Commit Graph

55 Commits

Author SHA1 Message Date
Angus Gratton
8d1a99e026 paritition_table: Verify the partition table md5sum when loading the app
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).

The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
2021-06-02 16:31:19 +10:00
Mahavir Jain
e032384c7f spi_flash: add config option to enable encrypted partition read/write
This feature can be disabled to save some IRAM (approx 1KB) for cases
where flash encryption feature is not required.
2021-02-02 05:10:34 +00:00
Angus Gratton
5b3734a04a efuse: Add ESP32 V3 'disable Download Mode' functionality 2020-12-16 17:08:04 +11:00
Angus Gratton
cf8dd62fc4 secure boot v2: esp32: Prevent read disabling additional efuses
Also reduce the number of eFuse write cycles during first boot when
Secure Boot and/or Flash Encryption are enabled.
2020-03-31 17:31:56 +11:00
Angus Gratton
5f2d918437 bootloader: Set the bootloader optimization level separately to the app
Change the default bootloader config to -Os to save size.

This is a useful feature because it allows switching between debug
and release configs in the app without also needing to account for a
size change in the bootloader.
2020-03-06 01:16:04 +05:30
Supreet Deshpande
60fed38c0f feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-03-06 01:16:04 +05:30
Ivan Grokhotkov
5830f529d8 Merge branch 'master' into feature/esp32s2beta_merge 2019-10-02 19:01:39 +02:00
Roland Dobai
833822c10b Fix Kconfig issues discovered by upstream Kconfiglib 2019-09-23 16:10:57 +02:00
KonstantinKondrashov
6f102125b4 bootloader: Add support esp32s2beta 2019-09-20 16:57:33 +10:00
Angus Gratton
438d513a95 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-16 16:18:48 +10:00
Angus Gratton
abd6d40796 secure boot: Ensure mbedTLS enables ECDSA if signatures are checked in app
and all ECDSA to be disabled if secure boot is not enabled

Previously if ECDSA disabled in config then secure_boot_signatures.c would
fail to build (whether or not secure boot was enabled).

To avoid breaking apps that might be using the signature scheme with custom OTA
without enabling secure boot signatures in config, this change just disables
this functionality if unavailable in mbedTLS config.

Possible fix for root cause of https://github.com/espressif/esp-idf/pull/3703
2019-08-30 14:56:11 +10:00
Angus Gratton
a21ca2270a Merge branch 'feature/deep_sleep_fast_wake' into 'master'
bootloader: Reduce the time spent in image validation when waking from deep sleep

See merge request espressif/esp-idf!5140
2019-08-28 08:54:28 +08:00
Ivan Grokhotkov
12c9d9a564 spi_flash: remove duplicate definition of spi_flash_unlock
The other (static) definition is in flash_ops.c, all references are
also in flash_ops.c.
2019-08-23 12:37:55 +08:00
KonstantinKondrashov
c543aac91e bootloader: API for the fast wakeup and custom using RTC mem
Added "Reserve RTC FAST memory for custom purposes" option.
Added a boot counter.
2019-08-21 11:44:37 +00:00
Tim Nordell
43393cf4d1 bootloader: Support for skipping validation upon wake from deep sleep
This saves time when waking up from deep sleep, but potentially decreases
the security of the system.  If the application able to modify itself
(especially areas that are loaded into RAM) in flash while running
without crashing or is modifies the cached bits of information about
what was last booted from the bootloader, this could cause security
issues if the user does a "deep sleep reset" since the full validation
is skipped.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Angus Gratton
24d26fccde Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00
Hemal Gujarathi
a68c7c21e1 Improve flash encryption documentation and add Development & Release modes
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
2019-06-25 23:41:18 +00:00
suda-morris
3f7a571c90 fix errors when ci testing for esp32 2019-06-19 15:31:47 +08:00
suda-morris
12f00d9a5e make bootloader support esp32s2beta 2019-06-11 13:06:32 +08:00
hemal.gujarathi
865b24144e remove secure boot test mode 2019-05-23 14:13:08 +05:30
Roland Dobai
1ad2283641 Rename Kconfig options (components/bootloader) 2019-05-21 09:32:55 +02:00
Roland Dobai
997b29a9ca Rename Kconfig options (components/esptool_py) 2019-05-21 09:32:55 +02:00
Roland Dobai
0ae53691ba Rename Kconfig options (components/esp32) 2019-05-21 09:09:01 +02:00
Mahavir Jain
202f689baa bootloader: use mbedTLS for secure boot verification in firmware 2019-04-01 15:46:52 +05:30
Konstantin Kondrashov
e916cf52a3 bootloader: Add support of anti-rollback
Added:
* set a secure version in app/bootloader.
* description anti-rollback to ota part
* emulate the secure_version write and read operations
* efuse_em partition.
* a description about a rollback for native_ota_example.

