Commit Graph

304 Commits

Author SHA1 Message Date
Angus Gratton
b34c658554 esp32s2: Use regi2c registers to enable bootloader RNG 2020-10-21 15:09:22 +11:00
Angus Gratton
3cdf0aa18a esp32s2: Enable 8M clock source for RNG also
Either of these options is sufficient to pass dieharder test suite with
bootloader random output, having both enabled is a bonus.
2020-10-19 10:24:37 +11:00
Angus Gratton
0c320bfb0e esp32s2: Support bootloader_random_enable() 2020-10-19 10:24:37 +11:00
KonstantinKondrashov
af7d6f4d89 bootloader: Fix esp_get_flash_encryption_mode(). RELEASE = (CRYPT_CNT == max) or (CRYPT_CNT.write_protect == true)
If the CRYPT_CNT efuse is max it means the same as a write protection bit for this efuse.

Closes: https://github.com/espressif/esp-idf/issues/5747
2020-10-15 02:36:04 +00:00
Angus Gratton
57ce9c2f06 Merge branch 'bugfix/bootloader_anti_rollback_mmap_v4.2' into 'release/v4.2'
bootloader_support: fix issue in memory mapping for getting app descriptor (v4.2)

See merge request espressif/esp-idf!10734
2020-10-14 10:44:00 +08:00
Mahavir Jain
93aeac9728 bootloader_support: fix issue in memory mapping for getting app descriptor
For getting secure_version field in anti rollback case, bootloader tries
to map whole firmware partition but fails for cases where partition size
is beyond available MMU free pages capacity.

Fix here ensures to map only required length upto application descriptor
size in firmware partition.

Closes https://github.com/espressif/esp-idf/issues/5911
2020-10-06 08:49:49 +05:30
Supreet Deshpande
a04d6e7f63 Secure Boot V2: Fixes the OTA regression with secure boot in ESP32-V3
Closes https://github.com/espressif/esp-idf/issues/5905
2020-09-25 14:21:07 +05:30
Angus Gratton
f536db1782 Merge branch 'feature/secure_boot_esp32s2_v4.2' into 'release/v4.2'
Feature/secure boot esp32s2 v4.2

See merge request espressif/esp-idf!9958
2020-09-25 07:31:45 +08:00
Supreet Deshpande
7d57165922 Update to compatible crc & SBv2 enable check api's 2020-09-15 11:29:26 +05:30
Angus Gratton
1c6c6eceb5 secure boot: Fixes for ESP32-S2 first boot logic 2020-09-15 11:23:51 +05:30
Angus Gratton
762e8d5f84 bootloader esp32s2: Fix return type of ROM function signature verification 2020-09-15 11:23:51 +05:30
Supreet Deshpande
0f82fe105c Secure boot v2 support for ESP32-S2 2020-09-15 11:23:51 +05:30
Ivan Grokhotkov
93a3beafb8 bootloader_support: don't check signature when JTAG is attached
If an insecure configuration is enabled (no hardware secure boot, just
software signature check), skip the signature check in bootloader if
JTAG debugger is attached. This allows the debugger to set breakpoints
in Flash before the application runs.

Closes https://github.com/espressif/esp-idf/issues/4734
Closes https://github.com/espressif/esp-idf/issues/4878
2020-09-09 23:39:51 +02:00
Angus Gratton
a2d20f9412 Merge branch 'bugfix/bootloader_common_get_sha256_of_partition_v4.2' into 'release/v4.2'
bootloader_support: Fix bootloader_common_get_sha256_of_partition(), can handle a long image (v4.2)

See merge request espressif/esp-idf!9952
2020-08-24 13:36:09 +08:00
KonstantinKondrashov
d87d9a714e efuse: Add some fields in efuse_table and update esp_efuse_get_pkg_ver()
Closes: IDF-1077
2020-08-10 15:59:02 +08:00
KonstantinKondrashov
2620942568 bootloader_support: Fix bootloader_common_get_sha256_of_partition, can handle a long image
Closes: IDFGH-3594
2020-08-07 08:49:18 +00:00
Angus Gratton
a94685a222 esp32: Use package identifier to look up SPI flash/PSRAM WP Pin, unless overridden
Allows booting in QIO/QOUT mode or with PSRAM on ESP32-PICO-V3 and
ESP32-PICO-V3-O2 without any config changes.

