Commit Graph

52 Commits

Author SHA1 Message Date
KonstantinKondrashov
95564b4687 secure_boot: Secure Boot V2 verify app signature on update (without Secure boot)
- ESP32 ECO3, ESP32-S2/C3/S3
2021-03-15 12:30:20 +00:00
Angus Gratton
a7da0c894b Merge branch 'feature/c3_master_flash_enc_support' into 'master'
flash encryption: merge C3 flash encryption changes to master

See merge request espressif/esp-idf!12040
2021-01-22 12:58:38 +08:00
Angus Gratton
fe8a891de9 Merge branch 'feature/support_esp32c3_master_cmake_secure_boot' into 'master'
bootloader/esp32c3: Support secure boot

Closes IDF-2115

See merge request espressif/esp-idf!11797
2021-01-21 08:42:49 +08:00
KonstantinKondrashov
98f726fa4b bootloader/esp32c3: Adds secure boot (not yet supported) 2021-01-19 20:51:13 +08:00
Marius Vikhammer
03fa63b0c9 bootloader: add flash encryption support for C3
Adds flash encryption support for C3 and updates docs for S2 & C3
2021-01-18 14:10:54 +08:00
morris
753a929525 global: fix sign-compare warnings 2021-01-12 14:05:08 +08:00
lucastcox
d5d722c66f app_update: Add definition for esp_ota_abort
Closes: https://github.com/espressif/esp-idf/issues/5329
Merges: https://github.com/espressif/esp-idf/pull/5331

Signed-off-by: Shubham Kulkarni <shubham.kulkarni@espressif.com>
2020-12-03 14:49:52 +05:30
Peter Hoddie
3a768f51c3 app_update: add support for incremental flash erase
This patch modifies the OTA implementation to incremental erase flash sectors
as they are written, rather than bulk erasing them all at once when OTA begins.

This solves several problems:
- The bulk flash erase can take so long that it triggers the watchdog timer.
  Disabling the watchdog is an undesirable risk.
- The bulk erase interferes with the responsiveness of the system to user input.
- Incremental erasing eliminates the need to pass the firmware image size to
  esp_ota_begin to avoid erasing more flash sectors than required.
- When installing an OTA received via HTTP, the size of the firmware image is
  known when the content-length header is received. Calling esp_ota_begin at that
  time causes a long delay to do the bulk erase which causes the TCP transfer
  speed to be measurably slowed when the transfer resumes after the erase.
  Incremental erasing eliminates this TCP slowdown.

Update:
Rework so erase optimization is only applied when image_size is set to
OTA_WITH_SEQUENTIAL_WRITES #5246

Merges https://github.com/espressif/esp-idf/pull/5246
2020-09-04 12:05:02 +05:30
Supreet Deshpande
e640e148cf Secure boot v2 support for ESP32-S2 2020-07-27 00:01:10 +00:00
morris
a34409cffc esp_rom: extract common CRC apis into esp_rom_crc.h 2020-06-23 16:40:14 +08:00
Shubham Kulkarni
6a1b3221c4 app_update: Add API to write data in a non contiguous manner 2020-05-28 10:18:55 +05:30
Shubham Kulkarni
c82a4d59ee esp_ota_ops.c: Fix size calculation to erase partition range for OTA image
Closes https://github.com/espressif/esp-idf/issues/4953
2020-03-31 14:58:32 +00:00
suda-morris
dd248ffc32 Add chip revision into image header
Check chip id and chip revision before boot app image

Closes https://github.com/espressif/esp-idf/issues/4000
2019-09-16 18:13:53 +08:00
Anton Maklakov
afbaf74007 tools: Mass fixing of empty prototypes (for -Wstrict-prototypes) 2019-08-01 16:28:56 +07:00
Konstantin Kondrashov
399d2d2605 all: Using xxx_periph.h
Using xxx_periph.h in whole IDF instead of xxx_reg.h, xxx_struct.h, xxx_channel.h ... .

