alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
37,574 Commits 20 Branches 148 Tags 384 MiB
846287bc40
Commit Graph

154 Commits

Author SHA1 Message Date
Mahavir Jain
a88130a71e
docs: add flash enc process logs for ESP32-H2 and ESP32-C6 2023-03-27 22:27:09 +05:30
Mahavir Jain
11e034b387
docs: add ESP32-H2 secure boot guide 
Close IDF-6681
 2023-03-06 16:58:08 +05:30
Aditya Patwardhan
7b40852d2f docs/flash_encryption: Update docs for esp32h2 target 2023-02-24 15:21:51 +05:30
Sachin Parekh
2bb9499a7e esp32c6: Enable ECDSA based secure boot 
- Updated documentation for C6
 2023-02-13 13:02:11 +05:30
Mahavir Jain
02fb6fab09
docs: secure-boot-v2: add a section about secure padding 2023-02-08 12:01:52 +05:30
harshal.patil
3c0778a069
docs: refactored Secure Boot V2 documentation 
- Added "Signing using pre-calculate signatures" section
- Refactored "Signing using an external HSM" section
 2023-02-08 12:01:47 +05:30
Aditya Patwardhan
b06a029677 esp32c6: update documentation for flash encryption 2023-02-03 16:01:06 +05:30
Marius Vikhammer
7100b7d1ff docs: add support for building H2 docs 2023-01-17 10:04:26 +08:00
mofeifei
3bdad0032e docs: update cn trans for flash-encryptions 2023-01-03 19:32:41 +08:00
Zhang Xiao Yan
ae639f68a6 Merge branch 'docs/update_USB-OTG_ESP32S2_ESP32S3' into 'master' 
updated USB_OTG in dfu.rst, usb_device.rst and secure-boot-v2.rst

Closes DOC-3565

See merge request espressif/esp-idf!20144
 2022-12-27 14:38:51 +08:00
Mahavir Jain
5b6cc09dce
docs: remove mention of DIS_BOOT_REMAP for chips other than ESP32-S2 
Relevant: https://esp32.com/viewtopic.php?f=13&t=31188
 2022-12-21 14:16:50 +05:30
Mahavir Jain
371a6abdca Merge branch 'docs/support_for_pre_calculated_signatures' into 'master' 
docs: Added documetation for using pre-calculated signatures

See merge request espressif/esp-idf!21377
 2022-12-20 14:03:04 +08:00
Mahavir Jain
46588e7126
docs: security: enable memory protection section for ESP32-C2/ESP32-C6 2022-12-14 10:03:47 +05:30
Mahavir Jain
188017d6b1
docs: Fix Secure DL mode documentation about flash read being unsupported 
Simple flash read command is not supported if Secure DL mode is enabled on the target.
Remove reference of this from the relevant docs part.

Related: https://github.com/espressif/esptool/issues/810
Related: ESPTOOL-567
Closes IDF-6468
 2022-12-14 10:03:46 +05:30
harshal.patil
54d6ab2044 docs: Added documentation for using pre-calculated signatures 
to generate secure boot enabled binaries.
 2022-12-06 10:23:45 +05:30
harshal.patil
6809eaf375 docs: fix secure boot "Remote Signing of Images" section command 2022-12-01 18:03:44 +05:30
Linda
9c0d573eae updated USB_OTG in dfu.rst, usb_device.rst and secure-boot-v2.rst 2022-11-29 10:08:59 +08:00
Mahavir Jain
11f2683c27 docs: add chapter about overall "security" area guide 
List down considerations for the following areas:

- Hardware security
- Network security
- Product security

Also added brief explanation about "Security Policy" for ESP-IDF.

