alex/esp-idf
alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2024-10-05 20:47:46 -04:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
31,418 Commits 20 Branches 148 Tags 384 MiB
aa245489fb
Commit Graph

24 Commits

Author SHA1 Message Date
KonstantinKondrashov
e72061695e all: Removes unnecessary newline character in logs 
Closes https://github.com/espressif/esp-idf/issues/11465
 2023-06-09 03:31:21 +08:00
laokaiyao
bf2a7b2df6 esp32h4: removed esp32h4 related codes 2023-04-23 12:03:07 +00:00
Zim Kalinowski
f6453b7938 bootloader: fix and re-enable no-format warnings 2023-03-15 00:28:31 +01:00
Mahavir Jain
d4ccdd48f6
esp32h2: add secure boot feature support 
Closes IDF-6281
 2023-03-06 16:57:45 +05:30
Sachin Parekh
2bb9499a7e esp32c6: Enable ECDSA based secure boot 
- Updated documentation for C6
 2023-02-13 13:02:11 +05:30
Aditya Patwardhan
dfcf5878f8 secure_boot_v2: Fix warning message 2022-11-25 03:25:36 +05:30
laokaiyao
8677216576 esp32h2: renaming esp32h2 to esp32h4 2022-11-08 17:05:33 +08:00
Jakob Hasse
33a3616635 refactor (bootloader_support, efuse)!: remove target-specific rom includes 
The following two functions in bootloader_support are private now:
* esp_secure_boot_verify_sbv2_signature_block()
* esp_secure_boot_verify_rsa_signature_block()
They have been moved into private header files
inside bootloader_private/

* Removed bootloader_reset_reason.h and
  bootloader_common_get_reset_reason() completely.
  Alternative in ROM component is available.

* made esp_efuse.h independent of target-specific rom header
 2022-07-13 10:29:02 +08:00
KonstantinKondrashov
dd4642b6ba secure_boot(esp32c2): Fix case when SB key is pre-loaded 2022-05-31 11:12:21 +00:00
KonstantinKondrashov
505e18237a bootloader: Support Flash Encryption for ESP32-C2 2022-05-31 11:12:21 +00:00
Sachin Parekh
2c725264f7
esp32c2: Support Secure Boot V2 based on ECDSA scheme 2022-05-11 18:00:03 +05:30
Aditya Patwardhan
3b71bd7326 mbedtls-3.0: Fixed ESP32 build issues 
- Added MBEDLTS_PRIVATE(...) wherever necessary
- For functions like mbedtls_pk_parse_key(...), it is necessary to pass the RNG function
  pointers as parameter. Solved for dependent components: wpa_supplicant & openSSL
- For libcoap, the SSLv2 ClientHello handshake method has been deprecated, need to handle this.
  Currently, corresponding snippet has been commented.
- Examples tested: hello-world | https_request | wifi_prov_mgr

mbedtls-3.0: Fixed ESP32-C3 & ESP32-S3 build issues
- Removed MBEDTLS_DEPRECATED_REMOVED macro from sha1 port
- DS peripheral: esp_ds_rsa_sign -> removed unsused 'mode' argument
- Added MBEDTLS_PRIVATE(...) wherever required

mbedtls-3.0: Fixed ESP32-S2 build issues
- Fixed outdated function prototypes and usage in mbedlts/port/aes/esp_aes_gcm.c due to changes in GCM module

mbedtls-3.0: Fixed ESP32-H2 build issues

ci: Fixing build stage
- Added MBEDTLS_PRIVATE(...) wherever required
- Added RNG function parameter
- Updated GCM Module changes
- Updated Copyright notices

- Tests:
- build_esp_idf_tests_cmake_esp32
- build_esp_idf_tests_cmake_esp32s2
- build_esp_idf_tests_cmake_esp32c3
- build_esp_idf_tests_cmake_esp32s3

ci: Fixing build stage (mbedtls-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing build stage (example-related changes)
- Added MBEDTLS_PRIVATE(...) wherever required
- Updated SHAXXX functions
- Updated esp_config according to mbedtls changes

