Sachin Parekh
7fe2a4815d
secure_boot: Added Kconfig option for aggressive key revoke
...
Applicable to S2, C3, and S3
2021-11-09 15:19:47 +05:30
Ivan Grokhotkov
5bfd10113a
bootloader: fix adding bootloader_components to EXTRA_COMPONENT_DIRS
2021-10-06 10:17:19 +02:00
Mahavir Jain
8c3287e0db
Merge branch 'docs/add_note_for_esp32_sec_dl_mode' into 'master'
...
bootloader: add note about secure download mode for ESP32 target
Closes IDFGH-5857
See merge request espressif/esp-idf!15304
2021-09-30 04:00:50 +00:00
Mahavir Jain
3cff291f95
bootloader: add note about secure download mode for ESP32 target
...
Closes IDFGH-5857
Closes https://github.com/espressif/esp-idf/issues/7557
2021-09-22 15:37:40 +05:30
Sachin Parekh
c4e445b6f3
secure_boot: Enable --no-stub if secure boot enabled
...
ROM code doesn't allow loader stub to be executed in case secure boot in
enabled. Providing --no-stub flag to esptool allows user to flash new
firmware, given download mode hasn't been disabled
2021-09-22 12:45:46 +05:30
Sachin Parekh
bf1dde7233
bootloader: Enable clock glitch detection
...
Reset the device when clock glitch detected. Clock glitch detection is
only active in bootloader
2021-09-02 12:25:12 +05:30
Sachin Parekh
2d82560ed5
bootloader: Enable Secure boot V2 for ESP32-S3
2021-08-19 14:08:12 +05:30
Mahavir Jain
012c9e26a4
Merge branch 'fixes/secure_boot' into 'master'
...
secure_boot/esp32(s2,c3): Disable read protecting of efuses
See merge request espressif/esp-idf!14769
2021-08-17 05:05:00 +00:00
Sachin Parekh
f430e86c0f
secure_boot/esp32(s2,c3): Disable read protecting of efuses
...
When secure boot is enabled, disable the ability to read protect
efuses that contain the digest.
2021-08-13 13:41:59 +05:30
Michael (XIAO Xufeng)
dd40123129
bootloader: add xmc spi_flash startup flow to improve reliability
2021-08-12 17:22:42 +08:00
Wu Zheng Hui
fb7894382b
Merge branch 'bugfix/fix_c3_bootloader_ld_addr_err' into 'master'
...
update c3 bootloader ld rom addr info
See merge request espressif/esp-idf!14168
2021-07-31 05:43:58 +00:00
SalimTerryLi
2347e68e6b
soc: move peripheral linker scripts out of target component
2021-07-22 12:55:01 +08:00
KonstantinKondrashov
4ccb5515ef
fpga/bootloader: Fix LoadProhibited error when bootloader_fill_random() is not in iram_loader_seg
2021-07-16 10:50:06 +10:00
Angus Gratton
072232a934
docs: Expand bootloader section
...
- Cover customization options
- Cross-link to the "general notes" section which explains the low-level details
Closes IDF-313
2021-07-13 17:33:53 +10:00
Angus Gratton
4fe4df8770
Merge branch 'feature/bootloader_pin_level_pr7089' into 'master'
...
bootloader: Add configurable pin level for factory reset (PR)
Closes IDFGH-5337
See merge request espressif/esp-idf!13956
2021-07-13 05:39:25 +00:00
Angus Gratton
6bbb58c8c2
bootloader: Small cleanup and docs for factory reset level config
...
- Add to docs & config descriptions
- Change to a "choice" to become self-documenting
- Keep the bootloader_common_check_long_hold_gpio() function for compatibility
2021-07-05 12:08:36 +08:00
chegewara
fb7234a13d
bootloader: Add selectable level for factory reset pin
...
Closes https://github.com/espressif/esp-idf/pull/7089
2021-07-05 12:08:36 +08:00
Omar Chebib
a79acb413e
bootloader: override the 2nd stage bootloader
...
