Commit Graph

33 Commits

Author SHA1 Message Date
Harshit Malpani
a7f654fd64
feat: Add API to verify the bootloader and app image
Added an API to verify the bootloader and app image before revoking the key in Secure Boot V2.
This will help in preventing the device to be bricked if the bootloader/application cannot be
verified by any other keys in efuse
2024-01-19 14:04:06 +05:30
KonstantinKondrashov
696f7495a0 security: Adds new APIs to check that all eFuse security features are enabled correctly 2023-01-10 23:35:13 +08:00
KonstantinKondrashov
1f9260d790 all: Apply new version logic (major * 100 + minor) 2022-11-03 08:36:23 +00:00
Jakob Hasse
33a3616635 refactor (bootloader_support, efuse)!: remove target-specific rom includes
The following two functions in bootloader_support are private now:
* esp_secure_boot_verify_sbv2_signature_block()
* esp_secure_boot_verify_rsa_signature_block()
They have been moved into private header files
inside bootloader_private/

* Removed bootloader_reset_reason.h and
  bootloader_common_get_reset_reason() completely.
  Alternative in ROM component is available.

* made esp_efuse.h independent of target-specific rom header
2022-07-13 10:29:02 +08:00
Sachin Parekh
2c725264f7
esp32c2: Support Secure Boot V2 based on ECDSA scheme 2022-05-11 18:00:03 +05:30
KonstantinKondrashov
9605f3eb1a soc: Adds efuse hal
Replaced eFuse ROM funcs with hal layer
2022-02-24 22:20:09 +08:00
laokaiyao
cf049e15ed esp8684: rename target to esp32c2 2022-01-19 11:08:57 +08:00
Cao Sen Miao
bf6fa70812 ESP8684: update bootloader, bootloader_support, esp_rom 2021-11-06 17:33:44 +08:00
Shu Chen
c0056813f2 esp32h2: add bootloader support 2021-07-01 19:53:11 +08:00
Konstantin Kondrashov
f339b3fc96 efuse(esp32): Deprecate esp_efuse_burn_new_values() & esp_efuse_write_random_key()
These functions were used only for esp32 in secure_boot and flash encryption.
Use idf efuse APIs instead of efuse regs.
2021-06-17 07:21:36 +08:00
Jan Brudný
a2686dc4eb bootloader: update copyright notice 2021-05-10 04:58:34 +02:00
Angus Gratton
d709631393 secure boot: Add boot check for SBV2 "check app signature on update"
As this mode uses the public keys attached to the existing app's signatures to
verify the next app, checking that a signature block is found on boot prevents
the possibility of deploying a non-updatable device from the factory.
2021-03-15 12:30:20 +00:00
KonstantinKondrashov
95564b4687 secure_boot: Secure Boot V2 verify app signature on update (without Secure boot)
- ESP32 ECO3, ESP32-S2/C3/S3
2021-03-15 12:30:20 +00:00
KonstantinKondrashov
90f2d3199a secure_boot: Checks secure boot efuses
ESP32 V1 and V2 - protection bits.
ESP32xx V2: revoke bits, protection bits

- refactor efuse component
- adds some APIs for esp32 chips as well as for esp32xx chips
2021-02-23 03:56:21 +08:00
Angus Gratton
5228d9f9ce esp32c3: Apply one-liner/small changes for ESP32-C3 2020-12-01 10:58:50 +11:00
Angus Gratton
66fb5a29bb Whitespace: Automated whitespace fixes (large commit)
Apply the pre-commit hook whitespace fixes to all files in the repo.

(Line endings, blank lines at end of file, trailing whitespace)
2020-11-11 07:36:35 +00:00
morris
458b14a8ea esp_rom: extract common efuse apis into esp_rom_efuse.h 2020-07-15 10:40:50 +08:00
Angus Gratton
d40c69375c bootloader: Add fault injection resistance to Secure Boot bootloader verification
Goal is that multiple faults would be required to bypass a boot-time signature check.

- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32

Add some additional checks for invalid sections:

- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
2020-02-27 14:37:19 +05:30
Supreet Deshpande
a9ccc5e5c8 feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-02-25 01:28:22 +05:30
morris
e30cd361a8 global: rename esp32s2beta to esp32s2 2020-01-22 12:14:38 +08:00
Angus Gratton
24d26fccde Merge branch 'master' into feature/esp32s2beta_update 2019-08-08 13:44:24 +10:00
Angus Gratton
c8570ffa6d bootloader_support: Add C++ header guards
As reported on forum https://esp32.com/viewtopic.php?f=13&t=11173&p=45470
2019-06-26 11:26:56 +10:00
suda-morris
61ce868396 make bootloader_support support esp32s2beta 2019-06-11 13:07:02 +08:00
Konstantin Kondrashov
399d2d2605 all: Using xxx_periph.h
Using xxx_periph.h in whole IDF instead of xxx_reg.h, xxx_struct.h, xxx_channel.h ... .

Cleaned up header files from unnecessary headers (releated to soc/... headers).
2019-06-03 14:15:08 +08:00
Anurag Kar
62b0d51c02 Enable secure boot only after encrypting flash
This prevents a device from being bricked in case when both secure boot & flash encryption are enabled and encryption gets interrupted during first boot. After interruption, all partitions on the device need to be reflashed (including the bootloader).

List of changes:
* Secure boot key generation and bootloader digest generation logic, implemented inside function esp_secure_boot_permanently_enable(), has been pulled out into new API esp_secure_boot_generate_digest(). The enabling of R/W protection of secure boot key on EFUSE still happens inside esp_secure_boot_permanently_enable()
* Now esp_secure_boot_permanently_enable() is called only after flash encryption process completes
* esp_secure_boot_generate_digest() is called before flash encryption process starts
2019-04-10 18:17:58 +05:30
Angus Gratton
b364f23e17 secure boot: Support secure boot signatures without hardware secure boot
Allows OTA updates to be secured via signature checks, without requiring the overhead or complexity
of a full secure boot implementation.

Uses same signing mechanisms (build system and/or espsecure.py as Secure Boot).

Requires:
* [ ] More testing
* [ ] Documentation
2018-08-29 17:05:29 +08:00
Angus Gratton
17adb40ca8 bootloader: Calculate SHA256 hash of image on every boot
Makes app image booting more reliable (256-bit rather than 8-bit verification.)

Some measurements, time to boot a 655KB app.bin file and run to app_main() execution.

(All for rev 1 silicon, ie no 340ms spurious WDT delay.)

80MHz QIO mode:
before = 300ms
after = 140ms

40MHz DIO mode:
before = 712ms
after = 577ms

40MHz DIO mode, secure boot enabled
before = 1380ms
after = 934ms

(Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-07-19 18:31:59 +10:00
Angus Gratton
43b99edf2b bootloader: Calculate SHA-256 of image while loading/verifying 2017-07-19 18:25:17 +10:00
Angus Gratton
9eb135fd73 Flash encryption: Support enabling flash encryption in bootloader, app support
* App access functions are all flash encryption-aware
* Documentation for flash encryption
* Partition read/write is flash aware
* New encrypted write function
2016-12-01 23:49:12 -08:00
Angus Gratton
e459f803da secure boot: Functional partition table & app signature verification 2016-11-14 11:08:42 +11:00
Angus Gratton
fe66dd85f0 secure boot: Enable based on sdkconfig, remove "secure boot flag" from binary image 2016-11-14 11:08:42 +11:00
Angus Gratton
b5de581399 Secure boot: initial image signature support 2016-11-14 11:08:42 +11:00
Angus Gratton
98a0387854 bootloader_support: Move secure boot code to bootloader_support 2016-11-08 11:13:54 +11:00