Commit Graph

334 Commits

Author SHA1 Message Date
Angus Gratton
142f69448f secure boot v2: esp32: Prevent read disabling additional efuses
Also reduce the number of eFuse write cycles during first boot when
Secure Boot and/or Flash Encryption are enabled.
2020-03-30 18:00:40 +11:00
Darian Leung
91841a53ff WDT: Add LL and HAL for watchdog timers
This commit updates the watchdog timers (MWDT and RWDT)
in the following ways:

- Add seprate LL for MWDT and RWDT.
- Add a combined WDT HAL for all Watchdog Timers
- Update int_wdt.c and task_wdt.c to use WDT HAL
- Remove most dependencies on LL or direct register access
  in other components. They will now use the WDT HAL
- Update use of watchdogs (including RTC WDT) in bootloader and
  startup code to use the HAL layer.
2020-03-26 02:14:02 +08:00
Angus Gratton
f2d310fea7 secure boot: Fix anti-fault value if hash is shorter than curve
(Not actually a problem with SBV1 anti-fault as hash size == curve size in this case.)
2020-03-11 17:17:20 +11:00
Angus Gratton
26efc5a6d0 bootloader: Set the bootloader optimization level separately to the app
Change the default bootloader config to -Os to save size.

This is a useful feature because it allows switching between debug
and release configs in the app without also needing to account for a
size change in the bootloader.
2020-02-27 14:38:52 +05:30
Angus Gratton
d40c69375c bootloader: Add fault injection resistance to Secure Boot bootloader verification
Goal is that multiple faults would be required to bypass a boot-time signature check.

- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32

Add some additional checks for invalid sections:

- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
2020-02-27 14:37:19 +05:30
Supreet Deshpande
a9ccc5e5c8 feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-25 01:28:22 +05:30
Supreet Deshpande
2bf329eb2c Fixes accessing some files from 2nd part of the bootloader. 2020-02-10 12:34:18 +05:30
Ivan Grokhotkov
fd15acb50f esp32s2: bootloader: move iram_loader segment higher
This gives extra 16kB for the application's static .data/.bss
2020-01-24 10:48:20 +01:00
morris
e30cd361a8 global: rename esp32s2beta to esp32s2 2020-01-22 12:14:38 +08:00
Ivan Grokhotkov
c11f77cb1a Merge branch 'feature/use_underlying_cmake_targets_for_idf_py' into 'master'
CMake: Use underlying flash targets for idf.py

See merge request espressif/esp-idf!7067
2020-01-21 17:05:47 +08:00
duyi
18a05e2ee0 update ld file for esp32-s2 2020-01-16 17:43:59 +08:00
morris
1c2cc5430e global: bring up esp32s2(not beta) 2020-01-16 17:41:31 +08:00
Renz Christian Bagaporo
cc8bff703e esptool_py: create flash target functions 2020-01-15 03:36:47 +00:00
Angus Gratton
e890137ad3 Merge branch 'bugfix/cmake_reflashable_build_targets' into 'master'
secure boot: Fix bootloader build system target for bootloader digest

Closes IDFGH-2396

See merge request espressif/esp-idf!7069
2020-01-07 06:40:33 +08:00
morris
888316fc64 bootloader_support: refactor to better support multi target 2019-12-23 05:45:17 +00:00
suda-morris
ba7c67ece8 bootloader won't have dependency on wifi 2019-12-23 05:45:17 +00:00
Angus Gratton
0cc98b8d76 secure boot: Fix bootloader build system target for bootloader digest
Closes https://github.com/espressif/esp-idf/issues/4513
2019-12-20 15:09:15 +11:00
Angus Gratton
6f761dd62d cmake: Fix some uninitialized variable warnings 2019-11-08 12:50:28 +08:00
Angus Gratton
4352265fa0 cmake: Fix case error passing extra CMake args to sub-projects
Bug in commit f4ea7c5a where the wrong variable case was used when passing
through to sub-projects
2019-11-08 11:56:13 +08:00
Angus Gratton
75488f1806 Merge branch 'bugfix/cmake_secure_boot' into 'master'
secure boot: CMake bug fixes

