For Secure Boot v2 case, unsigned image is first padded to next 64K
aligned boundary and then a signature block of 4K gets appended. Thus
an app partition whose size is 4K aligned should be allowed here.
For Secure Boot v1 case, app partition size must be 64K aligned as the
signature block lies at the very end of 64K boundary.
Relevant:
57b601ab7f
It was when in the partition table there is a partition with type="data" and suptype=""(empty),
in this case type=1, suptype=0. It is similar to otadata partition.
This commit fixes it, now it will handle it as type=1, suptype=6 (ESP_PARTITION_SUBTYPE_DATA_UNDEFINED).
Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).
The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
handling (only when nvs encryption is enabled)
* NVS Encryption will now be turned on by default with flash encryption
* Updated the flash encryption example to shocase NVS encryption
along with information on how to configure and use NVS encryption
* Updated respective test case
* Added two partition tables for NVS encryption
i) Table 1- Single factory app, no OTA, encrypted NVS
ii) Table 2- Factory app, Two OTA, encrypted NVS
- Add the function esptool_py_flash_to_partition to flash a binary
image to a named partition. If encryption is enabled, this function
will also determine if the partition needs to be encrypted or not
according the its type, subtype and flag in the CSV file (if any).
- Use idf.py encrypted-flash will now flash both encrypted and
non-encrypted file if any (spiffs for example) using esptool.py's
--encrypt-files option.
Closes IDF-2387
Relates to IDF-723
Relates to IDF-2231
Previous versions of PartitionType only required type and subtype as
arguments for the constructor. Make the new part_list argument optional to
keep backwards compatibilty
A manufactory tool needs to retrieve info about partitions. With a new flag - "--part_list" we can get a list of partitions with the same type/subtype and easily iterate by it.
- name and flag arguments
- added flag "--part_list" to get a list of partitions with the same type/subtype
- save prev behavior of the get_partition_info command (return the only first item)
- added host test
* partition api changed from spi_flash* API to
esp_partition* API and is abstracted as a C++
interface.
* The old nvs encryption is still possible
* changed default unit test app partition table
* Partitions coming from esp_partition API are
checked for generic flash encryption. If yes,
an error is returned since generic flash
encryption isn't compatible with nvs
encryption
* esp32, esp32s2 tests don't require nvs_flash
but mbedtls now
Closes IDF-1340
Closes IDF-858
* changing dependencies from unity->cmock
* added component.mk and Makefile.projbuild
* ignore test dir in gen_esp_err_to_name.py
* added some brief introduction of CMock in IDF
Fixes the issue that signed partition table was not generated when
CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES was on, because
partition_table_bin depended on unsigned_partition_bin twice.
Regression from acb7a211.
Also use final_partition_bin variable in esptool_py_flash_target_image
arguments, to avoid issues in the future if final_partition_bin is
changed.
Previous version used exception handling for program control flow,
which makes for long and confusing backtrace messages if an error
occurs while parsing the CSV (as it also prints the phony error that
occurred while trying to parse as a binary, then prints
"During handling of the above exception, another exception occurred:",
then prints the real error).
Use the same heuristic that is applied in gen_esp32_part, instead.
Also, avoid printing the entire backtrace if the error is a gen_esp32_part
InputError, same as gen_esp32part does.
Found while looking into https://github.com/espressif/esp-idf/issues/4474
The build system automatically determines offsets of partitions from
the partition table, so no manual changes are needed. Instead, add a
note that partition offsets may need to be updated when increasing
the bootloader size.
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
Added:
* set a secure version in app/bootloader.
* description anti-rollback to ota part
* emulate the secure_version write and read operations
* efuse_em partition.
* a description about a rollback for native_ota_example.
Closes: TW26335