Closes IDF-1565
 2022-11-25 03:17:05 +00:00
Marius Vikhammer
ca4ad3ce7c docs: add support for building C6 docs 2022-10-13 04:39:16 +00:00
Mahavir Jain
e40d733d5a
secure-boot-v2: fix minor typo (s/MFG1/MGF1) 2022-08-23 16:37:14 +05:30
Wang Fang
83a0cd33ce docs: updated documents related to wakeup source, ulp, flash-encryption and memory types 2022-07-25 10:57:40 +08:00
Linda
3d5f2fbafc docs:updates based on feedbacks 2022-07-22 15:58:09 +08:00
Shang Zhou
7f8fae8548 docs: update CN translation for flash_encryption 2022-07-08 11:15:57 +08:00
Mahavir Jain
26514959dd
docs: secure-boot-v2: remove incorrect note about bootloader re-flash 
In secure-boot-v2 scheme, one can always regenerate signature using
secure boot signing key and re-flash either bootloader or application.
 2022-06-27 14:24:42 +05:30
KonstantinKondrashov
6e6b5474c3 doc(esp32c2): Updates Flash Encryption chapter 2022-05-31 11:12:21 +00:00
Stefan Wallentowitz
dd7aece4bf
Secure boot v2 image format: CRC size 
The CRC size is documented as 1095 bytes, but in the code I find 1196 bytes:
https://github.com/espressif/esp-idf/blob/master/components/bootloader_support/src/secure_boot_v2/secure_boot.c#L35
 2022-05-30 23:30:34 +02:00
Sachin Parekh
2c725264f7
esp32c2: Support Secure Boot V2 based on ECDSA scheme 2022-05-11 18:00:03 +05:30
Marius Vikhammer
a6543f0d21 docs: fix broken references to misc API functions and types. 2022-03-27 16:46:57 +08:00
Mahavir Jain
a0c5d845eb
doc/security: fix re-flashable bootloader section 
- Add pointer to key generation section
- Fix sequence point ordering
 2022-03-11 15:56:06 +05:30
laokaiyao
cf049e15ed esp8684: rename target to esp32c2 2022-01-19 11:08:57 +08:00
Marius Vikhammer
82325f6037 docs: update docs to be able to build with esp8684 2021-12-20 10:32:49 +08:00
Mahavir Jain
1501a22e02 docs: fix salt length in secure-boot-v2 docs 2021-12-07 09:49:28 +05:30
Roland Dobai
9c1d4f5b54 Build & config: Remove the "make" build system 
The "make" build system was deprecated in v4.0 in favor of idf.py
(cmake). The remaining support is removed in v5.0.
 2021-11-10 09:53:53 +01:00
daiziyan
e79b8c1b6a docs: update CN trans for external-ram and flash-encryption 2021-11-05 19:23:10 +08:00
Sachin Parekh
8ff3dbc05d secure_boot: Added Kconfig option for aggressive key revoke 
Applicable to S2, C3, and S3
 2021-10-22 12:20:14 +05:30
Marius Vikhammer
95d824fbb0 Merge branch 'docs/flash_enc_512bits' into 'master' 
docs: update flash encryption docs with 512bit key related info

Closes IDF-3867

See merge request espressif/esp-idf!15318
 2021-10-13 08:49:37 +00:00
Jakob Hasse
ea2e2b0d62 [docs]: Clarified and improved Secure Boot docs 2021-10-13 11:41:53 +08:00
Marius Vikhammer
b62f2b33e9 docs: update flash encryption docs with 512bit key related info 2021-10-11 12:31:16 +08:00
Sachin Parekh
2d82560ed5 bootloader: Enable Secure boot V2 for ESP32-S3 2021-08-19 14:08:12 +05:30
daiziyan
c399251eda docs: update CN trans for flash-encryption 2021-08-16 16:46:04 +08:00
KonstantinKondrashov
93512edc7a secure_boot_v2(doc): secure_boot_v2 key/s must be readable 2021-08-04 15:39:48 +05:00
Sachin Parekh
082cc36532 doc/secure_boot_v2: Fix the steps mentioned for enabling secure boot 2021-07-30 14:40:32 +08:00
Mahavir Jain
77c96e51bb docs: security: fix minor formatting issues or typos 2021-07-22 15:18:56 +05:30
Marius Vikhammer
fe0600b859 docs: add note about PSRAM encryption 2021-07-19 13:53:21 +08:00
Marius Vikhammer
b8a322195e flash encryption: add flash encryption support for ESP32-S3 2021-07-14 18:46:17 +08:00
Angus Gratton
6f0b36f7be Merge branch 'doc/flash_manual_encrypt' into 'master' 
docs: Add manual encryption docs, fix flash encryption efuse bug

Closes IDFGH-3006

See merge request espressif/esp-idf!14178
 2021-07-14 09:27:34 +00:00
Angus Gratton
f62c303633 docs: Explain the 256- and 512- bit keys used for AES-XTS 256 vs 512 2021-07-14 16:58:18 +10:00
Angus Gratton
765b75d37b docs: Add description of manual encryption steps 
Closes https://github.com/espressif/esp-idf/issues/5037
 2021-07-14 16:58:18 +10:00
Angus Gratton
fcd193b024 docs: Use soc_caps instead of chip names for flash encryption docs 
Clears the way for ESP32-S3 and future chips.
 2021-07-14 16:57:31 +10:00
Angus Gratton
c01da712f6 docs: Move the bootloader size section into the Bootloader guide 2021-07-13 17:35:04 +10:00
Angus Gratton
1bad8a28bb secure boot doc: Clarify limits for verifying signed updates without secure boot 
Closes https://github.com/espressif/esp-idf/issues/7080
 2021-06-15 17:44:03 +10:00
Marius Vikhammer
bdfda351bd build docs: enable building of S3 docs 
* Added suport for building esp32s3 docs
 * Fixed all related warnings
 * Activated building of S3 docs for build HTML fast CI job
 2021-06-09 09:30:36 +08:00
Wang Fang
71141a326d docs: clarified esp32 timer clk source, updated the flash encryption table and esptrace doc 2021-05-24 03:46:40 +00:00
Angus Gratton
6f6b4c3983 cmake partition_table: Check binaries fit in partition spaces at build time 
- Bootloader is checked not to overlap partition table
- Apps are checked not to overlap any app partition regions

Supported for CMake build system only.

