Secure version in the image header is only available for the application
image. However, for certain security workflows, bootloader verifies
itself (own image) and hence the secure version check during that must be
avoided.
Regression introduced in recent commit-id: 3305cb4d
Tested that both secure boot and flash-enc workflows work correctly
with the anti-rollback scenario.
This commit renames USB PHY related HAL files from "usb_phy_xxx" to
"usb_fsls_phy_xxx" since they are only designed to support Full-Speed/Low-Speed
Serial USB PHYs. This renmaing is done to accommodate future USB PHYs that use
other PHY interfaces (e.g., UTMI, ULPI etc).
Some additional checks related to secure version of the application in
anti-rollback case have been added to avoid any attempts to boot lower
security version but valid application (e.g., passive partition image).
- Read secure_version under sha256 protection
- First check has been added in the bootloader to ensure correct secure
version after application verification and loading stage. This check
happens before setting up the flash cache mapping and handling over
the final control to application. This check ensures that application
was not swapped (e.g., to lower security version but valid image) just
before the load stage in bootloader.
- Second check has been added in the application startup code to ensure
that currently booting app has higher security version than the one
programmed in the eFuse for anti-rollback scenario. This will ensure
that only the legit application boots-up on the device for
anti-rollback case.
* Closes https://github.com/espressif/esp-idf/issues/12849
In former versions of ESP-IDF, the user custom memory data in the retained memory
was taken into account during the CRC calculation. This was changed in a later
commit, the custom memory was ignored, therefore this can seen as a breaking change.
This commit gives the possibility to choose between the former (legacy) or
new way of calculating the CRC.
Currently, when flash encryption is enabled, the whole partition gets encrypted.
This can be optimised by encrypting only the app image instead of encrypting the whole partition.
Closes https://github.com/espressif/esp-idf/issues/12576
Fixed the value of the image_length field of the image metadata populated by esp_image_verfiy()
to include the size of the signature sector when Secure Boot V1 is enabled.
On ESP32-S3 with the default efuse settings, USB PHY is connected to
the USB_SERIAL_JTAG peripheral. If USB OTG peripheral is used for the
console, we need to additionally switch the PHY to USB OTG, otherwise
we won't get any output.
Closes https://github.com/espressif/esp-idf/issues/12437
* All components which won't build (yet) on Linux are excluded.
This enables switching to Linux in an application without
explicitly setting COMPONENTS to main in the main
CMakeLists.txt.
* ESP Timer provides headers for Linux now
* automatically disabling LWIP in Kconfig if it is not available
doc(linux): brought section
"Component Linux/Mock Support Overview" up to date
Added an API to verify the bootloader and app image before revoking the key in Secure Boot V2.
This will help in preventing the device to be bricked if the bootloader/application cannot be
verified by any other keys in efuse