Commit Graph

82 Commits

Author SHA1 Message Date
Angus Gratton
f8b9cb2864 paritition_table: Verify the partition table md5sum when loading the app
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).

The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
2021-06-02 06:35:45 +00:00
Michael (XIAO Xufeng)
15f406ddb7 spi_flash: add config option to override flash size in bootloader header
Sometimes the flash size read from bootloader is not correct. This may
forbid SPI Flash driver from reading the the area larger than the size
in bootloader header.

When the new config option is enabled, the latest configured
ESPTOOLPY_FLAHSIZE in the app header will be used to override the value
read from bootloader header.
2021-02-22 23:18:17 +08:00
Angus Gratton
a94685a222 esp32: Use package identifier to look up SPI flash/PSRAM WP Pin, unless overridden
Allows booting in QIO/QOUT mode or with PSRAM on ESP32-PICO-V3 and
ESP32-PICO-V3-O2 without any config changes.

Custom WP pins (needed for fully custom circuit boards) should still be compatible.
2020-07-24 21:45:31 +08:00
Angus Gratton
f64ae4fa99 efuse: Add 'disable Download Mode' & ESP32-S2 'Secure Download Mode' functionality 2020-05-28 17:50:45 +10:00
Angus Gratton
04ccb84b83 Merge branch 'feature/cpu_abstraction' into 'master'
CPU related operations abstraction

See merge request espressif/esp-idf!7301
2020-02-28 11:54:29 +08:00
Angus Gratton
d40c69375c bootloader: Add fault injection resistance to Secure Boot bootloader verification
Goal is that multiple faults would be required to bypass a boot-time signature check.

- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32

Add some additional checks for invalid sections:

- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
2020-02-27 14:37:19 +05:30
Renz Christian Bagaporo
cefc71cdcd bootloader_support: mem-related initializations using cpu abstractions 2020-02-27 07:14:21 +05:00
Supreet Deshpande
a9ccc5e5c8 feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-25 01:28:22 +05:30
Ivan Grokhotkov
0d69ed8620 bootloader_support: add esp_chip_id_t value for ESP32-S2 2020-02-06 19:50:14 +01:00
morris
e30cd361a8 global: rename esp32s2beta to esp32s2 2020-01-22 12:14:38 +08:00
morris
888316fc64 bootloader_support: refactor to better support multi target 2019-12-23 05:45:17 +00:00
Angus Gratton
496ede9bcd Merge branch 'master' into feature/esp32s2beta_merge 2019-10-15 14:59:27 +11:00
Mahavir Jain
99659091fb bootloader_support: fix logging prints around chip revision 2019-10-11 14:35:22 +05:30
Ivan Grokhotkov
5830f529d8 Merge branch 'master' into feature/esp32s2beta_merge 2019-10-02 19:01:39 +02:00
suda-morris
cbab3c34f8 bootloader: shrink bin size
1. write a bootloader version of "getting chip revision" function.
2. reduce wordy log.
2019-09-27 10:58:30 +08:00
Angus Gratton
adfc06a530 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-20 10:28:37 +10:00
Jiang Jiang Jian
d78831ab2b Merge branch 'bugfix/remove_v40_deprecations' into 'master'
Remove features deprecated before ESP-IDF V4.0

Closes IDF-507

See merge request espressif/esp-idf!5841
2019-09-19 16:07:01 +08:00
suda-morris
dd248ffc32 Add chip revision into image header
Check chip id and chip revision before boot app image

Closes https://github.com/espressif/esp-idf/issues/4000
2019-09-16 18:13:53 +08:00
Angus Gratton
438d513a95 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-16 16:18:48 +10:00
Angus Gratton
62c06047da bootloader_support: Remove deprecated partition load/verify functions
Deprecated since v3.2
2019-09-13 09:44:07 +10:00
Angus Gratton
b547aef2a0 flash encryption: Ensure flash encryption can't be disabled if Secure Boot is on 2019-09-10 11:28:11 +10:00
KonstantinKondrashov
c543aac91e bootloader: API for the fast wakeup and custom using RTC mem
Added "Reserve RTC FAST memory for custom purposes" option.
Added a boot counter.
2019-08-21 11:44:37 +00:00
Tim Nordell
43393cf4d1 bootloader: Support for skipping validation upon wake from deep sleep
This saves time when waking up from deep sleep, but potentially decreases
the security of the system.  If the application able to modify itself
(especially areas that are loaded into RAM) in flash while running
without crashing or is modifies the cached bits of information about
what was last booted from the bootloader, this could cause security
issues if the user does a "deep sleep reset" since the full validation
is skipped.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Angus Gratton
04ae56806c Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 15:26:58 +10:00
Angus Gratton
24d26fccde Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00
Anton Maklakov
afbaf74007 tools: Mass fixing of empty prototypes (for -Wstrict-prototypes) 2019-08-01 16:28:56 +07:00
chenjianqiang
d77c74770a bugfix(flash): add flash config in app startup
We fixed some flash bugs in bootloader, but for the users used the old
vrsion bootloader, they can not fix these bugs via OTA, the solution is
add these updates in app startup.

