56 Commits

Author SHA1 Message Date
Xiao Xufeng
113e4dc520 bootloader: removed unavailable rtc features 2023-04-24 11:32:23 +08:00
Mahavir Jain
f22daec784 Merge branch 'feature/secure_set_efuses_to_prevent_brick_chip' into 'master'
security: write-protect DIS_ICAHE and DIS_DCACHE

Closes IDF-5177

See merge request espressif/esp-idf!22640
2023-03-29 11:51:09 +08:00
KonstantinKondrashov
a3232e4a5b bootloader: Adds an option to leave DIS_CACHE writeable 2023-03-29 00:02:25 +08:00
KonstantinKondrashov
723b2e86e5 security: write-protect DIS_ICAHE and DIS_DCACHE
Closes IDF-5177
2023-03-29 00:02:24 +08:00
Zim Kalinowski
7c090d9a42 Merge branch 'bugfix/bootloader-ignored-warnings' into 'master'
bootloader: fix and re-enable no-format warnings

Closes IDF-6789

See merge request espressif/esp-idf!22715
2023-03-16 19:57:58 +08:00
Armando
bae6680207 mmu: hal function to init, and hal function to unmap all 2023-03-15 10:59:20 +08:00
Armando
929b7717ff system: fixed ram app cannot use mmu correctly issue 2023-03-15 10:59:20 +08:00
Zim Kalinowski
f6453b7938 bootloader: fix and re-enable no-format warnings 2023-03-15 00:28:31 +01:00
wuzhenghui
c0d2fcded7 refactor: move bootloader_init_spi_flash to bootloader_flash_config_{target}.c 2023-02-01 17:57:28 +08:00
wuzhenghui
44df5b31af feature: add ram loadable app support 2023-02-01 17:57:22 +08:00
Jakob Hasse
33a3616635 refactor (bootloader_support, efuse)!: remove target-specific rom includes
The following two functions in bootloader_support are private now:
* esp_secure_boot_verify_sbv2_signature_block()
* esp_secure_boot_verify_rsa_signature_block()
They have been moved into private header files
inside bootloader_private/

* Removed bootloader_reset_reason.h and
  bootloader_common_get_reset_reason() completely.
  Alternative in ROM component is available.

* made esp_efuse.h independent of target-specific rom header
2022-07-13 10:29:02 +08:00
Cao Sen Miao
4418a855ba spi_flash: refactor the spi_flash clock configuration, and add support for esp32c2 2022-04-26 15:22:37 +08:00
Armando
c1cbd7bbf6 cache/mmu: implememnt cache and mmu hal APIs in bootloader 2022-03-11 22:43:11 +08:00
rudi ;-)
f242a1705a
add support for Flash 32MB..128MB (S2, S3)
ESP32-S2 and ESP32-S3
supports up to 1 GB of external flash and RAM
add support for
-    32MB
-    64MB
-    128MB ( example NOR spiFLASH 1G-BIT W25Q01JVZEIQ Winbond 0xEF 0x40 0x21 )

Merges https://github.com/espressif/esp-idf/pull/7688

Signed-off-by: Ivan Grokhotkov <ivan@espressif.com>
2022-02-21 10:26:41 +03:00
Cao Sen Miao
3dd1cfea18 spi_flash: refactor spi_flash.h to decline duplicated code 2021-12-30 14:05:12 +08:00
Sudeep Mohanty
e22b4007d3 esp_hw_support: Removed deprecated CPU util functions
The following files were deleted:
- components/esp_hw_support/include/soc/cpu.h
- components/soc/esp32s3/include/soc/cpu.h

The following functions are deprecated:
- get_sp()

The following functions declared in soc/cpu.h are now moved to esp_cpu.h:
- esp_cpu_configure_region_protection()

The following functions declared in soc/cpu.h are now moved to components/xtensa/include/esp_cpu_utils.h:
- esp_cpu_process_stack_pc()

All files with soc/cpu.h inclusion are updated to include esp_cpu.h instead.

Signed-off-by: Sudeep Mohanty <sudeep.mohanty@espressif.com>
2021-12-28 16:58:37 +05:30
Aditya Patwardhan
5d61eea847 efuse_example_test: Fix the example test ( broken due to latest change
in info message)

*Unify the log messages when UART ROM Download mode is kept enabled
2021-11-23 15:21:32 +05:30
Aditya Patwardhan
be65338212 secure_boot: Fix warning when UART ROM DL mode is disabled
*Additionally use updated calls to enable rom secure download mode
2021-11-22 12:01:15 +05:30
Sachin Parekh
bf1dde7233 bootloader: Enable clock glitch detection
Reset the device when clock glitch detected. Clock glitch detection is
only active in bootloader
2021-09-02 12:25:12 +05:30
Mahavir Jain
012c9e26a4 Merge branch 'fixes/secure_boot' into 'master'
secure_boot/esp32(s2,c3): Disable read protecting of efuses

