Commit Graph

281 Commits

Author SHA1 Message Date
Angus Gratton
8d1a99e026 paritition_table: Verify the partition table md5sum when loading the app
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).

The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
2021-06-02 16:31:19 +10:00
Mahavir Jain
e032384c7f spi_flash: add config option to enable encrypted partition read/write
This feature can be disabled to save some IRAM (approx 1KB) for cases
where flash encryption feature is not required.
2021-02-02 05:10:34 +00:00
Angus Gratton
5b3734a04a efuse: Add ESP32 V3 'disable Download Mode' functionality 2020-12-16 17:08:04 +11:00
Supreet Deshpande
f8874e6940 Add platform independent CMake signing 2020-07-09 11:55:21 +05:30
Angus Gratton
cf8dd62fc4 secure boot v2: esp32: Prevent read disabling additional efuses
Also reduce the number of eFuse write cycles during first boot when
Secure Boot and/or Flash Encryption are enabled.
2020-03-31 17:31:56 +11:00
Angus Gratton
5cd45a6d80 secure boot: Fix anti-fault value if hash is shorter than curve
(Not actually a problem with SBV1 anti-fault as hash size == curve size in this case.)
2020-03-13 14:01:45 +05:30
Angus Gratton
5f2d918437 bootloader: Set the bootloader optimization level separately to the app
Change the default bootloader config to -Os to save size.

This is a useful feature because it allows switching between debug
and release configs in the app without also needing to account for a
size change in the bootloader.
2020-03-06 01:16:04 +05:30
Angus Gratton
32756b165e bootloader: Add fault injection resistance to Secure Boot bootloader verification
Goal is that multiple faults would be required to bypass a boot-time signature check.

- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32

Add some additional checks for invalid sections:

- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
2020-03-06 01:16:04 +05:30
Supreet Deshpande
60fed38c0f feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-03-06 01:16:04 +05:30
Supreet Deshpande
546cf10c5d Fixes accessing some files from 2nd part of the bootloader. 2020-02-10 16:33:02 +05:30
Angus Gratton
e890137ad3 Merge branch 'bugfix/cmake_reflashable_build_targets' into 'master'
secure boot: Fix bootloader build system target for bootloader digest

Closes IDFGH-2396

See merge request espressif/esp-idf!7069
2020-01-07 06:40:33 +08:00
morris
888316fc64 bootloader_support: refactor to better support multi target 2019-12-23 05:45:17 +00:00
suda-morris
ba7c67ece8 bootloader won't have dependency on wifi 2019-12-23 05:45:17 +00:00
Angus Gratton
0cc98b8d76 secure boot: Fix bootloader build system target for bootloader digest
Closes https://github.com/espressif/esp-idf/issues/4513
2019-12-20 15:09:15 +11:00
Angus Gratton
6f761dd62d cmake: Fix some uninitialized variable warnings 2019-11-08 12:50:28 +08:00
Angus Gratton
4352265fa0 cmake: Fix case error passing extra CMake args to sub-projects
Bug in commit f4ea7c5a where the wrong variable case was used when passing
through to sub-projects
2019-11-08 11:56:13 +08:00
Angus Gratton
75488f1806 Merge branch 'bugfix/cmake_secure_boot' into 'master'
secure boot: CMake bug fixes

See merge request espressif/esp-idf!6523
2019-11-08 10:58:04 +08:00
Angus Gratton
e34bb7460f secure boot: In Reflashable mode, make sure the bootloader digest updates
... whenever the bootloader.bin is updated
2019-11-06 12:13:24 +08:00
Jiang Jiang Jian
02a756015d Merge branch 'feature/wifi_merge_libs_to_master' into 'master'
esp_wifi: merge esp32s2beta WiFi library and fix WiFi deinit memory leak bug

See merge request espressif/esp-idf!6531
2019-10-31 20:56:39 +08:00
Xia Xiaotian
9afba2abf5 esp_wifi: merge esp32s2beta WiFi library to master branch 2019-10-29 19:41:33 +08:00
Angus Gratton
f4ea7c5a46 cmake: Set uninitialized variable warnings in ULP & bootloader subprojects
Fixes issue where PYTHON was not being expanded when running ulp_mapgen.py,
causing Windows launch setting to be used - reported here:
https://esp32.com/viewtopic.php?f=13&t=12640&p=50283#p50283
2019-10-29 05:38:39 +00:00
Angus Gratton
f5238d5e42 Merge branch 'feature/esp32s2beta' into feature/esp32s2beta_merge 2019-10-15 15:03:45 +11:00
KonstantinKondrashov
267ca19ae8 bootloader: Fix dram_seg 2019-10-08 16:07:53 +08:00
Ivan Grokhotkov
5830f529d8 Merge branch 'master' into feature/esp32s2beta_merge 2019-10-02 19:01:39 +02:00
Ivan Grokhotkov
c496268b10 Merge branch 'feature/load_elf' into 'master'
Support ELF files loadable with gdb

