Commit Graph

239 Commits

Author SHA1 Message Date
Angus Gratton
abd6d40796 secure boot: Ensure mbedTLS enables ECDSA if signatures are checked in app
and all ECDSA to be disabled if secure boot is not enabled

Previously if ECDSA disabled in config then secure_boot_signatures.c would
fail to build (whether or not secure boot was enabled).

To avoid breaking apps that might be using the signature scheme with custom OTA
without enabling secure boot signatures in config, this change just disables
this functionality if unavailable in mbedTLS config.

Possible fix for root cause of https://github.com/espressif/esp-idf/pull/3703
2019-08-30 14:56:11 +10:00
Angus Gratton
1cd54d34f6 Merge branch 'bugfix/bootloader_factory_reset_with_wake_up_from_deep_sleep' into 'master'
bootloader: Blocking the Factory reset during wake up from deep sleep

Closes IDFGH-1536

See merge request espressif/esp-idf!5673
2019-08-29 09:35:08 +08:00
Angus Gratton
a21ca2270a Merge branch 'feature/deep_sleep_fast_wake' into 'master'
bootloader: Reduce the time spent in image validation when waking from deep sleep

See merge request espressif/esp-idf!5140
2019-08-28 08:54:28 +08:00
KonstantinKondrashov
69f45c3674 bootloader: Factory reset not for deep sleep
Closes: https://github.com/espressif/esp-idf/issues/3800

Closes: IDFGH-1536
2019-08-23 10:21:06 +00:00
Ivan Grokhotkov
12c9d9a564 spi_flash: remove duplicate definition of spi_flash_unlock
The other (static) definition is in flash_ops.c, all references are
also in flash_ops.c.
2019-08-23 12:37:55 +08:00
KonstantinKondrashov
c543aac91e bootloader: API for the fast wakeup and custom using RTC mem
Added "Reserve RTC FAST memory for custom purposes" option.
Added a boot counter.
2019-08-21 11:44:37 +00:00
Tim Nordell
43393cf4d1 bootloader: Support for skipping validation upon wake from deep sleep
This saves time when waking up from deep sleep, but potentially decreases
the security of the system.  If the application able to modify itself
(especially areas that are loaded into RAM) in flash while running
without crashing or is modifies the cached bits of information about
what was last booted from the bootloader, this could cause security
issues if the user does a "deep sleep reset" since the full validation
is skipped.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Anton Maklakov
afbaf74007 tools: Mass fixing of empty prototypes (for -Wstrict-prototypes) 2019-08-01 16:28:56 +07:00
Renz Christian Bagaporo
9edc867c62 bootloader: fix secure boot issues
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
2019-06-28 10:54:21 +08:00
Renz Christian Bagaporo
f332e0c1d6 partition_table: move establishing dependencies to respective components
partition_table: move establishing dependencies to respective components
2019-06-28 10:50:52 +08:00
Hemal Gujarathi
a68c7c21e1 Improve flash encryption documentation and add Development & Release modes
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
2019-06-25 23:41:18 +00:00
Angus Gratton
9a412d3a08 Merge branch 'feature/use_new_component_registration_apis' into 'master'
Use new component registration API

See merge request idf/esp-idf!4898
2019-06-25 10:24:11 +08:00
Angus Gratton
9d573c65dc Merge branch 'bugfix/legacy_header_bootloader_build' into 'master'
bootloader: pass legacy header config variable to subproject

