Commit Graph

26 Commits

Author SHA1 Message Date
Tim Nordell
82984f0539 bootloader: Do not obfuscate RAM if we are not doing image validation
No need to take this step if we are not doing image validation.  The
obfuscation only buys us a tiny bit of "security" anyways since the
main parts of flash are memory mapped, too.  This saves a little bit of
wake-up time when waking up from deep sleep when the
BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP option is set.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Tim Nordell
1e32fa2cf7 bootloader: Remove extraneous newlines from some debug statements
ESP_LOGD(...) provides its own new lines so remove these from these
debug strings.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Vikram Dattu
4b42f535ed Add mmu pages available check in non-secure image hash check path.
Made MMU pages available check in `esp_image_format.c`
This now makes it possible to map and process bootoader image as well in chunks when image doesn't fit completely into available free pages.

Signed-off-by: Vikram Dattu <vikram.dattu@espressif.com>
2019-07-01 20:04:15 +00:00
suda-morris
3f2d6a0891 make bootloader_support depend on IDF_TARGET
1. move chip-specific code(e.g. encryption) into IDF_TARGET directory
2. splict app-only code to idf directory which won't be compiled into bootloader
2019-04-16 17:37:56 +08:00
morris
c159984264 separate rom from esp32 component to esp_rom
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
2019-03-21 18:51:45 +08:00
Ivan Grokhotkov
73d1b5a7a0 bootloader: verify that loaded image does not overlap bootloader code
Fixes CVE-2018-18558
2018-10-26 12:44:10 +08:00
Angus Gratton
326d791ebb bootloader: Fix secure boot digest generation for image length where (len%128 < 32) 2018-10-02 15:17:14 +10:00
Ivan Grokhotkov
22b840f3df bootloader: don’t reload RTC_FAST DRAM after deep sleep
When CONFIG_ESP32_RTCDATA_IN_FAST_MEM is enabled, RTC data is placed
into RTC_FAST memory region, viewed from the data bus. However the
bootloader was missing a check that this region should not be
overwritten after deep sleep, which caused .rtc.bss segment to loose
its contents after wakeup.
2018-09-29 14:02:16 +08:00
Angus Gratton
b364f23e17 secure boot: Support secure boot signatures without hardware secure boot
Allows OTA updates to be secured via signature checks, without requiring the overhead or complexity
of a full secure boot implementation.

Uses same signing mechanisms (build system and/or espsecure.py as Secure Boot).

Requires:
* [ ] More testing
* [ ] Documentation
2018-08-29 17:05:29 +08:00
Konstantin Kondrashov
117c79eae5 app_update: Add API for getting sha256_of_partition
Added bootloader_common_get_sha256_of_partition() and esp_partition_get_sha256() - get or calculate SHA-256
digest for app and data partitions.
Added bootloader_sha256_hex_to_str() - helps to print SHA-256 digest
Added esp_partition_check_identity() - compares two partitions by SHA-256 digest

Refactoring a function esp_image_load() in bootloader space to esp_image_verify() and
bootloader_load_image(). Old name function esp_image_load is deprecated
and will remove in V4.0 version.

spi_flash/sim: Fix error test_host. Add stub for bootloader_common_get_sha256_of_partition in sim/stubs
2018-08-13 13:59:07 +05:00
Alexey Gerenkov
439140d269 esp32: Adds support for SW breakpoints in flash
Disables app image integrity checks when running under OpenOCD control.
Allows setting breakpoints in flash before application start (just after reset).
2018-04-26 10:17:02 +03:00
Tian Zhong Xing
fa68774344 spi_flash:
1. add test code for new api
2. resolve some comments
2018-03-26 10:24:42 +08:00
Tian Zhong Xing
7555031553 add api get valid mmu table pages number 2018-03-16 10:40:55 +08:00
Angus Gratton
7755015f4f secure boot: Fix enabling secure boot on first bootloader boot
Bootloader would accidentally check its own image for a secure boot signature,
but bootloader is unsigned (protected by secure boot digest).
2017-08-23 11:19:42 +10:00
Angus Gratton
5eef5e7a5d bootloader: Fallback if OTA data is invalid
Make bootloader more robust if either OTA data or some OTA app slots are corrupt.
2017-08-15 09:42:19 +10:00
Angus Gratton
17adb40ca8 bootloader: Calculate SHA256 hash of image on every boot
Makes app image booting more reliable (256-bit rather than 8-bit verification.)

Some measurements, time to boot a 655KB app.bin file and run to app_main() execution.

(All for rev 1 silicon, ie no 340ms spurious WDT delay.)

80MHz QIO mode:
before = 300ms
after = 140ms

40MHz DIO mode:
before = 712ms
after = 577ms

40MHz DIO mode, secure boot enabled
before = 1380ms
after = 934ms

(Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-07-19 18:31:59 +10:00
Angus Gratton
43b99edf2b bootloader: Calculate SHA-256 of image while loading/verifying 2017-07-19 18:25:17 +10:00
Angus Gratton
8f6134dd96 bootloader: Obfuscate loaded memory until verification is complete 2017-07-19 18:25:17 +10:00
Angus Gratton
0c8888d68f bootloader: Combine loading from flash & verifying to save boot time
Still needs updating to account for secure boot.
2017-07-19 18:25:17 +10:00
Angus Gratton
e2479b46f7 secure boot: Fix bootloader image verification failure
* Failure prevented secure boot from enabling.
* Also adds unit test cases for esp_image_basic_verify()

Ref https://esp32.com/viewtopic.php?f=2&t=1602
TW11878
2017-04-26 11:23:35 +10:00
Angus Gratton
25f739c183 ota ops: Add new functions esp_ota_get_next_update_partition / esp_ota_get_running_partition
* Update OTA example to use these.
* Refactor esp_ota_begin() to return ESP_ERR_OTA_PARTITION_CONFLICT as documented
2017-02-22 10:24:42 +11:00
Angus Gratton
9eb135fd73 Flash encryption: Support enabling flash encryption in bootloader, app support
* App access functions are all flash encryption-aware
* Documentation for flash encryption
* Partition read/write is flash aware
* New encrypted write function
2016-12-01 23:49:12 -08:00
Angus Gratton
60f29236f6 Build system: Raise warning level
Default esp-idf builds now show -Wextra warnings (except for a few:
signed/unsigned comparison, unused parameters, old-style C declarations.)

CI building of examples runs with that level raised to -Werror, to catch
those changes going into the main repo.
2016-11-16 15:57:34 +11:00
Angus Gratton
e459f803da secure boot: Functional partition table & app signature verification 2016-11-14 11:08:42 +11:00
Angus Gratton
7402a1b973 partition_table: Move from 0x4000 to 0x8000
Also fix a bug with correctly padding bootloader image when length is
already a multiple of 16.
2016-11-14 11:08:42 +11:00
Angus Gratton
aceb6517c0 Refactor existing bootloader common functionality into bootloader_support component 2016-11-02 17:58:41 +11:00