Add the possibility to have user bootloader components. This is performed
from an application/project, by creating bootloader components. To do so,
it is required to create a `bootloader_component` directory containing
the custom modules to be compiled with the bootloader.
Thanks to this, two solutions are available to override the bootloader now:
- Using hooks within a user bootloader component
- Using a user defined `main` bootloader component to totally override the
old implementation
Please check the two new examples in `examples/custom_bootloader`
* Closes https://github.com/espressif/esp-idf/issues/7043
2021-07-05 10:25:32 +08:00
Shu Chen
75bd02bd46
esp32h2: add some more fixes and TODOs
2021-07-01 20:36:39 +08:00
wuzhenghui
112372d598
update rom bootloader addr info
2021-07-01 19:53:50 +08:00
Shu Chen
2df4ddf998
esp32h2: fixes after rebase
2021-07-01 19:53:50 +08:00
Shu Chen
c0056813f2
esp32h2: add bootloader support
2021-07-01 19:53:11 +08:00
wuzhenghui
a59eb2d607
update c3 bootloader ld addr info
2021-06-28 10:51:06 +08:00
Konstantin Kondrashov
f339b3fc96
efuse(esp32): Deprecate esp_efuse_burn_new_values() & esp_efuse_write_random_key()
...
These functions were used only for esp32 in secure_boot and flash encryption.
Use idf efuse APIs instead of efuse regs.
2021-06-17 07:21:36 +08:00
Anton Maklakov
343cc5025b
make build system: fix build for undefined _lock_* funcs
2021-06-07 12:53:45 +07:00
Jan Brudný
dffe49f305
bootloader: update copyright notice
2021-06-02 14:22:09 +02:00
Michael (XIAO Xufeng)
d6680b689b
Merge branch 'feature/s3beta3_crypto_bringup' into 'master'
...
crypto: initial S3 Beta 3 bringup and testing for SHA/AES/RSA/flash enc
Closes IDF-3004
See merge request espressif/esp-idf!12960
2021-05-19 11:22:05 +00:00
Marius Vikhammer
9b4ba3d707
crypto: initial S3 Beta 3 bringup and testing for SHA/AES/RSA/flash enc
2021-05-18 11:25:41 +08:00
Angus Gratton
ede477ea65
paritition_table: Verify the partition table md5sum when loading the app
...
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).
The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
2021-05-18 01:32:59 +00:00
Jakob Hasse
fc22e3c645
[system]: Made longjmp save for context switch
...
* Patched longjmp to be context-switch safe
longjmp modifies the windowbase and windowstart
registers, which isn't safe if a context switch
occurs during the modification. After a context
switch, windowstart and windowbase will be
different, leading to a wrongly set windowstart
bit due to longjmp writing it based on the
windowbase before the context switch. This
corrupts the registers at the next window
overflow reaching that wrongly set bit.
The solution is to disable interrupts during
this code. It is only 6 instructions long,
the impact shouldn't be significant.
The fix is implemented as a wrapper which
replaces the original first instructions of
longjmp which are buggy. Then, it jumps back
to execute the rest of the original longjmp
function.
Added a comparably reliable test to the
test apps.
2021-04-23 15:55:31 +08:00
Angus Gratton
6f6b4c3983
cmake partition_table: Check binaries fit in partition spaces at build time
...
- Bootloader is checked not to overlap partition table
- Apps are checked not to overlap any app partition regions
Supported for CMake build system only.
Closes https://github.com/espressif/esp-idf/pull/612
Closes https://github.com/espressif/esp-idf/issues/5043
Probable fix for https://github.com/espressif/esp-idf/issues/5456
2021-04-16 16:40:47 +10:00
KonstantinKondrashov
fd867a11df
bootloader: Suppress a Cmake warning - variables were not used by the project
...