See merge request idf/esp-idf!4966
2019-06-25 10:23:33 +08:00
Renz Christian Bagaporo
9eccd7c082 components: use new component registration api 2019-06-21 19:53:29 +08:00
Renz Christian Bagaporo
e8582e9aa4 esptool_py: use passed offset and image when template is given
esptool_py defines command `esptool_py_flash_project_args` that
generates arg file for esptool.py. Two of the arguments are the offset
and image, which are not being used when a template file is given.
This commit makes variables OFFSET and IMAGE available to the template
file, which will holds the value of the offset and image arguments to
`esptool_py_flash_project_args`.
2019-06-21 19:48:41 +08:00
Renz Christian Bagaporo
3882e48e8a cmake: use new signature form of target_link_library to link components
!4452 used setting LINK_LIBRARIES and INTERFACE_LINK_LIBRARIES to link
components built under ESP-IDF build system. However, LINK_LIBRARIES does
not produce behavior same as linking PRIVATE. This MR uses the new
signature for target_link_libraries directly instead. This also moves
setting dependencies during component registration rather than after all
components have been processed.

The consequence is that internally, components have to use the new
signature form as well. This does not affect linking the components to
external targets, such as with idf_as_lib example. This only affects
linking additional libraries to ESP-IDF libraries outside component processing (after
idf_build_process), which is not even possible for CMake<v3.13 as
target_link_libraries is not valid for targets not created in current
directory. See https://cmake.org/cmake/help/v3.13/policy/CMP0079.html#policy:CMP0079
2019-06-11 18:09:26 +08:00
Angus Gratton
c9bf3a3b17 Merge branch 'bugfix/remove_secure_boot_test_mode' into 'master'
remove secure boot test mode

See merge request idf/esp-idf!5059
2019-06-11 07:25:07 +08:00
Gautier Seidel
542e544faa esp32: Allow fixed static RAM size and DRAM heap size
Merges https://github.com/espressif/esp-idf/pull/3222
2019-06-06 18:23:04 +10:00
Angus Gratton
22514c1dd9 cmake: For gcc8 use linker to find paths to libc, libm, libstdc++, etc
Removes the need to know/guess the paths to these libraries. Once we are gcc 8 only, we
can remove -nostdlib and no additional arguments are needed for system libraries.

The catch is: any time IDF overrides a symbol in the toolchain sysroot, we need
an undefined linker marker to make sure this symbol is seen by linker.
2019-05-28 12:54:37 +08:00
hemal.gujarathi
865b24144e remove secure boot test mode 2019-05-23 14:13:08 +05:30
Renz Christian Bagaporo
e1db12993b bootloader: pass legacy header config variable to subproject 2019-05-21 17:03:45 +08:00
Roland Dobai
1ad2283641 Rename Kconfig options (components/bootloader) 2019-05-21 09:32:55 +02:00
Roland Dobai
997b29a9ca Rename Kconfig options (components/esptool_py) 2019-05-21 09:32:55 +02:00
Roland Dobai
0ae53691ba Rename Kconfig options (components/esp32) 2019-05-21 09:09:01 +02:00
Renz Christian Bagaporo
927007fdd2 cmake: fix custom bootloader issue
Issue is that when users creates a custom bootloader from
$IDF_PATH/components/bootloader. Parent project build uses the copy but
bootloader subproject build uses the original still. The issue is solved
by passing the custom bootloader as extra component directory so
bootloader build knows to use the new copy (itself) in the build.
2019-05-17 15:17:32 +08:00
Renz Christian Bagaporo
ffec9d4947 components: update with build system changes 2019-05-13 19:59:17 +08:00
suda-morris
63e4677c55 pass IDF_TARGET variable to bootloader build process 2019-05-09 14:19:02 +08:00
Michael (XIAO Xufeng)
562af8f65e global: move the soc component out of the common list
This MR removes the common dependency from every IDF components to the SOC component.

Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components.
But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components.