See merge request espressif/esp-idf!6523
2019-11-08 10:58:04 +08:00
Angus Gratton
e34bb7460f secure boot: In Reflashable mode, make sure the bootloader digest updates
... whenever the bootloader.bin is updated
2019-11-06 12:13:24 +08:00
Jiang Jiang Jian
02a756015d Merge branch 'feature/wifi_merge_libs_to_master' into 'master'
esp_wifi: merge esp32s2beta WiFi library and fix WiFi deinit memory leak bug

See merge request espressif/esp-idf!6531
2019-10-31 20:56:39 +08:00
Xia Xiaotian
9afba2abf5 esp_wifi: merge esp32s2beta WiFi library to master branch 2019-10-29 19:41:33 +08:00
Angus Gratton
f4ea7c5a46 cmake: Set uninitialized variable warnings in ULP & bootloader subprojects
Fixes issue where PYTHON was not being expanded when running ulp_mapgen.py,
causing Windows launch setting to be used - reported here:
https://esp32.com/viewtopic.php?f=13&t=12640&p=50283#p50283
2019-10-29 05:38:39 +00:00
Angus Gratton
f5238d5e42 Merge branch 'feature/esp32s2beta' into feature/esp32s2beta_merge 2019-10-15 15:03:45 +11:00
KonstantinKondrashov
267ca19ae8 bootloader: Fix dram_seg 2019-10-08 16:07:53 +08:00
Ivan Grokhotkov
5830f529d8 Merge branch 'master' into feature/esp32s2beta_merge 2019-10-02 19:01:39 +02:00
Ivan Grokhotkov
c496268b10 Merge branch 'feature/load_elf' into 'master'
Support ELF files loadable with gdb

Closes IDF-335

See merge request espressif/esp-idf!5779
2019-09-27 19:36:25 +08:00
Roland Dobai
5a916ce126 Support ELF files loadable with gdb 2019-09-24 07:19:50 +00:00
Roland Dobai
833822c10b Fix Kconfig issues discovered by upstream Kconfiglib 2019-09-23 16:10:57 +02:00
KonstantinKondrashov
6f102125b4 bootloader: Add support esp32s2beta 2019-09-20 16:57:33 +10:00
Angus Gratton
83680bd96b Merge branch 'feature/esp32s2beta' into feature/esp32s2beta_merge 2019-09-19 21:08:20 +10:00
Angus Gratton
438d513a95 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-16 16:18:48 +10:00
KonstantinKondrashov
e0f7fbc5fa bootloader: expand the space for iram_loader_seg
Fixed ld issue: overflowed iram_loader_seg
2019-09-13 00:39:37 +08:00
Angus Gratton
c052a38e2a bootloader: Link RTC clock functions to the iram_loader section
As flash encryption & secure boot needs these functions after the app is loaded.

Fixes regression introduced in fb72a6f629
2019-09-10 11:28:17 +10:00
jiangguangming
4ef4b29c74 Reorganize the memory to maximize contiguous DRAM
1. Fix bug for variable sdkconfig_header in CMakeLists.txt
2. Modify the load address of bootloader
3. Modify the load address of application program
2019-09-06 16:18:42 +08:00
jiangguangming
c057c141eb Fix bug for reserved memory regions
1. Release 16KB memory of reserved regions to heap
2. Modify the dram_seg address of bootloader to 0x3FFF8000, size is 16K
2019-09-05 19:00:14 +08:00
Angus Gratton
c5747027b4 Merge branch 'bugfix/cmake_bootloader_python' into 'master'
build system: Pass Python executable through to bootloader build

See merge request espressif/esp-idf!5956
2019-09-03 12:55:58 +08:00
Angus Gratton
abd6d40796 secure boot: Ensure mbedTLS enables ECDSA if signatures are checked in app
and all ECDSA to be disabled if secure boot is not enabled

Previously if ECDSA disabled in config then secure_boot_signatures.c would
fail to build (whether or not secure boot was enabled).

To avoid breaking apps that might be using the signature scheme with custom OTA
without enabling secure boot signatures in config, this change just disables
this functionality if unavailable in mbedTLS config.