Manually-specified variables were not used by the project: SECURE_BOOT_SIGNING_KEY
2021-04-13 11:28:13 +00:00
KonstantinKondrashov
9f932a2a18
bootloader: Fix error in Make build system when signature options is on
2021-04-13 11:28:13 +00:00
KonstantinKondrashov
4e23f9f3b7
secure_boot_v2: Adds support SB_V2 for ESP32-C3 ECO3
2021-04-07 19:52:44 +08:00
Angus Gratton
97ea00f355
Merge branch 'doc/flash_encryption_development' into 'master'
...
doc: Mention Flash Encryption on the host is possible in Release mode
Closes IDFGH-4074
See merge request espressif/esp-idf!12721
2021-04-06 08:13:43 +00:00
Angus Gratton
e97ae26f48
doc: Mention pre-encrypting on the host is possible in Release mode
...
Closes https://github.com/espressif/esp-idf/issues/5945
2021-04-06 16:58:58 +10:00
Angus Gratton
fda565a5bf
Merge branch 'bugfix/partition_table_depends_esptoolpy' into 'master'
...
esptool_py: Fix issue where build with limited components doesn't include esptool_py
Closes IDFGH-4876 and IDFGH-4874
See merge request espressif/esp-idf!12653
2021-03-31 01:30:33 +00:00
Marius Vikhammer
8ac74082f1
soc: add dummy bytes to ensure instr prefetch always valid
...
The CPU might prefetch instructions, which means it in some cases
will try to fetch instruction located after the last instruction in
flash.text.
Add dummy bytes to ensure fetching these wont result in an error,
e.g. MMU exceptions
2021-03-29 13:50:03 +08:00
Aditya Patwardhan
2095148b31
bootloader/ ESP32_ECO3: Do not disable UART download mode by default
2021-03-23 08:15:32 +00:00
Angus Gratton
1581744c10
Merge branch 'feature/main_task_affinity_pr6627' into 'master'
...
Allow selection of different core for main task
Closes IDFGH-4828
See merge request espressif/esp-idf!12654
2021-03-22 06:46:24 +00:00
KonstantinKondrashov
95564b4687
secure_boot: Secure Boot V2 verify app signature on update (without Secure boot)
...
- ESP32 ECO3, ESP32-S2/C3/S3
2021-03-15 12:30:20 +00:00
Angus Gratton
6f362b9383
bootloader: Add config options to skip validation of app for minimum boot time
2021-03-10 14:00:46 +11:00
0xFEEDC0DE64
6928db7670
Allow selection of different core for main task
...
Closes https://github.com/espressif/esp-idf/pull/6627
2021-03-09 10:13:28 +11:00
Angus Gratton
9c03f04769
esptool_py: Add esptool_py as a dependency for any component that uses it
...
Many components uses esptool_py_flash_target function, they all should
explicitly requier the esptool_py component.
Related to https://github.com/espressif/esp-idf/issues/6670
2021-03-08 19:47:38 +11:00
Angus Gratton
90ec0b0327
bootloader: Allow 'silent assert' config to work in bootloader
...
Requires adding the 'newlib' component to the bootloader project, for
platform_include header.
2021-03-03 10:26:57 +11:00
Angus Gratton
cbc58b85e2
Merge branch 'feature/adds_check_in_app_that_flash_enc_is_on' into 'master'
...
bootloader: Adds a check that app is run under FE
Closes IDF-640
See merge request espressif/esp-idf!12368
2021-02-25 22:39:13 +00:00
Angus Gratton
501af6dfa2
Merge branch 'feature/secure_boot_revoke_check' into 'master'
...
secure_boot: Checks secure boot efuses
Closes IDF-2609
See merge request espressif/esp-idf!12148
2021-02-25 22:38:42 +00:00
Renz Bagaporo
5e8799bbfe
esp_common: move some headers
2021-02-24 12:16:37 +08:00
KonstantinKondrashov
90f2d3199a
secure_boot: Checks secure boot efuses
...
ESP32 V1 and V2 - protection bits.
ESP32xx V2: revoke bits, protection bits
- refactor efuse component
- adds some APIs for esp32 chips as well as for esp32xx chips
2021-02-23 03:56:21 +08:00
KonstantinKondrashov
11a2f2acd3
bootloader: Adds a check that app is run under FE
2021-02-15 20:33:50 +08:00