In CMAKE, we have two kinds of header visibilities (set by include path visibility):

(Assume component A --(depends on)--> B, B is the current component)

1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B)
2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only)

and we have two kinds of depending ways:

(Assume component A --(depends on)--> B --(depends on)--> C, B is the current component)

1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B)
2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B)

1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default.
2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it.
3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers
4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link)

This is a breaking change. Previous code may depends on the long include chain.
You may need to include the following headers for some files after this commit:

- soc/soc.h
- soc/soc_memory_layout.h
- driver/gpio.h
- esp_sleep.h

The major broken include chain includes:

1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h.
2. ets_sys.h no longer includes soc/soc.h
3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h

some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h

BREAKING CHANGE
2019-04-16 13:21:15 +08:00
Ivan Grokhotkov
e84b26f531 esp_rom: export newlib functions as strong symbols 2019-04-10 13:52:30 +08:00
suda-morris
78034879a8 make bootloader depend on IDF_TARGET 2019-04-08 11:08:06 +08:00
Angus Gratton
5136b76798 Merge branch 'feature/micro-ecc-only-in-bootloader' into 'master'
Use micro_ecc library only in bootloader

See merge request idf/esp-idf!4082
2019-04-04 14:26:48 +08:00
morris
f5b03c9ea3 misc adjustment of esp32 component 2019-04-03 19:57:46 +08:00
morris
79bb5de426 derive esp_wifi from esp32 component 2019-04-01 20:04:52 +08:00
Mahavir Jain
202f689baa bootloader: use mbedTLS for secure boot verification in firmware 2019-04-01 15:46:52 +05:30
Mahavir Jain
369e170ebc micro-ecc: move into booloader directory 2019-04-01 15:45:26 +05:30
morris
dbdb299bb1 create xtensa component
1. move xtensa specific files out of esp32 component
2. merge xtensa-debug-module component into xtensa
2019-03-27 20:24:28 +08:00
morris
a2f07b0806 move common include files from esp32 into esp_common 2019-03-26 11:57:03 +08:00
Angus Gratton
1be147c457 Merge branch 'feature/allow_components_to_declare_images_to_flash' into 'master'
Allow components to present their own images to flash

See merge request idf/esp-idf!4148
2019-03-22 11:14:37 +08:00
morris
c159984264 separate rom from esp32 component to esp_rom
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
2019-03-21 18:51:45 +08:00
Renz Christian Bagaporo
234de8de55 cmake: Allow components to present their own images to flash 2019-03-18 03:45:22 +08:00
Konstantin Kondrashov
7626145e6d bootloader: Add support efuse component 2019-02-28 07:31:29 +00:00
Konstantin Kondrashov
e916cf52a3 bootloader: Add support of anti-rollback
Added:
* set a secure version in app/bootloader.
* description anti-rollback to ota part
* emulate the secure_version write and read operations
* efuse_em partition.
* a description about a rollback for native_ota_example.

Closes: TW26335
2019-02-14 18:51:43 +08:00
Roland Dobai
37126d3451 Correct Kconfigs according to the coding style 2019-01-29 13:37:01 +01:00
Konstantin Kondrashov
dde1fd9b94 bootloader: Add support flags for rollback app
Added
* Set actual ota_seq if both ota are init or incorrect.
* Description of rollback
* UT tests

Closes TW15459
2018-12-11 11:54:21 +08:00
Renz Christian Bagaporo
37d30c7a6e cmake: separate app from idf lib project
mbedtls: import mbedtls using unmodified cmake file
2018-11-27 13:59:24 +08:00
Renz Christian Bagaporo
3a02a12aa4 cmake: remove unecessary info passed to bootloader build 2018-11-23 16:08:47 +08:00
Anurag Kar
1f6622b2d1 CMake : Secure Boot support added 2018-11-06 17:09:55 +05:30
Ivan Grokhotkov
73d1b5a7a0 bootloader: verify that loaded image does not overlap bootloader code
Fixes CVE-2018-18558
2018-10-26 12:44:10 +08:00
Renz Bagaporo
cc774111bf cmake: Add support for test build 2018-10-20 12:07:24 +08:00
Angus Gratton
f53fef9936 Secure Boot & Flash encryption: Support 3/4 Coding Scheme
Includes esptool update to v2.6-beta1
2018-10-16 16:24:10 +11:00