Commit Graph

129 Commits

Author SHA1 Message Date
Stefan Wallentowitz
dd7aece4bf
Secure boot v2 image format: CRC size
The CRC size is documented as 1095 bytes, but in the code I find 1196 bytes:
https://github.com/espressif/esp-idf/blob/master/components/bootloader_support/src/secure_boot_v2/secure_boot.c#L35
2022-05-30 23:30:34 +02:00
Sachin Parekh
2c725264f7
esp32c2: Support Secure Boot V2 based on ECDSA scheme 2022-05-11 18:00:03 +05:30
Marius Vikhammer
a6543f0d21 docs: fix broken references to misc API functions and types. 2022-03-27 16:46:57 +08:00
Mahavir Jain
a0c5d845eb
doc/security: fix re-flashable bootloader section
- Add pointer to key generation section
- Fix sequence point ordering
2022-03-11 15:56:06 +05:30
laokaiyao
cf049e15ed esp8684: rename target to esp32c2 2022-01-19 11:08:57 +08:00
Marius Vikhammer
82325f6037 docs: update docs to be able to build with esp8684 2021-12-20 10:32:49 +08:00
Mahavir Jain
1501a22e02 docs: fix salt length in secure-boot-v2 docs 2021-12-07 09:49:28 +05:30
Roland Dobai
9c1d4f5b54 Build & config: Remove the "make" build system
The "make" build system was deprecated in v4.0 in favor of idf.py
(cmake). The remaining support is removed in v5.0.
2021-11-10 09:53:53 +01:00
daiziyan
e79b8c1b6a docs: update CN trans for external-ram and flash-encryption 2021-11-05 19:23:10 +08:00
Sachin Parekh
8ff3dbc05d secure_boot: Added Kconfig option for aggressive key revoke
Applicable to S2, C3, and S3
2021-10-22 12:20:14 +05:30
Marius Vikhammer
95d824fbb0 Merge branch 'docs/flash_enc_512bits' into 'master'
docs: update flash encryption docs with 512bit key related info

Closes IDF-3867

See merge request espressif/esp-idf!15318
2021-10-13 08:49:37 +00:00
Jakob Hasse
ea2e2b0d62 [docs]: Clarified and improved Secure Boot docs 2021-10-13 11:41:53 +08:00
Marius Vikhammer
b62f2b33e9 docs: update flash encryption docs with 512bit key related info 2021-10-11 12:31:16 +08:00
Sachin Parekh
2d82560ed5 bootloader: Enable Secure boot V2 for ESP32-S3 2021-08-19 14:08:12 +05:30
daiziyan
c399251eda docs: update CN trans for flash-encryption 2021-08-16 16:46:04 +08:00
KonstantinKondrashov
93512edc7a secure_boot_v2(doc): secure_boot_v2 key/s must be readable 2021-08-04 15:39:48 +05:00
Sachin Parekh
082cc36532 doc/secure_boot_v2: Fix the steps mentioned for enabling secure boot 2021-07-30 14:40:32 +08:00
Mahavir Jain
77c96e51bb docs: security: fix minor formatting issues or typos 2021-07-22 15:18:56 +05:30
Marius Vikhammer
fe0600b859 docs: add note about PSRAM encryption 2021-07-19 13:53:21 +08:00
Marius Vikhammer
b8a322195e flash encryption: add flash encryption support for ESP32-S3 2021-07-14 18:46:17 +08:00
Angus Gratton
6f0b36f7be Merge branch 'doc/flash_manual_encrypt' into 'master'
docs: Add manual encryption docs, fix flash encryption efuse bug

Closes IDFGH-3006

See merge request espressif/esp-idf!14178
2021-07-14 09:27:34 +00:00
Angus Gratton
f62c303633 docs: Explain the 256- and 512- bit keys used for AES-XTS 256 vs 512 2021-07-14 16:58:18 +10:00
Angus Gratton
765b75d37b docs: Add description of manual encryption steps
Closes https://github.com/espressif/esp-idf/issues/5037
2021-07-14 16:58:18 +10:00
Angus Gratton
fcd193b024 docs: Use soc_caps instead of chip names for flash encryption docs
Clears the way for ESP32-S3 and future chips.
2021-07-14 16:57:31 +10:00
Angus Gratton
c01da712f6 docs: Move the bootloader size section into the Bootloader guide 2021-07-13 17:35:04 +10:00
Angus Gratton
1bad8a28bb secure boot doc: Clarify limits for verifying signed updates without secure boot
Closes https://github.com/espressif/esp-idf/issues/7080
2021-06-15 17:44:03 +10:00
Marius Vikhammer
bdfda351bd build docs: enable building of S3 docs
* Added suport for building esp32s3 docs
 * Fixed all related warnings
 * Activated building of S3 docs for build HTML fast CI job
2021-06-09 09:30:36 +08:00
Wang Fang
71141a326d docs: clarified esp32 timer clk source, updated the flash encryption table and esptrace doc 2021-05-24 03:46:40 +00:00
Angus Gratton
6f6b4c3983 cmake partition_table: Check binaries fit in partition spaces at build time
- Bootloader is checked not to overlap partition table
- Apps are checked not to overlap any app partition regions

Supported for CMake build system only.