Cleaned up header files from unnecessary headers (releated to soc/... headers).
2019-06-03 14:15:08 +08:00
Roland Dobai
1ad2283641 Rename Kconfig options (components/bootloader) 2019-05-21 09:32:55 +02:00
Mahavir Jain
816fe38f3a app_update: remove redundant (additional) check for signature verification
Call `esp_image_verify` takes care of validating image signature.
2019-04-01 15:47:01 +05:30
morris
c159984264 separate rom from esp32 component to esp_rom
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
2019-03-21 18:51:45 +08:00
morris
fae39dc326 merge esp_flash_data_types into esp_flash_partitions 2019-03-18 08:51:55 +00:00
Konstantin Kondrashov
e916cf52a3 bootloader: Add support of anti-rollback
Added:
* set a secure version in app/bootloader.
* description anti-rollback to ota part
* emulate the secure_version write and read operations
* efuse_em partition.
* a description about a rollback for native_ota_example.

Closes: TW26335
2019-02-14 18:51:43 +08:00
Angus Gratton
ad200227d2 Merge branch 'feature/add_rollback_flags' into 'master'
bootloader/app_update: Add a support of an app rollback.

See merge request idf/esp-idf!3547
2018-12-19 14:28:11 +08:00
Supreet Deshpande
1d4bb7cc4d bugfix/ota_magic_byte_issue: Fix indent and replace constant by macro
Replace 0xE9 by ESP_IMAGE_HEADER_MAGIC.
2018-12-17 09:56:18 +05:30
Konstantin Kondrashov
dde1fd9b94 bootloader: Add support flags for rollback app
Added
* Set actual ota_seq if both ota are init or incorrect.
* Description of rollback
* UT tests

Closes TW15459
2018-12-11 11:54:21 +08:00
Supreet Deshpande
55d5ee1e79 bugfix/ota_magic_byte_issue: Fixes OTA magic byte error
On enabling flash encryption, OTA fails with magic byte error in the second chunk
if the http data is split into two or more chunks and first chunk is less than 16.
2018-12-10 17:16:38 +05:30
Konstantin Kondrashov
f9522a0eb6 bootloader app_update: Refactoring otadata part 2018-12-05 11:20:03 +08:00
Konstantin Kondrashov
3b9cb25fe1 esp32: Add firmware version to app
Added a new structure esp_app_desc_t. It has info about firmware:
version, secure_version, project_name, time/date build and IDF version.
Added the ability to add a custom structure with a description of the firmware.

The esp_app_desc_t is located in fixed place in start of ROM secotor. It is located after structures esp_image_header_t and esp_image_segment_header_t.

app_version is filed from PROJECT_VER variable (if set in custom make file) or PROJECT_PATH/version.txt or git repo (git describe).

Add API to get app_desc from partition.
2018-12-03 16:52:04 +08:00
Mahavir Jain
26845936b3 app_update: remove unrequired static attribute from mmap handle 2018-10-18 04:38:31 +00:00
Mahavir Jain
b3aff63db4 app_update: fix intermittent failure with firmware updates
Routine `spi_flash_cache2phys` sometimes return incorrect value,
resulting in failure in getting currently running ota partition.
This in turn aborts firmware update process.This issue was more
prominent with SPIRAM enabled cases.

Fix ensures proper cache guards during `spi_flash_cache2phys`, and
also for few other similar APIs.

In addition, `esp_ota_get_running_partition` has also been optimized
to save currently running partition for subsequent invocations.

Fixes https://github.com/espressif/esp-idf/issues/2451
2018-10-18 04:38:31 +00:00
Angus Gratton
b355854d4d Merge branch 'master' into feature/cmake 2018-09-05 10:35:04 +08:00
Angus Gratton
b364f23e17 secure boot: Support secure boot signatures without hardware secure boot
Allows OTA updates to be secured via signature checks, without requiring the overhead or complexity
of a full secure boot implementation.

Uses same signing mechanisms (build system and/or espsecure.py as Secure Boot).

Requires:
* [ ] More testing
* [ ] Documentation
2018-08-29 17:05:29 +08:00
Angus Gratton
ff2404a272 Merge branch 'master' into feature/cmake 2018-08-16 17:14:17 +10:00
Konstantin Kondrashov
117c79eae5 app_update: Add API for getting sha256_of_partition
Added bootloader_common_get_sha256_of_partition() and esp_partition_get_sha256() - get or calculate SHA-256
digest for app and data partitions.
Added bootloader_sha256_hex_to_str() - helps to print SHA-256 digest
Added esp_partition_check_identity() - compares two partitions by SHA-256 digest

Refactoring a function esp_image_load() in bootloader space to esp_image_verify() and
bootloader_load_image(). Old name function esp_image_load is deprecated
and will remove in V4.0 version.