See merge request espressif/esp-idf!14769
2021-08-17 05:05:00 +00:00
Sachin Parekh
f430e86c0f secure_boot/esp32(s2,c3): Disable read protecting of efuses
When secure boot is enabled, disable the ability to read protect
efuses that contain the digest.
2021-08-13 13:41:59 +05:30
Michael (XIAO Xufeng)
dd40123129 bootloader: add xmc spi_flash startup flow to improve reliability 2021-08-12 17:22:42 +08:00
Cao Sen Miao
c29b3e2e36 spi_flash: move the unlock patch to bootloader and add support for GD 2021-07-29 10:46:33 +08:00
morris
1560d6f1ba soc: add reset reasons in soc component 2021-07-13 10:45:38 +08:00
Konstantin Kondrashov
f339b3fc96 efuse(esp32): Deprecate esp_efuse_burn_new_values() & esp_efuse_write_random_key()
These functions were used only for esp32 in secure_boot and flash encryption.
Use idf efuse APIs instead of efuse regs.
2021-06-17 07:21:36 +08:00
Jan Brudný
a2686dc4eb bootloader: update copyright notice 2021-05-10 04:58:34 +02:00
KonstantinKondrashov
95564b4687 secure_boot: Secure Boot V2 verify app signature on update (without Secure boot)
- ESP32 ECO3, ESP32-S2/C3/S3
2021-03-15 12:30:20 +00:00
KonstantinKondrashov
88c5fe49b8 soc: Adds a soc_caps define for all chips to define the number of boot key digests 2021-01-19 20:51:13 +08:00
Konstantin Kondrashov
fbba2cb356 bootloader/esp32s2: Add using of efuse APIs for keys, purposes, wr/rd-protection bits for flash encryption, secure boot 2021-01-08 11:29:46 +08:00
Supreet Deshpande
e517b4953f Secure Boot v2: Fix the double padding of the image length during flash encryption
Fixes https://github.com/espressif/esp-idf/issues/6236
2020-12-21 11:32:37 +05:30
morris
6225932201 bootloader_support: add esp32-s3 initial support 2020-09-22 15:15:03 +08:00
Michael (XIAO Xufeng)
3b2e8648eb bootloader: create public bootloader_flash.h header
Move non-public functions into bootloader_flash_priv.h header
2020-09-19 10:52:02 +08:00
Michael (XIAO Xufeng)
fefdee1349 bootloader: fix the WRSR format for ISSI flash chips
1. The 2nd bootloader always call `rom_spiflash_unlock()`, but never help to clear the WEL bit when exit. This may cause system unstability.

   This commit helps to clear WEL when flash configuration is done.

   **RISK:** When the app starts, it didn't have to clear the WEL before it actually write/erase. But now the very first write/erase operation should be done after a WEL clear. Though the risk is little (all the following write/erase also need to clear the WEL), we still have to test this carefully, especially for those functions used by the OTA.

2. The `rom_spiflash_unlock()` function in the patch of ESP32 may (1) trigger the QPI, (2) clear the QE or (3) fail to unlock the ISSI chips.

   Status register bitmap of ISSI chip and GD chip:

| SR | ISSI | GD25LQ32C |
| -- | ---- | --------- |
| 0  | WIP  | WIP       |
| 1  | WEL  | WEL       |
| 2  | BP0  | BP0       |
| 3  | BP1  | BP1       |
| 4  | BP2  | BP2       |
| 5  | BP3  | BP3       |
| 6  | QE   | BP4       |
| 7  | SRWD | SRP0      |
| 8  |      | SRP1      |
| 9  |      | QE        |
| 10 |      | SUS2      |
| 11 |      | LB1       |
| 12 |      | LB2       |
| 13 |      | LB3       |
| 14 |      | CMP       |
| 15 |      | SUS1      |

   QE bit of other chips are at the bit 9 of the status register (i.e. bit 1 of SR2), which should be read by RDSR2 command.

   However, the RDSR2 (35H, Read Status 2) command for chip of other vendors happens to be the QIOEN (Enter QPI mode) command of ISSI chips. When the `rom_spiflash_unlock()` function trys to read SR2, it may trigger the QPI of ISSI chips.

   Moreover, when `rom_spiflash_unlock()` try to clear the BP4 bit in the status register, QE (bit 6) of ISSI chip may be cleared by accident. Or if the ISSI chip doesn't accept WRSR command with argument of two bytes (since it only have status register of one byte), it may fail to clear the other protect bits (BP0~BP3) as expected.