Closes https://github.com/espressif/esp-idf/pull/612
Closes https://github.com/espressif/esp-idf/issues/5043
Probable fix for https://github.com/espressif/esp-idf/issues/5456
2021-04-16 16:40:47 +10:00
KonstantinKondrashov
9295e54c9d docs: Adds secure_boot_v2 for ESP32-C3 ECO3 2021-04-08 14:22:46 +08:00
Angus Gratton
97ea00f355 Merge branch 'doc/flash_encryption_development' into 'master'
doc: Mention Flash Encryption on the host is possible in Release mode

Closes IDFGH-4074

See merge request espressif/esp-idf!12721
2021-04-06 08:13:43 +00:00
Angus Gratton
e97ae26f48 doc: Mention pre-encrypting on the host is possible in Release mode
Closes https://github.com/espressif/esp-idf/issues/5945
2021-04-06 16:58:58 +10:00
Angus Gratton
2e98a5d796 docs: split the 'general notes' page into two 2021-03-29 16:32:54 +11:00
KonstantinKondrashov
7f40717eb2 secure_boot/SIGNED_ON_UPDATE_NO_SECURE_BOOT: Only the first position of signature blocks is used to verify any update 2021-03-25 12:27:05 +00:00
Aditya Patwardhan
2095148b31 bootloader/ ESP32_ECO3: Do not disable UART download mode by default 2021-03-23 08:15:32 +00:00
Angus Gratton
bc7e00896e docs: Add docs for Secure Boot V2 "verify on update without secure boot" 2021-03-15 12:30:20 +00:00
Angus Gratton
501af6dfa2 Merge branch 'feature/secure_boot_revoke_check' into 'master'
secure_boot: Checks secure boot efuses

Closes IDF-2609

See merge request espressif/esp-idf!12148
2021-02-25 22:38:42 +00:00
KonstantinKondrashov
90f2d3199a secure_boot: Checks secure boot efuses
ESP32 V1 and V2 - protection bits.
ESP32xx V2: revoke bits, protection bits

- refactor efuse component
- adds some APIs for esp32 chips as well as for esp32xx chips
2021-02-23 03:56:21 +08:00
KonstantinKondrashov
70dd884fee doc(esp32c3): Updates secure features doc 2021-02-22 18:01:35 +08:00
Marius Vikhammer
548fd02d10 docs: initial update of programming guide for C3
Updates "front page" content, get-started, and api-guides with C3 content

Enable building and publishing of C3 docs in CI
2021-02-01 15:40:02 +08:00
kirill.chalov
f634c59289 Add hypertargets to all TRM references 2021-01-26 05:51:52 +00:00
Angus Gratton
a7da0c894b Merge branch 'feature/c3_master_flash_enc_support' into 'master'
flash encryption: merge C3 flash encryption changes to master

