Angus Gratton
8d1a99e026
paritition_table: Verify the partition table md5sum when loading the app
...
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).
The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
2021-06-02 16:31:19 +10:00
Mahavir Jain
e032384c7f
spi_flash: add config option to enable encrypted partition read/write
...
This feature can be disabled to save some IRAM (approx 1KB) for cases
where flash encryption feature is not required.
2021-02-02 05:10:34 +00:00
Angus Gratton
5b3734a04a
efuse: Add ESP32 V3 'disable Download Mode' functionality
2020-12-16 17:08:04 +11:00
Supreet Deshpande
f8874e6940
Add platform independent CMake signing
2020-07-09 11:55:21 +05:30
Angus Gratton
cf8dd62fc4
secure boot v2: esp32: Prevent read disabling additional efuses
...
Also reduce the number of eFuse write cycles during first boot when
Secure Boot and/or Flash Encryption are enabled.
2020-03-31 17:31:56 +11:00
Angus Gratton
5cd45a6d80
secure boot: Fix anti-fault value if hash is shorter than curve
...
(Not actually a problem with SBV1 anti-fault as hash size == curve size in this case.)
2020-03-13 14:01:45 +05:30
Angus Gratton
5f2d918437
bootloader: Set the bootloader optimization level separately to the app
...
Change the default bootloader config to -Os to save size.
This is a useful feature because it allows switching between debug
and release configs in the app without also needing to account for a
size change in the bootloader.
2020-03-06 01:16:04 +05:30
Angus Gratton
32756b165e
bootloader: Add fault injection resistance to Secure Boot bootloader verification
...
Goal is that multiple faults would be required to bypass a boot-time signature check.
- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32
Add some additional checks for invalid sections:
- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
2020-03-06 01:16:04 +05:30
Supreet Deshpande
60fed38c0f
feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3
2020-03-06 01:16:04 +05:30
Supreet Deshpande
546cf10c5d
Fixes accessing some files from 2nd part of the bootloader.
2020-02-10 16:33:02 +05:30
Angus Gratton
e890137ad3
Merge branch 'bugfix/cmake_reflashable_build_targets' into 'master'
...
secure boot: Fix bootloader build system target for bootloader digest
Closes IDFGH-2396
See merge request espressif/esp-idf!7069
2020-01-07 06:40:33 +08:00
morris
888316fc64
bootloader_support: refactor to better support multi target
2019-12-23 05:45:17 +00:00
suda-morris
ba7c67ece8
bootloader won't have dependency on wifi
2019-12-23 05:45:17 +00:00
Angus Gratton
0cc98b8d76
secure boot: Fix bootloader build system target for bootloader digest
...
Closes https://github.com/espressif/esp-idf/issues/4513
2019-12-20 15:09:15 +11:00
Angus Gratton
6f761dd62d
cmake: Fix some uninitialized variable warnings
2019-11-08 12:50:28 +08:00
Angus Gratton
4352265fa0
cmake: Fix case error passing extra CMake args to sub-projects
...
Bug in commit f4ea7c5a
where the wrong variable case was used when passing
through to sub-projects
2019-11-08 11:56:13 +08:00
Angus Gratton
75488f1806
Merge branch 'bugfix/cmake_secure_boot' into 'master'
...
secure boot: CMake bug fixes
See merge request espressif/esp-idf!6523
2019-11-08 10:58:04 +08:00
Angus Gratton
e34bb7460f
secure boot: In Reflashable mode, make sure the bootloader digest updates
...
... whenever the bootloader.bin is updated
2019-11-06 12:13:24 +08:00
Jiang Jiang Jian
02a756015d
Merge branch 'feature/wifi_merge_libs_to_master' into 'master'
...
esp_wifi: merge esp32s2beta WiFi library and fix WiFi deinit memory leak bug
See merge request espressif/esp-idf!6531
2019-10-31 20:56:39 +08:00
Xia Xiaotian
9afba2abf5
esp_wifi: merge esp32s2beta WiFi library to master branch
2019-10-29 19:41:33 +08:00
Angus Gratton
f4ea7c5a46
cmake: Set uninitialized variable warnings in ULP & bootloader subprojects
...
Fixes issue where PYTHON was not being expanded when running ulp_mapgen.py,
causing Windows launch setting to be used - reported here:
https://esp32.com/viewtopic.php?f=13&t=12640&p=50283#p50283
2019-10-29 05:38:39 +00:00
Angus Gratton
f5238d5e42
Merge branch 'feature/esp32s2beta' into feature/esp32s2beta_merge
2019-10-15 15:03:45 +11:00
KonstantinKondrashov
267ca19ae8
bootloader: Fix dram_seg
2019-10-08 16:07:53 +08:00
Ivan Grokhotkov
5830f529d8
Merge branch 'master' into feature/esp32s2beta_merge
2019-10-02 19:01:39 +02:00
Ivan Grokhotkov
c496268b10
Merge branch 'feature/load_elf' into 'master'
...