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

ci: Fixing target_test stage
- Updated test SSL version to TLS_v1_2

- Tests:
- example_test_protocols 1/2

ci: Fixing build stage
- Added checks for MBEDTLS_DHM_C (disabled by default)
- Updated esp_cryptoauthlib submodule
- Updated factory partition size for legacy BLE provisioning example

- Tests:
- build_examples_cmake_esp32
- build_examples_cmake_esp32s2
- build_examples_cmake_esp32c3
- build_examples_cmake_esp32s3

Co-authored-by: Laukik Hase <laukik.hase@espressif.com>
 2022-03-03 01:37:10 +05:30
Aditya Patwardhan
45122533e0 mbedtls-3 update: 
1) Fix build issue in mbedtls
2) skip the public headers check in IDF
3)Update Kconfig Macros
4)Remove deprecated config options
5) Update the sha API according to new nomenclature
6) Update mbedtls_rsa_init usage
7) Include mbedtls/build_info.h instead of mbedtls/config.h
8) Dont include check_config.h
9) Add additional error message in esp_blufi_api.h
 2022-03-03 01:37:10 +05:30
KonstantinKondrashov
ebdc52d4e2 efuse(esp32c2): Support eFuse key APIs 2022-02-01 17:30:31 +08:00
KonstantinKondrashov
3a23340e40 bootloader_support: Support eFuse key APIs in SB and FE 2022-01-25 20:25:39 +08:00
Mahavir Jain
2a885ae694 secure_boot_v2: fix issue in pre-flashed digest (manual) workflow 
This commit fixes issue where empty (unprogrammed) digest slot out of
multiple supported (e.g. 3 for ESP32-C3) could cause issue in
workflow enablement process.

Notes:

1. This issue was applicable for chips supporting "secure-boot-v2"
scheme with multiple digests slots
2. This issue was affecting only manual workflow, where digest of
public was pre-flashed in efuse
3. Change in "flash_encrypt.c" is only for additional safety purpose
 2021-11-02 15:26:24 +08:00
Sachin Parekh
724fdbc9f1 secure_boot: Do not allow key revocation in bootloader 2021-10-22 12:20:14 +05:30
Angus Gratton
e3ca61a200 secure boot: Fix incorrect handling of mbedtls_ctr_drbg_seed() failure in signature verification 
Increase the test app optimization level to one that would find this issue.
 2021-07-08 19:17:04 +10:00
Konstantin Kondrashov
f339b3fc96 efuse(esp32): Deprecate esp_efuse_burn_new_values() & esp_efuse_write_random_key() 
These functions were used only for esp32 in secure_boot and flash encryption.
Use idf efuse APIs instead of efuse regs.
 2021-06-17 07:21:36 +08:00
Jan Brudný
a2686dc4eb bootloader: update copyright notice 2021-05-10 04:58:34 +02:00
KonstantinKondrashov
7f40717eb2 secure_boot/SIGNED_ON_UPDATE_NO_SECURE_BOOT: Only the first position of signature blocks is used to verify any update 2021-03-25 12:27:05 +00:00
Angus Gratton
6a29b45bd4 secure boot v2: Fix issue checking multiple signature blocks on OTA update 2021-03-15 12:30:20 +00:00
Angus Gratton
d709631393 secure boot: Add boot check for SBV2 "check app signature on update" 
As this mode uses the public keys attached to the existing app's signatures to
verify the next app, checking that a signature block is found on boot prevents
the possibility of deploying a non-updatable device from the factory.
 2021-03-15 12:30:20 +00:00
KonstantinKondrashov
95564b4687 secure_boot: Secure Boot V2 verify app signature on update (without Secure boot) 
- ESP32 ECO3, ESP32-S2/C3/S3
 2021-03-15 12:30:20 +00:00