These updates include:
1. SPI flash gpio matrix and drive strength configuration
2. SPI flash clock configuration
3. SPI flash read dummy configuration
4. SPI flash cs timing configuration
5. Update flash id of g_rom_flashchip
2019-07-18 14:40:59 +08:00
chenjianqiang
d6c40c7c1d bugfix(flash): improve spi cs timing settings for flash
cs setup time is recomemded to be 1.5T, and cs hold time is recommended to be 2.5T.
(cs_setup = 1, cs_setup_time = 0; cs_hold = 1, cs_hold_time = 1)
2019-07-05 21:21:17 +08:00
Angus Gratton
c8570ffa6d bootloader_support: Add C++ header guards
As reported on forum https://esp32.com/viewtopic.php?f=13&t=11173&p=45470
2019-06-26 11:26:56 +10:00
Hemal Gujarathi
a68c7c21e1 Improve flash encryption documentation and add Development & Release modes
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
2019-06-25 23:41:18 +00:00
Angus Gratton
5cb71b5213 Merge branch 'feature/add_doc_about_app_desc_t' into 'master'
docs: Add description about the app image

Closes IDF-597

See merge request idf/esp-idf!4912
2019-06-24 18:40:02 +08:00
Konstantin Kondrashov
0ed590640e bootloader: Move some structs to separated file
Moved structures which describe the app image to separated file.

Closes: IDF-597
2019-06-21 18:43:27 +08:00
Michael (XIAO Xufeng)
1036a091fe spi_flash: support working on differnt buses and frequency 2019-06-18 06:32:52 +00:00
suda-morris
61ce868396 make bootloader_support support esp32s2beta 2019-06-11 13:07:02 +08:00
Michael (XIAO Xufeng)
c8d967417c bootloader: remove duplicate region overlap logic
(MINOR CHANGE)
2019-06-05 14:43:23 +08:00
Konstantin Kondrashov
399d2d2605 all: Using xxx_periph.h
Using xxx_periph.h in whole IDF instead of xxx_reg.h, xxx_struct.h, xxx_channel.h ... .

Cleaned up header files from unnecessary headers (releated to soc/... headers).
2019-06-03 14:15:08 +08:00
chenjianqiang
db138ae19b feat(psram): config SPI psram pins based on efuse value 2019-05-28 21:25:16 +08:00
Anurag Kar
62b0d51c02 Enable secure boot only after encrypting flash
This prevents a device from being bricked in case when both secure boot & flash encryption are enabled and encryption gets interrupted during first boot. After interruption, all partitions on the device need to be reflashed (including the bootloader).

List of changes:
* Secure boot key generation and bootloader digest generation logic, implemented inside function esp_secure_boot_permanently_enable(), has been pulled out into new API esp_secure_boot_generate_digest(). The enabling of R/W protection of secure boot key on EFUSE still happens inside esp_secure_boot_permanently_enable()
* Now esp_secure_boot_permanently_enable() is called only after flash encryption process completes
* esp_secure_boot_generate_digest() is called before flash encryption process starts
2019-04-10 18:17:58 +05:30
morris
fae39dc326 merge esp_flash_data_types into esp_flash_partitions 2019-03-18 08:51:55 +00:00
Konstantin Kondrashov
509e1264b9 efuse: Fix to pass CI tests 2019-02-28 07:31:29 +00:00
Konstantin Kondrashov
e916cf52a3 bootloader: Add support of anti-rollback
Added:
* set a secure version in app/bootloader.
* description anti-rollback to ota part
* emulate the secure_version write and read operations
* efuse_em partition.
* a description about a rollback for native_ota_example.

Closes: TW26335
2019-02-14 18:51:43 +08:00
Konstantin Kondrashov
f9522a0eb6 bootloader app_update: Refactoring otadata part 2018-12-05 11:20:03 +08:00
Konstantin Kondrashov
3b9cb25fe1 esp32: Add firmware version to app
Added a new structure esp_app_desc_t. It has info about firmware:
version, secure_version, project_name, time/date build and IDF version.
Added the ability to add a custom structure with a description of the firmware.

The esp_app_desc_t is located in fixed place in start of ROM secotor. It is located after structures esp_image_header_t and esp_image_segment_header_t.

app_version is filed from PROJECT_VER variable (if set in custom make file) or PROJECT_PATH/version.txt or git repo (git describe).

Add API to get app_desc from partition.
2018-12-03 16:52:04 +08:00
Ivan Grokhotkov
73d1b5a7a0 bootloader: verify that loaded image does not overlap bootloader code
Fixes CVE-2018-18558
2018-10-26 12:44:10 +08:00
Angus Gratton
f53fef9936 Secure Boot & Flash encryption: Support 3/4 Coding Scheme
Includes esptool update to v2.6-beta1
2018-10-16 16:24:10 +11:00
Angus Gratton
326d791ebb bootloader: Fix secure boot digest generation for image length where (len%128 < 32) 2018-10-02 15:17:14 +10:00
Angus Gratton
b355854d4d Merge branch 'master' into feature/cmake 2018-09-05 10:35:04 +08:00
Angus Gratton
2ec0fd8fd6 Merge branch 'feature/signature_verify_updates' into 'master'
secure boot: Support signed app verification without hardware secure boot

See merge request idf/esp-idf!2814
2018-09-04 18:56:47 +08:00
Angus Gratton
e54f3d9616 Merge branch 'bugfix/bootloader_random_in_app' into 'master'
esp32: Allow bootloader_random.h use in app, add esp_fill_random() function

See merge request idf/esp-idf!3124
2018-09-04 10:39:12 +08:00
Konstantin Kondrashov
9c715d7946 bootloader_support: Fix enable rtc_wdt for resolve issue with varying supply
Eliminates the issue with the lock up in the bootloader due to a power drawdown during its operation.

Closes https://github.com/espressif/esp-idf/issues/1814
2018-09-03 05:43:01 +00:00