Possible fix for root cause of https://github.com/espressif/esp-idf/pull/3703
2019-08-30 14:56:11 +10:00
Angus Gratton
e3e21b7954 build system: Pass Python executable through to bootloader build
Fixes failures if the PYTHON cache setting doesn't match the
default of "python" on the PATH.
2019-08-29 18:53:18 +10:00
Angus Gratton
1cd54d34f6 Merge branch 'bugfix/bootloader_factory_reset_with_wake_up_from_deep_sleep' into 'master'
bootloader: Blocking the Factory reset during wake up from deep sleep

Closes IDFGH-1536

See merge request espressif/esp-idf!5673
2019-08-29 09:35:08 +08:00
Angus Gratton
a21ca2270a Merge branch 'feature/deep_sleep_fast_wake' into 'master'
bootloader: Reduce the time spent in image validation when waking from deep sleep

See merge request espressif/esp-idf!5140
2019-08-28 08:54:28 +08:00
KonstantinKondrashov
69f45c3674 bootloader: Factory reset not for deep sleep
Closes: https://github.com/espressif/esp-idf/issues/3800

Closes: IDFGH-1536
2019-08-23 10:21:06 +00:00
Ivan Grokhotkov
12c9d9a564 spi_flash: remove duplicate definition of spi_flash_unlock
The other (static) definition is in flash_ops.c, all references are
also in flash_ops.c.
2019-08-23 12:37:55 +08:00
KonstantinKondrashov
c543aac91e bootloader: API for the fast wakeup and custom using RTC mem
Added "Reserve RTC FAST memory for custom purposes" option.
Added a boot counter.
2019-08-21 11:44:37 +00:00
Tim Nordell
43393cf4d1 bootloader: Support for skipping validation upon wake from deep sleep
This saves time when waking up from deep sleep, but potentially decreases
the security of the system.  If the application able to modify itself
(especially areas that are loaded into RAM) in flash while running
without crashing or is modifies the cached bits of information about
what was last booted from the bootloader, this could cause security
issues if the user does a "deep sleep reset" since the full validation
is skipped.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Angus Gratton
04ae56806c Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 15:26:58 +10:00
Angus Gratton
24d26fccde Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00
Anton Maklakov
afbaf74007 tools: Mass fixing of empty prototypes (for -Wstrict-prototypes) 2019-08-01 16:28:56 +07:00
Renz Christian Bagaporo
9edc867c62 bootloader: fix secure boot issues
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
2019-06-28 10:54:21 +08:00
Renz Christian Bagaporo
f332e0c1d6 partition_table: move establishing dependencies to respective components
partition_table: move establishing dependencies to respective components
2019-06-28 10:50:52 +08:00
Hemal Gujarathi
a68c7c21e1 Improve flash encryption documentation and add Development & Release modes
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
2019-06-25 23:41:18 +00:00
Angus Gratton
9a412d3a08 Merge branch 'feature/use_new_component_registration_apis' into 'master'
Use new component registration API

See merge request idf/esp-idf!4898
2019-06-25 10:24:11 +08:00
Angus Gratton
9d573c65dc Merge branch 'bugfix/legacy_header_bootloader_build' into 'master'
bootloader: pass legacy header config variable to subproject

See merge request idf/esp-idf!4966
2019-06-25 10:23:33 +08:00
Renz Christian Bagaporo
9eccd7c082 components: use new component registration api 2019-06-21 19:53:29 +08:00
Renz Christian Bagaporo
e8582e9aa4 esptool_py: use passed offset and image when template is given
esptool_py defines command `esptool_py_flash_project_args` that
generates arg file for esptool.py. Two of the arguments are the offset
and image, which are not being used when a template file is given.
This commit makes variables OFFSET and IMAGE available to the template
file, which will holds the value of the offset and image arguments to
`esptool_py_flash_project_args`.
2019-06-21 19:48:41 +08:00
suda-morris
3f7a571c90 fix errors when ci testing for esp32 2019-06-19 15:31:47 +08:00
Renz Christian Bagaporo
3882e48e8a cmake: use new signature form of target_link_library to link components
!4452 used setting LINK_LIBRARIES and INTERFACE_LINK_LIBRARIES to link
components built under ESP-IDF build system. However, LINK_LIBRARIES does
not produce behavior same as linking PRIVATE. This MR uses the new
signature for target_link_libraries directly instead. This also moves
setting dependencies during component registration rather than after all
components have been processed.

