For secure boot enabled cases, bootloader and firmware images have signature
appended and size is variable based on scheme being used. This appended data
must be considered while verifying image length against allocated partition
size to avoid any possibilities of going beyond reserved size.
Closes IDF-5617
- Remove esp_cpu_in_ocd_mode() from esp_cpu.h. Users should call esp_cpu_dbgr_is_attached() instead.
- Remove esp_cpu_get_ccount() from esp_cpu.h. Users should call esp_cpu_get_cycle_count() instead.
- Remove esp_cpu_set_ccount() from esp_cpu.h. Users should call esp_cpu_set_cycle_count() instead.
- Other IDF components updated to call esp_cpu_dbgr_is_attached(), esp_cpu_get_cycle_count() and esp_cpu_set_cycle_count() as well.
The following two functions in bootloader_support are private now:
* esp_secure_boot_verify_sbv2_signature_block()
* esp_secure_boot_verify_rsa_signature_block()
They have been moved into private header files
inside bootloader_private/
* Removed bootloader_reset_reason.h and
bootloader_common_get_reset_reason() completely.
Alternative in ROM component is available.
* made esp_efuse.h independent of target-specific rom header
ESP32-S2 and ESP32-S3
supports up to 1 GB of external flash and RAM
add support for
- 32MB
- 64MB
- 128MB ( example NOR spiFLASH 1G-BIT W25Q01JVZEIQ Winbond 0xEF 0x40 0x21 )
Merges https://github.com/espressif/esp-idf/pull/7688
Signed-off-by: Ivan Grokhotkov <ivan@espressif.com>
The following files were deleted:
- components/esp_hw_support/include/soc/cpu.h
- components/soc/esp32s3/include/soc/cpu.h
The following functions are deprecated:
- get_sp()
The following functions declared in soc/cpu.h are now moved to esp_cpu.h:
- esp_cpu_configure_region_protection()
The following functions declared in soc/cpu.h are now moved to components/xtensa/include/esp_cpu_utils.h:
- esp_cpu_process_stack_pc()
All files with soc/cpu.h inclusion are updated to include esp_cpu.h instead.
Signed-off-by: Sudeep Mohanty <sudeep.mohanty@espressif.com>
Null pointer dereferences (REVERSE_INULL) :
Null-checking "part" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
And it fixed another case for bootloader_common_get_sha256_of_partition() when CHECK_SIGNATURE is on
- If RSA signature check is on in Kconfig then sha256 was 0xFFFFF...
because image_load gave image_len which pointed to the end of sign blocks.
And image_digest was filled from a wrong position.
Closes https://github.com/espressif/esp-idf/issues/6873
Since idf_monitor decodes anything that looks like a code address and
starts with 0x, bootloader logs often get annotated with function
names such as WindowOverflow and other random and scary looking things
unrelated to the issue the user is facing. Print the addresses without
0x to avoid confusion by decoded function names. Print hexadecimal
size with 'h' suffix to distinguish it from the decimal value that
follows.
Sometimes the flash size read from bootloader is not correct. This may
forbid SPI Flash driver from reading the the area larger than the size
in bootloader header.
When the new config option is enabled, the latest configured
ESPTOOLPY_FLAHSIZE in the app header will be used to override the value
read from bootloader header.
Goal is that multiple faults would be required to bypass a boot-time signature check.
- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32
Add some additional checks for invalid sections:
- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
* Don't bother checking the chip revision if it looks like the partition
doesn't really contain an app
* Don't print the "info" level about the revision & min revision unless
we're in the bootloader (otherwise it gets printed at random times
during the OTA process)
