Secure version in the image header is only available for the application
image. However, for certain security workflows, bootloader verifies
itself (own image) and hence the secure version check during that must be
avoided.
Regression introduced in recent commit-id: 3305cb4d
Tested that both secure boot and flash-enc workflows work correctly
with the anti-rollback scenario.
* Closes https://github.com/espressif/esp-idf/issues/12849
In former versions of ESP-IDF, the user custom memory data in the retained memory
was taken into account during the CRC calculation. This was changed in a later
commit, the custom memory was ignored, therefore this can seen as a breaking change.
This commit gives the possibility to choose between the former (legacy) or
new way of calculating the CRC.
Some additional checks related to secure version of the application in
anti-rollback case have been added to avoid any attempts to boot lower
security version but valid application (e.g., passive partition image).
- Read secure_version under sha256 protection
- First check has been added in the bootloader to ensure correct secure
version after application verification and loading stage. This check
happens before setting up the flash cache mapping and handling over
the final control to application. This check ensures that application
was not swapped (e.g., to lower security version but valid image) just
before the load stage in bootloader.
- Second check has been added in the application startup code to ensure
that currently booting app has higher security version than the one
programmed in the eFuse for anti-rollback scenario. This will ensure
that only the legit application boots-up on the device for
anti-rollback case.
This commit renames USB PHY related HAL files from "usb_phy_xxx" to
"usb_fsls_phy_xxx" since they are only designed to support Full-Speed/Low-Speed
Serial USB PHYs. This renmaing is done to accommodate future USB PHYs that use
other PHY interfaces (e.g., UTMI, ULPI etc).
Currently, when flash encryption is enabled, the whole partition gets encrypted.
This can be optimised by encrypting only the app image instead of encrypting the whole partition.
Closes https://github.com/espressif/esp-idf/issues/12576
Fixed the value of the image_length field of the image metadata populated by esp_image_verfiy()
to include the size of the signature sector when Secure Boot V1 is enabled.
Many places in the ESP_SYSTEM are using CONFIG_FREERTOS_UNICORE instead of CONFIG_ESP_SYSTEM_SINGLE_CORE_MODE (GitHub PR)
Closes IDFGH-11333
See merge request espressif/esp-idf!27435
1st bootloader won't help to initialize the MSPI & cache properly as it
usually do when loading from flash. And the ram app doesn't have valid
headers.
Since there is no enough space in 2nd bootloader, we replace the
`bootloader_init_spi_flash` in the ram_app (!pure_ram_app), with an
customized alternative of it for the ram_app.
This alternative helps to initialize the MSPI & cache properly, without
the help of 1st bootloader or image headers.
On ESP32-S3 with the default efuse settings, USB PHY is connected to
the USB_SERIAL_JTAG peripheral. If USB OTG peripheral is used for the
console, we need to additionally switch the PHY to USB OTG, otherwise
we won't get any output.
Closes https://github.com/espressif/esp-idf/issues/12437