Closes https://github.com/espressif/esp-idf/pull/612
Closes https://github.com/espressif/esp-idf/issues/5043
Probable fix for https://github.com/espressif/esp-idf/issues/5456
 2021-04-16 16:40:47 +10:00
KonstantinKondrashov
9295e54c9d docs: Adds secure_boot_v2 for ESP32-C3 ECO3 2021-04-08 14:22:46 +08:00
Angus Gratton
97ea00f355 Merge branch 'doc/flash_encryption_development' into 'master' 
doc: Mention Flash Encryption on the host is possible in Release mode

Closes IDFGH-4074

See merge request espressif/esp-idf!12721
 2021-04-06 08:13:43 +00:00
Angus Gratton
e97ae26f48 doc: Mention pre-encrypting on the host is possible in Release mode 
Closes https://github.com/espressif/esp-idf/issues/5945
 2021-04-06 16:58:58 +10:00
Angus Gratton
2e98a5d796 docs: split the 'general notes' page into two 2021-03-29 16:32:54 +11:00
KonstantinKondrashov
7f40717eb2 secure_boot/SIGNED_ON_UPDATE_NO_SECURE_BOOT: Only the first position of signature blocks is used to verify any update 2021-03-25 12:27:05 +00:00
Aditya Patwardhan
2095148b31 bootloader/ ESP32_ECO3: Do not disable UART download mode by default 2021-03-23 08:15:32 +00:00
Angus Gratton
bc7e00896e docs: Add docs for Secure Boot V2 "verify on update without secure boot" 2021-03-15 12:30:20 +00:00
Angus Gratton
501af6dfa2 Merge branch 'feature/secure_boot_revoke_check' into 'master' 
secure_boot: Checks secure boot efuses

Closes IDF-2609

See merge request espressif/esp-idf!12148
 2021-02-25 22:38:42 +00:00
KonstantinKondrashov
90f2d3199a secure_boot: Checks secure boot efuses 
ESP32 V1 and V2 - protection bits.
ESP32xx V2: revoke bits, protection bits

- refactor efuse component
- adds some APIs for esp32 chips as well as for esp32xx chips
 2021-02-23 03:56:21 +08:00
KonstantinKondrashov
70dd884fee doc(esp32c3): Updates secure features doc 2021-02-22 18:01:35 +08:00
Marius Vikhammer
548fd02d10 docs: initial update of programming guide for C3 
Updates "front page" content, get-started, and api-guides with C3 content

Enable building and publishing of C3 docs in CI
 2021-02-01 15:40:02 +08:00
kirill.chalov
f634c59289 Add hypertargets to all TRM references 2021-01-26 05:51:52 +00:00
Angus Gratton
a7da0c894b Merge branch 'feature/c3_master_flash_enc_support' into 'master' 
flash encryption: merge C3 flash encryption changes to master

