Goal is that multiple faults would be required to bypass a boot-time signature check.
- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32
Add some additional checks for invalid sections:
- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
Prefer assertions, making available functions only when caps support it
for cpu-related abstractions.
Changes cpu hal functions to stall, unstall, reset to not accept -1;
instead prefering macros that provide the same functionality.
Configurable option to use IRAM as byte accessible memory (in single core mode) using
load-store (non-word aligned and non-word size IRAM access specific) exception handlers.
This allows to use IRAM for use-cases where certain performance penalty
(upto 170 cpu cycles per load or store operation) is acceptable. Additional configuration
option has been provided to redirect mbedTLS specific in-out content length buffers to
IRAM (in single core mode), allows to save 20KB per TLS connection.
* Let `[ignore] case` return to freedom
1) Because this test uses its own ISR, we need to release it with `esp_intr_free` instead of `pcnt_isr_service_uninstall`.
2) `pcnt_evt_queue` needs to be created before the interrupt is registered and needs to be released at the end of each case.
* Add test support for ESP32S2
* Support chip internal connection, no external wiring required.
On the ESP32S2, rtc_clk_cal(RTC_CAL_RTC_MUX) measures the frequency
of the 90kHz RTC clock regardless of the selected slow clock
frequency. Keep track which clock is selected and pass the argument
to rtc_clk_cal accordingly.
fix clock choices
update rtc 32k xtal code for s2
missed api in rtc.h
bootloader_clock: update for S2
These definitions have ended up being chip specific. Moving them into
respective soc_memory_layout.c makes the whole picture of memory
regions easier to see, and also makes adding support for new chips
easier.
1. add brownout detector HAL for esp32 and esp32s2
2. enable brownout reset for esp32 rev. 1 and above
3. add approximate brownout detector levels for esp32s2
test_mux register doesn't exist in RTCCNTL anymore, remove it from
struct header. Also remove adc_ll_vref_output implementation, which
depends on that register.
spin_lock: cleaned-up port files and removed portmux files
components/soc: decoupled compare and set operations from FreeRTOS
soc/spinlock: filled initial implementation of spinlock refactor
It will decouple the spinlocks into separated components with not depencences of freertos
an similar interface was provided focusing the readabillity and maintenance, also
naming to spinlocks were adopted. On FreeRTOS side the legacy portMUX macros
gained a form of wrapper functions that calls the spinlocks component thus
minimizing the impact on RTOS side.
This feature aims to close IDF-967
soc/spinlock: spinlocks passed on unit test, missing test corner cases
components/compare_set: added better function namings plus minor performance optimization on spinlocks
soc/spinlock: code reordering to remove ISC C90 mix error
freertos/portmacro: gor rid of critical sections multiline macros, placed inline functions instead
soc/spinlock: improved spinlock performance from internal RAM
For cases where the spinlock is executed from IRAM, there is no
need to check where the spinlock object is placed on memory,
removing this checks caused a great improvement on performance.
1. use spi functions in rom
2. remove unnecessary GPIO configurations.
3. remove unnecessary dummy settings.
4. enable dummy out function
5. flash and psram have independent timing setting registers.
6. no need to set 1.9v for LDO in 80Mhz
7. set IO driver ability to 1 by default.
8. no need to use GPIO matrix on esp32s2, IO MUX is recommended
9. enable spi clock mode and IO mode settings
The following commit refactors the CAN driver such that
it is split into HAL and Lowlevel layers. The following
changes have also been made:
- Added bit field members to can_message_t as alternative
to message flags. Updated examples and docs accordingly
- Register field names and fields of can_dev_t updated
ledc_types.h includes two similar enums, ledc_clk_src_t & ledc_clk_cfg_t. Latter was added in
ESP-IDF v4.0.
The two enums do different things but there are two similar names: LEDC_REF_TICK / LEDC_USE_REF_TICK
and LEDC_APB_CLK / LEDC_USE_APB_CLK.
Because C will accept any enum or integer value for an enum argument, there's no easy way to check
the correct enum is passed without using static analysis.
To avoid accidental errors, make the numeric values for the two similarly named enums the same.,
Noticed when looking into https://github.com/espressif/esp-idf/issues/4476
* Modify the function implementation of ESP32-S2 RTC GPIO
On ESP32 those PADs which have RTC functions must set pullup/down/capability via RTC register.
On ESP32-S2, Digital IOs have their own registers to control pullup/down/capability, independent with RTC registers.
* Add ESP32-S2 support of unit test
* Modify the pull-up test of unit test
* Modify the interrupt test of unit test
* Modify input and output mode test of unit test
1. add hal and low-level layer for timer group
2. add callback functions to handle interrupt
3. add timer deinit function
4. add timer spinlock take function
There used to be dummy phase before out phase in common command
transactions. This corrupts the data.
The code before never actually operate (clear) the QE bit, once it finds
the QE bit is set. It's hard to check whether the QE set/disable
functions work well.
This commit:
1. Cancel the dummy phase
2. Set and clear the QE bit according to chip settings, allowing tests
for QE bits. However for some chips (Winbond for example), it's not
forced to clear the QE bit if not able to.
3. Also refactor to allow chip_generic and other chips to share the same
code to read and write qe bit; let common command and read command share
configure_host_io_mode.
4. Rename read mode to io mode since maybe we will write data with quad
mode one day.
1. simplify deallocate in esp_eth_mac_new_esp32, esp_eth_mac_new_dm9051
2. remove blocking operation in os timer callback
3. check buffer size in ethernet receive function
During coredump, dangerous-area-checking should be disabled, and cache
disabling should be replaced by a safer version.
