions to be a multiple of 64KB in size.
2018-07-17 15:33:47 +10:00
Angus Gratton
d0b8f2865f docs: Switch base URL from esp-idf.readthedocs.io to docs.espressif.com 2018-06-19 11:23:33 +00:00