See merge request espressif/esp-idf!12040
 2021-01-22 12:58:38 +08:00
KonstantinKondrashov
98f726fa4b bootloader/esp32c3: Adds secure boot (not yet supported) 2021-01-19 20:51:13 +08:00
Marius Vikhammer
03fa63b0c9 bootloader: add flash encryption support for C3 
Adds flash encryption support for C3 and updates docs for S2 & C3
 2021-01-18 14:10:54 +08:00
KonstantinKondrashov
b19c4739c3 bootloader: Secure_boot name replaced by secure_boot_v1 & secure_boot_v2 
- espefuse.py burn_key secure_boot is no longer used.
- Secure boot V1: espefuse.py burn_key secure_boot_v1 file.bin
- Secure boot V2: espefuse.py burn_key secure_boot_v2 file.bin
 2020-10-15 16:48:23 +08:00
Supreet Deshpande
33979a9361 Docs: Secure boot v2 support for ESP32-S2 2020-07-27 00:01:10 +00:00
Angus Gratton
f64ae4fa99 efuse: Add 'disable Download Mode' & ESP32-S2 'Secure Download Mode' functionality 2020-05-28 17:50:45 +10:00
Marius Vikhammer
d193790f85 doc: update flash encryption with S2 specific content 2020-04-08 11:17:31 +08:00
Kirill Chalov
0cc9ffb8f7 Implement comments and add info on ESP32S2 2020-04-08 10:30:22 +08:00
Kirill Chalov
9ed60af1f2 Review security/flash-encryption.rst 2020-04-08 10:30:22 +08:00
Angus Gratton
4358f3b573 doc: Add warnings about using JTAG debugging with hardware security features 
This is related to the following issues but is not a fix, just documentation of a workaround until we can
improve the support:
https://github.com/espressif/esp-idf/issues/4878
https://github.com/espressif/esp-idf/issues/4734
 2020-04-01 17:36:08 +11:00
Angus Gratton
fe64ab6de0 docs: secure boot v2: Add a note about maximum bootloader size 2020-03-30 18:13:42 +11:00
Angus Gratton
142f69448f secure boot v2: esp32: Prevent read disabling additional efuses 
Also reduce the number of eFuse write cycles during first boot when
Secure Boot and/or Flash Encryption are enabled.
 2020-03-30 18:00:40 +11:00
Supreet Deshpande
073ba0a608 feat/secure_boot_v2: Adding docs for secure boot v2 ESP32-ECO3 2020-02-25 01:28:22 +05:30
Marius Vikhammer
268816649c Replace all TRM urls will generic template variable and remove duplicate sections 
All references to TRM had the section duplicated for both targets using .. only:: , replaced these with a generic template url
 2020-02-07 16:37:45 +11:00
Marius Vikhammer
9352899d69 doc: Update English pages with generic target name 2020-02-07 16:37:43 +11:00
Angus Gratton
6f2a00c425 doc: secure boot: Fix relative reference to key generation step 2020-01-07 06:14:03 +00:00
Angus Gratton
6bb09224b5 docs: Add note that flash encryption is required in OTA app updates 2019-12-03 15:03:46 +08:00
Hao Ning
9ecc34e086 add chinese translation into flash encryption 2019-10-22 19:37:28 +08:00
Angus Gratton
5c5770dddb docs: Small cleanup of flash encryption docs 2019-09-10 11:28:11 +10:00
Angus Gratton
47bbb107a8 build system: Use CMake-based build system as default when describing commands 2019-07-08 17:31:27 +10:00
Hemal Gujarathi
a68c7c21e1 Improve flash encryption documentation and add Development & Release modes 
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
 2019-06-25 23:41:18 +00:00
Roland Dobai
1ad2283641 Rename Kconfig options (components/bootloader) 2019-05-21 09:32:55 +02:00
Angus Gratton
4b4cd7fb51 efuse/flash encryption: Reduce FLASH_CRYPT_CNT to a 7 bit efuse field 
8th bit is not used by hardware.

As reported https://esp32.com/viewtopic.php?f=2&t=7800&p=40895#p40894
 2019-04-03 14:07:20 +11:00
Angus Gratton
a2d0fbb9ab docs: flash encryption: Fix description of behaviour when all bits of FLASH_CRYPT_CNT are set 
Correct behaviour is described in section 25.3.3 Flash Decryption Block of the ESP32 TRM
 2018-12-05 11:15:00 +11:00
Angus Gratton
ac1d1aa3c8 doc: secure boot: Explain output of digest_secure_bootloader command 
Mentioned on forum https://esp32.com/viewtopic.php?f=13&t=8162&start=10#p34714
 2018-12-04 12:34:59 +11:00
Angus Gratton
b45b0f2348 doc: security: Use less ambiguous language about using bot flash encryption & secure boot together 2018-12-04 12:34:38 +11:00
Angus Gratton
f53fef9936 Secure Boot & Flash encryption: Support 3/4 Coding Scheme 
Includes esptool update to v2.6-beta1
 2018-10-16 16:24:10 +11:00
Sagar Bijwe
454b69d2ea nvs_flash: Update documentation at different places to indicate NVS encryotion is supported 2018-10-05 14:05:21 +05:30
Angus Gratton
8721173109 doc: Replace :envvar: config links with :ref: 2018-09-19 17:27:48 +10:00
Jitin George
458b167f1a docs/en/security: Add documentation for signed apps without hardware secure boot feature 2018-08-29 17:05:34 +08:00
Sagar Bijwe
b27773e87c docs: Added more wordings to capture secure boot and flash encryption dependency. 2018-08-14 11:27:29 +05:30
Angus Gratton
f2a3429812 partition table: Document 'flags' properly 2018-08-01 19:23:38 +10:00
Angus Gratton
cee6d7d5a9 docs: Add more ReST-isms in secure boot & flash encryption docs 
(Original version of these docs were in Markdown.)
 2018-07-16 11:52:52 +10:00
Angus Gratton
6a498bfe2b docs: Add note about bootloader size for flash encryption & secure boot 2018-07-16 11:52:52 +10:00