Dangerous-area-checking used to be in the HAL, but it seems to be more
fit to os functions. So it's moved to os functions. Interfaces are
provided to switch between os functions during coredump.
The esp_flash API has a side effects: it modifies the clock control
registers, and this makes the clock inconsistent with the ROM variable
`g_rom_spiflash_dummy_len_plus`.
This commit helps the ROM to get the correct dummy cycles required by
the latest clock settings. Every device on the SPI1 bus will update the
ROM variable when it modifies the clock registers.
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY
variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
This commit refactors backtracing within the panic handler so that a common
function esp_backtrace_get_next_frame() is used iteratively to traverse a
callstack.
A esp_backtrace_print() function has also be added that allows the printing
of a backtrace at runtime. The esp_backtrace_print() function allows unity to
print the backtrace of failed test cases and jump back to the main test menu
without the need reset the chip. esp_backtrace_print() can also be used as a
debugging function by users.
- esp_stack_ptr_is_sane() moved to soc_memory_layout.h
- removed uncessary includes of "esp_debug_helpers.h"
Using xxx_periph.h in whole IDF instead of xxx_reg.h, xxx_struct.h, xxx_channel.h ... .
Cleaned up header files from unnecessary headers (releated to soc/... headers).
introduced in f871cc5ffa
The issue is caused by
1. The hal didn't pass the io_mode to LL.
2. The setup_device function overwrite the trans-specific settings.
This MR removes the common dependency from every IDF components to the SOC component.
Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components.
But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components.
In CMAKE, we have two kinds of header visibilities (set by include path visibility):
(Assume component A --(depends on)--> B, B is the current component)
1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B)
2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only)
and we have two kinds of depending ways:
(Assume component A --(depends on)--> B --(depends on)--> C, B is the current component)
1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B)
2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B)
1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default.
2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it.
3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers
4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link)
This is a breaking change. Previous code may depends on the long include chain.
You may need to include the following headers for some files after this commit:
- soc/soc.h
- soc/soc_memory_layout.h
- driver/gpio.h
- esp_sleep.h
The major broken include chain includes:
1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h.
2. ets_sys.h no longer includes soc/soc.h
3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h
some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h
BREAKING CHANGE
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
soc unit tests have not been included when compiling with CMake,
because ../${SOC_NAME}/test was not evaluated relative to the
CMakeLists.txt directory.
Also call register_components() regardless of the presence of test
directory for particular target.
The following 2 compiler warnings are only reproducible when setting:
OPTIMIZATION_FLAGS = -Ofast
esp-idf/components/soc/esp32/rtc_clk.c:
In function 'rtc_clk_cpu_freq_get':
esp-idf/components/soc/esp32/rtc_clk.c:506:12:
error: 'freq' may be used uninitialized in this function
[-Werror=maybe-uninitialized]
return freq;
esp-idf/components/esp_ringbuf/ringbuf.c:
In function 'xRingbufferReceiveSplitFromISR':
esp-idf/components/esp_ringbuf/ringbuf.c:934:26:
error: 'pvTempTailItem' may be used uninitialized in this function
[-Werror=maybe-uninitialized]
*ppvTailItem = pvTempTailItem;
Closes https://github.com/espressif/esp-idf/pull/2878
1. fix error when fading is too fast
2. fix error when setting duty and update immediately
3. update register header file to be in accord with TRM
closes https://github.com/espressif/esp-idf/issues/2903
A workaround to reset BBPLL configuration after light sleep. Fixes the
issue that Wi-Fi can not receive packets after waking up from light
sleep.
Ref. https://github.com/espressif/esp-idf/issues/2711
The DMA cannot receive data correctly when the buffer address is not
WORD aligned. Currently we only check whether the buffer is in the DRAM
region.
The DMA always write in WORDs, so the length arguments should also be
multiples of 32 bits.
A check is added to see whether the buffer is WORD aligned and has valid
length.
If zero-overhead loop buffer is enabled, under certain rare conditions
when executing a zero-overhead loop, the CPU may attempt to execute an invalid instruction. Work around by disabling the buffer.
New unity component can be used for testing other applications.
Upstream version of Unity is included as a submodule.
Utilities specific to ESP-IDF unit tests (partitions, leak checking
setup/teardown functions, etc) are kept only in unit-test-app.
Kconfig options are added to allow disabling certain Unity features.
This commit resolves a blocking in esp_aes_block function.
Introduce:
The problem was in the fact that AES is switched off at the moment when he should give out the processed data. But because of the disabled, the operation can not be completed successfully, there is an infinite hang. The reason for this behavior is that the registers for controlling the inclusion of AES, SHA, MPI have shared registers and they were not protected from sharing.
Fix some related issue with shared using of AES SHA RSA accelerators.
Closes: https://github.com/espressif/esp-idf/issues/2295#issuecomment-432898137
Introduced in 97e3542947.
The previous commit frees the IRAM part when single core, but doesn't
change the memory layout functions. The unit test mallocs IRAM memory
from the heap, accidently into the new-released region, which doesn't
match the memory layout function.
This commit update the memory layout function to fix this.
Some logging done in soc component may happen before logging via
stdout is possible. Use _EARLY version of log calls to make sure that
output is visible. The downside is that application does not have a
way to silence these logs. However since the soc component doesn’t
use any LOGV/LOGD/LOGI and only logs warnings and errors, this should
not impact the application.
When CONFIG_ESP32_RTCDATA_IN_FAST_MEM is enabled, RTC data is placed
into RTC_FAST memory region, viewed from the data bus. However the
bootloader was missing a check that this region should not be
overwritten after deep sleep, which caused .rtc.bss segment to loose
its contents after wakeup.