The consequence is that internally, components have to use the new
signature form as well. This does not affect linking the components to
external targets, such as with idf_as_lib example. This only affects
linking additional libraries to ESP-IDF libraries outside component processing (after
idf_build_process), which is not even possible for CMake<v3.13 as
target_link_libraries is not valid for targets not created in current
directory. See https://cmake.org/cmake/help/v3.13/policy/CMP0079.html#policy:CMP0079
2019-06-11 18:09:26 +08:00
suda-morris
61ce868396 make bootloader_support support esp32s2beta 2019-06-11 13:07:02 +08:00
suda-morris
cc98b9ef60 add rom for esp32s2beta 2019-06-11 13:06:32 +08:00
suda-morris
12f00d9a5e make bootloader support esp32s2beta 2019-06-11 13:06:32 +08:00
Angus Gratton
c9bf3a3b17 Merge branch 'bugfix/remove_secure_boot_test_mode' into 'master'
remove secure boot test mode

See merge request idf/esp-idf!5059
2019-06-11 07:25:07 +08:00
Gautier Seidel
542e544faa esp32: Allow fixed static RAM size and DRAM heap size
Merges https://github.com/espressif/esp-idf/pull/3222
2019-06-06 18:23:04 +10:00
Angus Gratton
22514c1dd9 cmake: For gcc8 use linker to find paths to libc, libm, libstdc++, etc
Removes the need to know/guess the paths to these libraries. Once we are gcc 8 only, we
can remove -nostdlib and no additional arguments are needed for system libraries.

The catch is: any time IDF overrides a symbol in the toolchain sysroot, we need
an undefined linker marker to make sure this symbol is seen by linker.
2019-05-28 12:54:37 +08:00
hemal.gujarathi
865b24144e remove secure boot test mode 2019-05-23 14:13:08 +05:30
Renz Christian Bagaporo
e1db12993b bootloader: pass legacy header config variable to subproject 2019-05-21 17:03:45 +08:00
Roland Dobai
1ad2283641 Rename Kconfig options (components/bootloader) 2019-05-21 09:32:55 +02:00
Roland Dobai
997b29a9ca Rename Kconfig options (components/esptool_py) 2019-05-21 09:32:55 +02:00
Roland Dobai
0ae53691ba Rename Kconfig options (components/esp32) 2019-05-21 09:09:01 +02:00
Renz Christian Bagaporo
927007fdd2 cmake: fix custom bootloader issue
Issue is that when users creates a custom bootloader from
$IDF_PATH/components/bootloader. Parent project build uses the copy but
bootloader subproject build uses the original still. The issue is solved
by passing the custom bootloader as extra component directory so
bootloader build knows to use the new copy (itself) in the build.
2019-05-17 15:17:32 +08:00
Renz Christian Bagaporo
ffec9d4947 components: update with build system changes 2019-05-13 19:59:17 +08:00
suda-morris
63e4677c55 pass IDF_TARGET variable to bootloader build process 2019-05-09 14:19:02 +08:00
Michael (XIAO Xufeng)
562af8f65e global: move the soc component out of the common list
This MR removes the common dependency from every IDF components to the SOC component.

Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components.
But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components.

In CMAKE, we have two kinds of header visibilities (set by include path visibility):

(Assume component A --(depends on)--> B, B is the current component)

1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B)
2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only)

and we have two kinds of depending ways:

(Assume component A --(depends on)--> B --(depends on)--> C, B is the current component)

1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B)
2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B)

1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default.
2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it.
3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers
4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link)

This is a breaking change. Previous code may depends on the long include chain.
You may need to include the following headers for some files after this commit:

- soc/soc.h
- soc/soc_memory_layout.h
- driver/gpio.h
- esp_sleep.h

The major broken include chain includes:

1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h.
2. ets_sys.h no longer includes soc/soc.h
3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h

some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h

BREAKING CHANGE
2019-04-16 13:21:15 +08:00
Ivan Grokhotkov
e84b26f531 esp_rom: export newlib functions as strong symbols 2019-04-10 13:52:30 +08:00
suda-morris
78034879a8 make bootloader depend on IDF_TARGET 2019-04-08 11:08:06 +08:00
Angus Gratton
5136b76798 Merge branch 'feature/micro-ecc-only-in-bootloader' into 'master'
Use micro_ecc library only in bootloader