Closes: TW26335
2019-02-14 18:51:43 +08:00
Roland Dobai
37126d3451 Correct Kconfigs according to the coding style 2019-01-29 13:37:01 +01:00
Konstantin Kondrashov
dde1fd9b94 bootloader: Add support flags for rollback app
Added
* Set actual ota_seq if both ota are init or incorrect.
* Description of rollback
* UT tests

Closes TW15459
2018-12-11 11:54:21 +08:00
Angus Gratton
f53fef9936 Secure Boot & Flash encryption: Support 3/4 Coding Scheme
Includes esptool update to v2.6-beta1
2018-10-16 16:24:10 +11:00
Angus Gratton
2ec0fd8fd6 Merge branch 'feature/signature_verify_updates' into 'master'
secure boot: Support signed app verification without hardware secure boot

See merge request idf/esp-idf!2814
2018-09-04 18:56:47 +08:00
Konstantin Kondrashov
9c715d7946 bootloader_support: Fix enable rtc_wdt for resolve issue with varying supply
Eliminates the issue with the lock up in the bootloader due to a power drawdown during its operation.

Closes https://github.com/espressif/esp-idf/issues/1814
2018-09-03 05:43:01 +00:00
Angus Gratton
b364f23e17 secure boot: Support secure boot signatures without hardware secure boot
Allows OTA updates to be secured via signature checks, without requiring the overhead or complexity
of a full secure boot implementation.

Uses same signing mechanisms (build system and/or espsecure.py as Secure Boot).

Requires:
* [ ] More testing
* [ ] Documentation
2018-08-29 17:05:29 +08:00
Angus Gratton
57b601ab7f secure boot: Pad to avoid data after the signature mapping into the address space
Because address space is mapped in 64KB pages, it was possible for unauthenticated data after the
app .bin to become mapped into the flash cache address space.

This problem is solved by 2 changes:

* "esptool elf2image --secure-pad" will pad the image so that the signature block ends close to the
  64KB boundary. Due to alignment constraints it will be 12 bytes too short after signing (but
  with flash encryption, these 12 bytes are still encrypted as part of the last block and can't be
  arbitrarily changed).
* By default, secure boot now requires all app partitions to be a multiple of 64KB in size.
2018-07-17 15:33:47 +10:00
Angus Gratton
d0b8f2865f docs: Switch base URL from esp-idf.readthedocs.io to docs.espressif.com 2018-06-19 11:23:33 +00:00
Konstantin Kondrashov
ae10abff2f bootloader: Add factory reset and start test app
Added feature:
- reset firmware to Factory app.(by long pressing of the button)
- boot Test app. (by long pressing of the button)
- Added feature erase data partitions from factory reset.

TW10281
TW10280
2018-05-24 16:56:49 +05:00
Liu Zhi Fu
072b353b45 bootloader: force SDIO 1.9V if flash is 80M
If the SPI flash frequency is 80M, the voltage of SDIO is 1.9V,
otherwise, it can configured to 1.8V or 1.9V via menuconfig.
2018-03-19 16:39:54 +08:00
Angus Gratton
fccc30d2d5 bootloader: Only apply VDDSDIO 1.8V->1.9V if regulator is enabled
Fixes bug if regulator is disabled via efuse.
2017-11-27 10:33:41 +11:00
Wangjialin
d034bc9ca0 bootloader: add configuration of flash pins and VDDIO boost 2017-11-03 16:29:56 +08:00
krzychb
672390c458 Mass replacement of http with https urls, fixed broken urls 2017-09-06 08:16:01 +02:00
Angus Gratton
7a18575af8 flash encryption: Also always disable ROM BASIC console when enabling flash encryption 2017-08-29 14:52:00 +10:00
Ivan Grokhotkov
967611cfaa Revert "bootloader: Add option to build with Link Time Optimisation enabled"
This reverts commit d1b66a08c1.
2017-07-24 05:14:31 +08:00
Angus Gratton
d1b66a08c1 bootloader: Add option to build with Link Time Optimisation enabled 2017-07-19 18:31:59 +10:00
Angus Gratton
0715d1f8c1 bootloader: When customising SPI flash pins in efuse, set WP pin in menuconfig
Allows custom configurations for QIO/QOUT mode.
2017-07-19 15:04:08 +10:00
Angus Gratton
7c7edab328 flash encryption/secure boot: Restructure documentation
Also add steps to disable flash encryption, as some people seem to
accidentally enable it.

Explicitly mark the flash encryption and secure boot as "READ DOCS
FIRST" in menuconfig.
2017-02-15 09:42:46 +11:00
Angus Gratton
d6fafd00db Secure boot: Option for app & partition table signing to happen outside build system 2016-12-19 13:12:05 +11:00
Angus Gratton
506c8cd964 secure boot & flash encryption: Rework configuration options
Add UART bootloader disable options for flash encryption
2016-12-01 23:49:12 -08:00
Angus Gratton
9eb135fd73 Flash encryption: Support enabling flash encryption in bootloader, app support
* App access functions are all flash encryption-aware
* Documentation for flash encryption
* Partition read/write is flash aware
* New encrypted write function
2016-12-01 23:49:12 -08:00
Angus Gratton
8691b54758 secure boot: Rename efuse option for UART bootloader to option for ROM interpreter 2016-11-14 11:08:42 +11:00
Angus Gratton
fe66dd85f0 secure boot: Enable based on sdkconfig, remove "secure boot flag" from binary image 2016-11-14 11:08:42 +11:00
Angus Gratton
64f3893cb9 secure boot: Derive secure bootloader key from private key
Means only one key needs to be managed.
2016-11-14 11:08:42 +11:00
Angus Gratton
b5de581399 Secure boot: initial image signature support 2016-11-14 11:08:42 +11:00