See merge request espressif/esp-idf!12040
2021-01-22 12:58:38 +08:00
KonstantinKondrashov
98f726fa4b bootloader/esp32c3: Adds secure boot (not yet supported) 2021-01-19 20:51:13 +08:00
Marius Vikhammer
03fa63b0c9 bootloader: add flash encryption support for C3
Adds flash encryption support for C3 and updates docs for S2 & C3
2021-01-18 14:10:54 +08:00
KonstantinKondrashov
b19c4739c3 bootloader: Secure_boot name replaced by secure_boot_v1 & secure_boot_v2
- espefuse.py burn_key secure_boot is no longer used.
- Secure boot V1: espefuse.py burn_key secure_boot_v1 file.bin
- Secure boot V2: espefuse.py burn_key secure_boot_v2 file.bin
2020-10-15 16:48:23 +08:00
Supreet Deshpande
33979a9361 Docs: Secure boot v2 support for ESP32-S2 2020-07-27 00:01:10 +00:00
Angus Gratton
f64ae4fa99 efuse: Add 'disable Download Mode' & ESP32-S2 'Secure Download Mode' functionality 2020-05-28 17:50:45 +10:00
Marius Vikhammer
d193790f85 doc: update flash encryption with S2 specific content 2020-04-08 11:17:31 +08:00
Kirill Chalov
0cc9ffb8f7 Implement comments and add info on ESP32S2 2020-04-08 10:30:22 +08:00
Kirill Chalov
9ed60af1f2 Review security/flash-encryption.rst 2020-04-08 10:30:22 +08:00
Angus Gratton
4358f3b573 doc: Add warnings about using JTAG debugging with hardware security features
This is related to the following issues but is not a fix, just documentation of a workaround until we can
improve the support:
https://github.com/espressif/esp-idf/issues/4878
https://github.com/espressif/esp-idf/issues/4734
2020-04-01 17:36:08 +11:00
Angus Gratton
fe64ab6de0 docs: secure boot v2: Add a note about maximum bootloader size 2020-03-30 18:13:42 +11:00
Angus Gratton
142f69448f secure boot v2: esp32: Prevent read disabling additional efuses
Also reduce the number of eFuse write cycles during first boot when
Secure Boot and/or Flash Encryption are enabled.
2020-03-30 18:00:40 +11:00
Supreet Deshpande
073ba0a608 feat/secure_boot_v2: Adding docs for secure boot v2 ESP32-ECO3 2020-02-25 01:28:22 +05:30
Marius Vikhammer
268816649c Replace all TRM urls will generic template variable and remove duplicate sections
All references to TRM had the section duplicated for both targets using .. only:: , replaced these with a generic template url
2020-02-07 16:37:45 +11:00
Marius Vikhammer
9352899d69 doc: Update English pages with generic target name 2020-02-07 16:37:43 +11:00
Angus Gratton
6f2a00c425 doc: secure boot: Fix relative reference to key generation step 2020-01-07 06:14:03 +00:00
Angus Gratton
6bb09224b5 docs: Add note that flash encryption is required in OTA app updates 2019-12-03 15:03:46 +08:00
Hao Ning
9ecc34e086 add chinese translation into flash encryption 2019-10-22 19:37:28 +08:00
Angus Gratton
5c5770dddb docs: Small cleanup of flash encryption docs 2019-09-10 11:28:11 +10:00
Angus Gratton
47bbb107a8 build system: Use CMake-based build system as default when describing commands 2019-07-08 17:31:27 +10:00
Hemal Gujarathi
a68c7c21e1 Improve flash encryption documentation and add Development & Release modes
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
2019-06-25 23:41:18 +00:00
Roland Dobai
1ad2283641 Rename Kconfig options (components/bootloader) 2019-05-21 09:32:55 +02:00
Angus Gratton
4b4cd7fb51 efuse/flash encryption: Reduce FLASH_CRYPT_CNT to a 7 bit efuse field
8th bit is not used by hardware.

As reported https://esp32.com/viewtopic.php?f=2&t=7800&p=40895#p40894
2019-04-03 14:07:20 +11:00
Angus Gratton
a2d0fbb9ab docs: flash encryption: Fix description of behaviour when all bits of FLASH_CRYPT_CNT are set
Correct behaviour is described in section 25.3.3 Flash Decryption Block of the ESP32 TRM
2018-12-05 11:15:00 +11:00
Angus Gratton
ac1d1aa3c8 doc: secure boot: Explain output of digest_secure_bootloader command
Mentioned on forum https://esp32.com/viewtopic.php?f=13&t=8162&start=10#p34714
2018-12-04 12:34:59 +11:00
Angus Gratton
b45b0f2348 doc: security: Use less ambiguous language about using bot flash encryption & secure boot together 2018-12-04 12:34:38 +11:00
Angus Gratton
f53fef9936 Secure Boot & Flash encryption: Support 3/4 Coding Scheme
Includes esptool update to v2.6-beta1
2018-10-16 16:24:10 +11:00
Sagar Bijwe
454b69d2ea nvs_flash: Update documentation at different places to indicate NVS encryotion is supported 2018-10-05 14:05:21 +05:30
Angus Gratton
8721173109 doc: Replace :envvar: config links with :ref: 2018-09-19 17:27:48 +10:00
Jitin George
458b167f1a docs/en/security: Add documentation for signed apps without hardware secure boot feature 2018-08-29 17:05:34 +08:00
Sagar Bijwe
b27773e87c docs: Added more wordings to capture secure boot and flash encryption dependency. 2018-08-14 11:27:29 +05:30
Angus Gratton
f2a3429812 partition table: Document 'flags' properly 2018-08-01 19:23:38 +10:00
Angus Gratton
cee6d7d5a9 docs: Add more ReST-isms in secure boot & flash encryption docs
(Original version of these docs were in Markdown.)
2018-07-16 11:52:52 +10:00
Angus Gratton
6a498bfe2b docs: Add note about bootloader size for flash encryption & secure boot 2018-07-16 11:52:52 +10:00
Angus Gratton
8b5a2ccb8d docs: Update Flash Encryption docs to clarify reflashing options 2018-07-13 16:18:07 +10:00
Mahavir Jain
6e48e52478 docs: fix flash_encryption key generation command
Signed-off-by: Mahavir Jain <mahavir@espressif.com>
2018-06-06 18:21:00 +05:30
Hrishikesh Dhayagude
d530036ad1 Fix few typos in the docs
Signed-off-by: Hrishikesh Dhayagude <hrishi@espressif.com>
2018-05-03 18:20:16 +05:30
krzychb
097adc3a33 Moved files into separate folders per 'en' and 'zh_CN' language version and linked 'zh_CN' files back to 'en' files if translation is not yet available 2018-03-13 21:57:08 +01:00