   This commit makes the `rom_spiflash_unlock()` check whether the vendor is issi. if so, `rom_spiflash_unlock()` only send RDSR to read the status register, send WRSR with only 1 byte argument, and also avoid clearing the QE bit (bit 6).

3. `rom_spiflash_unlock()` always send WRSR command to clear protection bits even when there is no protection bit active. And the execution of clearing status registers, which takes about 700us, will also happen even when there's no bits cleared.

   This commit skips the clearing of status register if there is no protection bits active.

Also move the execute_flash_command to be a bootloader API; move
implementation of spi_flash_wrap_set to the bootloader
2020-09-19 10:51:51 +08:00
Ivan Grokhotkov
66a32c1707 bootloader: fix section placement issues found by the check script
Summary of changes:

- bootloader_clock split into *_clock_init and *_clock_loader.
  Only esp_clk_apb_freq is in *_clock_loader.
- bootloader_common moved out of loader; functions needed in loader
  (or, referenced from bootloader_utility) were moved into
  bootloader_common_loader.c.
- assert and abort moved into bootloader_panic, made part of the
  loader
- rtc_clk and rtc_time made part of loader
2020-09-03 18:14:17 +02:00
Angus Gratton
a2dc60b254 Merge branch 'feature/secure_boot_esp32s2' into 'master'
Feature/secure boot esp32s2

See merge request espressif/esp-idf!8254
2020-07-28 16:39:34 +08:00
morris
2917651478 esp_rom: extract common ets apis into esp_rom_sys.h 2020-07-27 15:27:01 +08:00
Angus Gratton
a91bd4078f secure boot: Fixes for ESP32-S2 first boot logic 2020-07-27 00:01:10 +00:00
Angus Gratton
bfc3f85826 bootloader esp32s2: Fix return type of ROM function signature verification 2020-07-27 00:01:10 +00:00
Supreet Deshpande
e640e148cf Secure boot v2 support for ESP32-S2 2020-07-27 00:01:10 +00:00
morris
458b14a8ea esp_rom: extract common efuse apis into esp_rom_efuse.h 2020-07-15 10:40:50 +08:00
morris
a4d0033c03 esp_rom: extract common GPIO apis into esp_rom_gpio.h 2020-07-07 11:40:19 +08:00
Ivan Grokhotkov
5ee75165f2 esp_common: add "USB CDC" option for console output 2020-06-26 15:38:49 +02:00
Angus Gratton
1dd5a4dba4 efuse: Add new esp_efuse_write_field_bit() convenience function 2020-05-28 17:45:09 +10:00
Angus Gratton
9b822a3d2e esp32s2: Disable legacy boot mode & ROM remap modes if either Secure Boot or Flash Encryption is on 2020-05-28 17:45:09 +10:00
Felipe Neves
95bc186846 flash_encryption: Fix next spi boot crypt counter value after a plaintext flash 2020-04-24 12:43:47 -03:00
Felipe Neves
f7ccc081a5 flash_encryption: replace spi crypt count efuse burning function by a esp_efuse_API
flash_encryption: modify additional efuses burning method to fix them are not being written

flass_encryption: burn efuse to disable boot from RAM space

flash_encryption: added better checking for key generation state plus set read and write protect for them

soc esp32s2: Add register-level bit definitions for read & wrote protect bits

esp32s2: Fixes for flash encryption

- Write efuses in a batch
- Fix some detection of whether existing efuse blocks are read/write protected
2020-04-24 12:43:47 -03:00
Felipe Neves
6f27992430 flash_encryption: return more clear error codes when bootloader encryption fails 2020-04-24 12:43:47 -03:00
Felipe Neves
b3d8847406 flash_encryption: added wdt feed during encryption process to avoid undesired reset. 2020-04-24 12:43:47 -03:00
Felipe Neves
7635dce502 bootloader/flash_encrypt: added esp32s2 flash encryption code on build system and enabled example
flash_enctryption: enabled flash encryption example on esp32s2

bootloader: raise WDT overflow value providing sufficient interval to encrypt app partition

flash_ encrypt: Fixed the TODOs on flash encryption key generation for esp32s2

flash_encryption: added secure boot features to flash enctryption for esp32s2

bootloader: leave only esp32s2 compatible potentially insecure options on menuconfig.

flash_encryption: removed secure boot version 1 from esp32s2 encryption code

flash_encryption:  added  CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED option for esp32s2

flash_encryption: fixed the count of left plaintext flash

flash_encryption: disable dcache and icache download when using encryption in release mode

flash_encryption:  add cache potentally insecure options for s2 chips

flash_encryption: fixed bug which bricked some chips in relase mode
2020-04-24 12:43:47 -03:00
Renz Christian Bagaporo
2b100789b7 esp32, esp32s2: move panic handling code to new component 2020-03-10 19:56:24 +08:00