spi_flash/sim: Fix error test_host. Add stub for bootloader_common_get_sha256_of_partition in sim/stubs
2018-08-13 13:59:07 +05:00
Angus Gratton
5cbc4e976b app_update: Don't double-verify secure boot signature during OTA
esp_image_load() already verifies the signature
2018-07-17 15:33:47 +10:00
Angus Gratton
1cb5712463 cmake: Add component dependency support
Components should set the COMPONENT_REQUIRES & COMPONENT_PRIVATE_REQUIRES variables to define their
requirements.
2018-04-30 09:59:20 +10:00
Angus Gratton
2f318d16fa log: Make ESP_LOGx macros into single statements
Requires a semicolon after any use (previously this was optional due to trailing } after expansion)

Closes https://github.com/espressif/esp-idf/issues/1757
2018-04-26 09:08:07 +10:00
Angus Gratton
3dfcc312c8 ota_ops: Fix get_selected_boot_partition() in case there is no factory partition
get_selected_boot_partition() now follows the same basic logic as the bootloader to find the
default boot partition.
2017-09-04 17:37:28 +10:00
Angus Gratton
17adb40ca8 bootloader: Calculate SHA256 hash of image on every boot
Makes app image booting more reliable (256-bit rather than 8-bit verification.)

Some measurements, time to boot a 655KB app.bin file and run to app_main() execution.

(All for rev 1 silicon, ie no 340ms spurious WDT delay.)

80MHz QIO mode:
before = 300ms
after = 140ms

40MHz DIO mode:
before = 712ms
after = 577ms

40MHz DIO mode, secure boot enabled
before = 1380ms
after = 934ms

(Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-07-19 18:31:59 +10:00
Angus Gratton
0c8888d68f bootloader: Combine loading from flash & verifying to save boot time
Still needs updating to account for secure boot.
2017-07-19 18:25:17 +10:00
Deomid Ryabkov
516c708fc7 Enable checks for encrypted flash in OTA
Even if firmware is compiled without CONFIG_FLASH_ENCRYPTION_ENABLED
Rayionale: CONFIG_FLASH_ENCRYPTION_ENABLED controls whether boot loader
generates keys for encryption or not, but flash encryption can be
configured externally. With this change, it's possible to have boot
loader not generate keys but still have encryption working.

Also fix use of it->part
2017-04-11 19:10:26 +08:00
Tian Zhong Xing
c3d5f8e766 app_update: fix logic error when update ota info 2017-02-22 10:26:04 +11:00
Angus Gratton
080350a745 ota ops: Rewrite esp_ota_get_next_update_partition() to be more predictable, add unit tests 2017-02-22 10:26:04 +11:00
Angus Gratton
902382f622 ota ops: Verify partition argument passed to esp_ota_begin() 2017-02-22 10:26:04 +11:00
Angus Gratton
25f739c183 ota ops: Add new functions esp_ota_get_next_update_partition / esp_ota_get_running_partition
* Update OTA example to use these.
* Refactor esp_ota_begin() to return ESP_ERR_OTA_PARTITION_CONFLICT as documented
2017-02-22 10:24:42 +11:00
Angus Gratton
1f3a2e900c docs: Improve/clarify partition, OTA & SPI flash docs
Related to #313 https://github.com/espressif/esp-idf/issues/313
2017-02-20 15:31:42 +11:00
Angus Gratton
2d5162dc3c OTA: Always clean up OTA handle regardless of esp_ota_end() result
As reported on forum: http://esp32.com/viewtopic.php?f=14&t=1093
2017-02-03 10:07:30 +11:00
Angus Gratton
eea2788f5a OTA: Fix issues with encrypted OTA
- OTA source can write non-16-byte multiples of data
- Assumption that empty ota_data is 0xFFFFFFFF untrue when encrypted
2017-01-26 18:52:35 +11:00
Angus Gratton
67336672bd OTA: Improve verification of OTA image before writing, incl. secure boot
Verify 0xE9 magic byte on first write, verify entire image before
switching.

Enable verification for secure boot signature (was using invalid ifdef
guard)
2017-01-26 16:20:06 +11:00
Angus Gratton
813395adcb OTA: Fall back to factory partition if ota data partition is invalid 2017-01-26 16:20:06 +11:00
Chen Wu
d0fccbce15 examples: Add OTA demo 2016-12-29 17:37:17 +08:00
tzx
25e4e21226 app_update: clean up warning log when compile any project 2016-12-07 13:49:53 -08:00