Closes IDF-335

See merge request espressif/esp-idf!5779
2019-09-27 19:36:25 +08:00
Roland Dobai
5a916ce126 Support ELF files loadable with gdb 2019-09-24 07:19:50 +00:00
Roland Dobai
833822c10b Fix Kconfig issues discovered by upstream Kconfiglib 2019-09-23 16:10:57 +02:00
KonstantinKondrashov
6f102125b4 bootloader: Add support esp32s2beta 2019-09-20 16:57:33 +10:00
Angus Gratton
83680bd96b Merge branch 'feature/esp32s2beta' into feature/esp32s2beta_merge 2019-09-19 21:08:20 +10:00
Angus Gratton
438d513a95 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-16 16:18:48 +10:00
KonstantinKondrashov
e0f7fbc5fa bootloader: expand the space for iram_loader_seg
Fixed ld issue: overflowed iram_loader_seg
2019-09-13 00:39:37 +08:00
Angus Gratton
c052a38e2a bootloader: Link RTC clock functions to the iram_loader section
As flash encryption & secure boot needs these functions after the app is loaded.

Fixes regression introduced in fb72a6f629
2019-09-10 11:28:17 +10:00
jiangguangming
4ef4b29c74 Reorganize the memory to maximize contiguous DRAM
1. Fix bug for variable sdkconfig_header in CMakeLists.txt
2. Modify the load address of bootloader
3. Modify the load address of application program
2019-09-06 16:18:42 +08:00
jiangguangming
c057c141eb Fix bug for reserved memory regions
1. Release 16KB memory of reserved regions to heap
2. Modify the dram_seg address of bootloader to 0x3FFF8000, size is 16K
2019-09-05 19:00:14 +08:00
Angus Gratton
c5747027b4 Merge branch 'bugfix/cmake_bootloader_python' into 'master'
build system: Pass Python executable through to bootloader build

See merge request espressif/esp-idf!5956
2019-09-03 12:55:58 +08:00
Angus Gratton
abd6d40796 secure boot: Ensure mbedTLS enables ECDSA if signatures are checked in app
and all ECDSA to be disabled if secure boot is not enabled

Previously if ECDSA disabled in config then secure_boot_signatures.c would
fail to build (whether or not secure boot was enabled).

To avoid breaking apps that might be using the signature scheme with custom OTA
without enabling secure boot signatures in config, this change just disables
this functionality if unavailable in mbedTLS config.

Possible fix for root cause of https://github.com/espressif/esp-idf/pull/3703
2019-08-30 14:56:11 +10:00
Angus Gratton
e3e21b7954 build system: Pass Python executable through to bootloader build
Fixes failures if the PYTHON cache setting doesn't match the
default of "python" on the PATH.
2019-08-29 18:53:18 +10:00
Angus Gratton
1cd54d34f6 Merge branch 'bugfix/bootloader_factory_reset_with_wake_up_from_deep_sleep' into 'master'
bootloader: Blocking the Factory reset during wake up from deep sleep

Closes IDFGH-1536

See merge request espressif/esp-idf!5673
2019-08-29 09:35:08 +08:00
Angus Gratton
a21ca2270a Merge branch 'feature/deep_sleep_fast_wake' into 'master'
bootloader: Reduce the time spent in image validation when waking from deep sleep

See merge request espressif/esp-idf!5140
2019-08-28 08:54:28 +08:00
KonstantinKondrashov
69f45c3674 bootloader: Factory reset not for deep sleep
Closes: https://github.com/espressif/esp-idf/issues/3800

Closes: IDFGH-1536
2019-08-23 10:21:06 +00:00
Ivan Grokhotkov
12c9d9a564 spi_flash: remove duplicate definition of spi_flash_unlock
The other (static) definition is in flash_ops.c, all references are
also in flash_ops.c.
2019-08-23 12:37:55 +08:00
KonstantinKondrashov
c543aac91e bootloader: API for the fast wakeup and custom using RTC mem
Added "Reserve RTC FAST memory for custom purposes" option.
Added a boot counter.
2019-08-21 11:44:37 +00:00
Tim Nordell
43393cf4d1 bootloader: Support for skipping validation upon wake from deep sleep
This saves time when waking up from deep sleep, but potentially decreases
the security of the system.  If the application able to modify itself
(especially areas that are loaded into RAM) in flash while running
without crashing or is modifies the cached bits of information about
what was last booted from the bootloader, this could cause security
issues if the user does a "deep sleep reset" since the full validation
is skipped.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Angus Gratton
04ae56806c Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 15:26:58 +10:00
Angus Gratton
24d26fccde Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00
Anton Maklakov
afbaf74007 tools: Mass fixing of empty prototypes (for -Wstrict-prototypes) 2019-08-01 16:28:56 +07:00
Renz Christian Bagaporo
9edc867c62 bootloader: fix secure boot issues
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
2019-06-28 10:54:21 +08:00
Renz Christian Bagaporo
f332e0c1d6 partition_table: move establishing dependencies to respective components
partition_table: move establishing dependencies to respective components
2019-06-28 10:50:52 +08:00
Hemal Gujarathi
a68c7c21e1 Improve flash encryption documentation and add Development & Release modes
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
2019-06-25 23:41:18 +00:00
Angus Gratton
9a412d3a08 Merge branch 'feature/use_new_component_registration_apis' into 'master'
Use new component registration API

See merge request idf/esp-idf!4898
2019-06-25 10:24:11 +08:00