Support ELF files loadable with gdb
Closes IDF-335
See merge request espressif/esp-idf!5779
2019-09-27 19:36:25 +08:00
Roland Dobai
5a916ce126
Support ELF files loadable with gdb
2019-09-24 07:19:50 +00:00
Roland Dobai
833822c10b
Fix Kconfig issues discovered by upstream Kconfiglib
2019-09-23 16:10:57 +02:00
KonstantinKondrashov
6f102125b4
bootloader: Add support esp32s2beta
2019-09-20 16:57:33 +10:00
Angus Gratton
83680bd96b
Merge branch 'feature/esp32s2beta' into feature/esp32s2beta_merge
2019-09-19 21:08:20 +10:00
Angus Gratton
438d513a95
Merge branch 'master' into feature/esp32s2beta_merge
2019-09-16 16:18:48 +10:00
KonstantinKondrashov
e0f7fbc5fa
bootloader: expand the space for iram_loader_seg
...
Fixed ld issue: overflowed iram_loader_seg
2019-09-13 00:39:37 +08:00
Angus Gratton
c052a38e2a
bootloader: Link RTC clock functions to the iram_loader section
...
As flash encryption & secure boot needs these functions after the app is loaded.
Fixes regression introduced in fb72a6f629
2019-09-10 11:28:17 +10:00
jiangguangming
4ef4b29c74
Reorganize the memory to maximize contiguous DRAM
...
1. Fix bug for variable sdkconfig_header in CMakeLists.txt
2. Modify the load address of bootloader
3. Modify the load address of application program
2019-09-06 16:18:42 +08:00
jiangguangming
c057c141eb
Fix bug for reserved memory regions
...
1. Release 16KB memory of reserved regions to heap
2. Modify the dram_seg address of bootloader to 0x3FFF8000, size is 16K
2019-09-05 19:00:14 +08:00
Angus Gratton
c5747027b4
Merge branch 'bugfix/cmake_bootloader_python' into 'master'
...
build system: Pass Python executable through to bootloader build
See merge request espressif/esp-idf!5956
2019-09-03 12:55:58 +08:00
Angus Gratton
abd6d40796
secure boot: Ensure mbedTLS enables ECDSA if signatures are checked in app
...
and all ECDSA to be disabled if secure boot is not enabled
Previously if ECDSA disabled in config then secure_boot_signatures.c would
fail to build (whether or not secure boot was enabled).
To avoid breaking apps that might be using the signature scheme with custom OTA
without enabling secure boot signatures in config, this change just disables
this functionality if unavailable in mbedTLS config.
Possible fix for root cause of https://github.com/espressif/esp-idf/pull/3703
2019-08-30 14:56:11 +10:00
Angus Gratton
e3e21b7954
build system: Pass Python executable through to bootloader build
...
Fixes failures if the PYTHON cache setting doesn't match the
default of "python" on the PATH.
2019-08-29 18:53:18 +10:00
Angus Gratton
1cd54d34f6
Merge branch 'bugfix/bootloader_factory_reset_with_wake_up_from_deep_sleep' into 'master'
...
bootloader: Blocking the Factory reset during wake up from deep sleep
Closes IDFGH-1536
See merge request espressif/esp-idf!5673
2019-08-29 09:35:08 +08:00
Angus Gratton
a21ca2270a
Merge branch 'feature/deep_sleep_fast_wake' into 'master'
...
bootloader: Reduce the time spent in image validation when waking from deep sleep
See merge request espressif/esp-idf!5140
2019-08-28 08:54:28 +08:00
KonstantinKondrashov
69f45c3674
bootloader: Factory reset not for deep sleep
...
Closes: https://github.com/espressif/esp-idf/issues/3800
Closes: IDFGH-1536
2019-08-23 10:21:06 +00:00
Ivan Grokhotkov
12c9d9a564
spi_flash: remove duplicate definition of spi_flash_unlock
...
The other (static) definition is in flash_ops.c, all references are
also in flash_ops.c.
2019-08-23 12:37:55 +08:00
KonstantinKondrashov
c543aac91e
bootloader: API for the fast wakeup and custom using RTC mem
...
Added "Reserve RTC FAST memory for custom purposes" option.
Added a boot counter.
2019-08-21 11:44:37 +00:00
Tim Nordell
43393cf4d1
bootloader: Support for skipping validation upon wake from deep sleep
...
This saves time when waking up from deep sleep, but potentially decreases
the security of the system. If the application able to modify itself
(especially areas that are loaded into RAM) in flash while running
without crashing or is modifies the cached bits of information about
what was last booted from the bootloader, this could cause security
issues if the user does a "deep sleep reset" since the full validation
is skipped.
Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Angus Gratton
04ae56806c
Merge branch 'master' into feature/esp32s2beta_update
2019-08-08 15:26:58 +10:00
Angus Gratton
24d26fccde
Merge branch 'master' into feature/esp32s2beta_update
2019-08-08 13:44:24 +10:00
Anton Maklakov
afbaf74007
tools: Mass fixing of empty prototypes (for -Wstrict-prototypes)
2019-08-01 16:28:56 +07:00
Renz Christian Bagaporo
9edc867c62
bootloader: fix secure boot issues
...
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
2019-06-28 10:54:21 +08:00
Renz Christian Bagaporo
f332e0c1d6
partition_table: move establishing dependencies to respective components
...
partition_table: move establishing dependencies to respective components
2019-06-28 10:50:52 +08:00
Hemal Gujarathi
a68c7c21e1
Improve flash encryption documentation and add Development & Release modes
...
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
2019-06-25 23:41:18 +00:00
Angus Gratton
9a412d3a08
Merge branch 'feature/use_new_component_registration_apis' into 'master'
...
Use new component registration API
See merge request idf/esp-idf!4898
2019-06-25 10:24:11 +08:00