See merge request idf/esp-idf!4082
2019-04-04 14:26:48 +08:00
morris
f5b03c9ea3 misc adjustment of esp32 component 2019-04-03 19:57:46 +08:00
morris
79bb5de426 derive esp_wifi from esp32 component 2019-04-01 20:04:52 +08:00
Mahavir Jain
202f689baa bootloader: use mbedTLS for secure boot verification in firmware 2019-04-01 15:46:52 +05:30
Mahavir Jain
369e170ebc micro-ecc: move into booloader directory 2019-04-01 15:45:26 +05:30
morris
dbdb299bb1 create xtensa component
1. move xtensa specific files out of esp32 component
2. merge xtensa-debug-module component into xtensa
2019-03-27 20:24:28 +08:00
morris
a2f07b0806 move common include files from esp32 into esp_common 2019-03-26 11:57:03 +08:00
Angus Gratton
1be147c457 Merge branch 'feature/allow_components_to_declare_images_to_flash' into 'master'
Allow components to present their own images to flash

See merge request idf/esp-idf!4148
2019-03-22 11:14:37 +08:00
morris
c159984264 separate rom from esp32 component to esp_rom
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
2019-03-21 18:51:45 +08:00
Renz Christian Bagaporo
234de8de55 cmake: Allow components to present their own images to flash 2019-03-18 03:45:22 +08:00
Konstantin Kondrashov
7626145e6d bootloader: Add support efuse component 2019-02-28 07:31:29 +00:00
Konstantin Kondrashov
e916cf52a3 bootloader: Add support of anti-rollback
Added:
* set a secure version in app/bootloader.
* description anti-rollback to ota part
* emulate the secure_version write and read operations
* efuse_em partition.
* a description about a rollback for native_ota_example.

Closes: TW26335
2019-02-14 18:51:43 +08:00
Roland Dobai
37126d3451 Correct Kconfigs according to the coding style 2019-01-29 13:37:01 +01:00
Konstantin Kondrashov
dde1fd9b94 bootloader: Add support flags for rollback app
Added
* Set actual ota_seq if both ota are init or incorrect.
* Description of rollback
* UT tests

Closes TW15459
2018-12-11 11:54:21 +08:00
Renz Christian Bagaporo
37d30c7a6e cmake: separate app from idf lib project
mbedtls: import mbedtls using unmodified cmake file
2018-11-27 13:59:24 +08:00
Renz Christian Bagaporo
3a02a12aa4 cmake: remove unecessary info passed to bootloader build 2018-11-23 16:08:47 +08:00
Anurag Kar
1f6622b2d1 CMake : Secure Boot support added 2018-11-06 17:09:55 +05:30
Ivan Grokhotkov
73d1b5a7a0 bootloader: verify that loaded image does not overlap bootloader code
Fixes CVE-2018-18558
2018-10-26 12:44:10 +08:00
Renz Bagaporo
cc774111bf cmake: Add support for test build 2018-10-20 12:07:24 +08:00
Angus Gratton
f53fef9936 Secure Boot & Flash encryption: Support 3/4 Coding Scheme
Includes esptool update to v2.6-beta1
2018-10-16 16:24:10 +11:00
Ivan Grokhotkov
9240bbb708 esp32: remove ROM functions redefined in IDF from LD script
In some cases, linker could choose to use ROM functions instead of the
ones defined in IDF.
For functions used in ROM stub table, this would lead to infinite
recursion when the corresponding function was called from ROM.
For crypto functions, some of these were modified in IDF, and
incompatible with ROM counterparts.
2018-10-02 01:20:04 +00:00
Angus Gratton
4d99513bdb bootloader: Fix crash enabling flash encryption
Regression in 9c715d7946
2018-09-26 18:26:06 +10:00
Renz Christian Bagaporo
d9939cedd9 cmake: make main a component again 2018-09-11 09:44:12 +08:00
Angus Gratton
b355854d4d Merge branch 'master' into feature/cmake 2018-09-05 10:35:04 +08:00
Ivan Grokhotkov
2469718481 Merge branch 'bugfix/check_python_order_only_prereq' into 'master'
Use check_python_dependencies everywhere as order-only-prerequisite

See merge request idf/esp-idf!3174
2018-09-04 20:31:49 +08:00