Custom WP pins (needed for fully custom circuit boards) should still be compatible.
2020-07-24 21:45:31 +08:00
chenjianqiang
55a1bd0fb6 feat(esp32): support for esp32-pico-v3-02 2020-07-24 21:20:27 +08:00
Angus Gratton
ae35b6abcd Merge branch 'bugfix/bootloader_header_align_v4.2' into 'release/v4.2'
bootloader: Force bootloader_image_hdr to be word aligned (v4.2)

See merge request espressif/esp-idf!9069
2020-06-24 20:33:47 +08:00
KonstantinKondrashov
a6ac0e8a51 esp32: Reduce using ESP_EARLY_LOGx and move some code after the stdout initialization
After setting _GLOBAL_REENT, ESP_LOGIx can be used instead of ESP_EARLY_LOGx.

Closes: https://github.com/espressif/esp-idf/issues/5343
2020-06-17 13:40:42 +08:00
Angus Gratton
e7ab7ce3af bootloader: Force bootloader_image_hdr to be word aligned
Possible due to linker order for this file to be placed unaligned,
causing failure from bootloader_flash_read() function.
2020-06-04 20:56:26 +10:00
Angus Gratton
f64ae4fa99 efuse: Add 'disable Download Mode' & ESP32-S2 'Secure Download Mode' functionality 2020-05-28 17:50:45 +10:00
Angus Gratton
48d9c14c28 efuse: Add new esp_efuse_read_field_bit() convenience function 2020-05-28 17:45:09 +10:00
Angus Gratton
1dd5a4dba4 efuse: Add new esp_efuse_write_field_bit() convenience function 2020-05-28 17:45:09 +10:00
Angus Gratton
9b822a3d2e esp32s2: Disable legacy boot mode & ROM remap modes if either Secure Boot or Flash Encryption is on 2020-05-28 17:45:09 +10:00
Angus Gratton
3e7ba2f389 bootloader: Don't print an error message after WDT reset in unicore mode
Caused some confusion here: https://github.com/espressif/esp-idf/issues/4388
2020-05-19 03:35:53 +00:00
Angus Gratton
cecf4622bc Merge branch 'bugfix/secure_boot_v2_fixes' into 'master'
Small secure boot v2 fixes

See merge request espressif/esp-idf!8462
2020-05-05 11:13:30 +08:00
Angus Gratton
d4d4d7324a efuse: Don't need to burn WR_CRYPT_CNT if CRYPT_CNT is already max
Reduces write cycles, and useful on ESP32 ECO3 as UART_DIS_DL is protected by
the same efuse.

Also fixes accidental macro definition introduced in 7635dce502
2020-05-01 16:16:47 +10:00
Felipe Neves
95bc186846 flash_encryption: Fix next spi boot crypt counter value after a plaintext flash 2020-04-24 12:43:47 -03:00
Felipe Neves
f7ccc081a5 flash_encryption: replace spi crypt count efuse burning function by a esp_efuse_API
flash_encryption: modify additional efuses burning method to fix them are not being written

flass_encryption: burn efuse to disable boot from RAM space

flash_encryption: added better checking for key generation state plus set read and write protect for them

soc esp32s2: Add register-level bit definitions for read & wrote protect bits

esp32s2: Fixes for flash encryption

- Write efuses in a batch
- Fix some detection of whether existing efuse blocks are read/write protected
2020-04-24 12:43:47 -03:00
Felipe Neves
6f27992430 flash_encryption: return more clear error codes when bootloader encryption fails 2020-04-24 12:43:47 -03:00
Felipe Neves
b3d8847406 flash_encryption: added wdt feed during encryption process to avoid undesired reset. 2020-04-24 12:43:47 -03:00
Felipe Neves
7635dce502 bootloader/flash_encrypt: added esp32s2 flash encryption code on build system and enabled example
flash_enctryption: enabled flash encryption example on esp32s2

bootloader: raise WDT overflow value providing sufficient interval to encrypt app partition

flash_ encrypt: Fixed the TODOs on flash encryption key generation for esp32s2

flash_encryption: added secure boot features to flash enctryption for esp32s2

bootloader: leave only esp32s2 compatible potentially insecure options on menuconfig.

flash_encryption: removed secure boot version 1 from esp32s2 encryption code

flash_encryption:  added  CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED option for esp32s2

flash_encryption: fixed the count of left plaintext flash

flash_encryption: disable dcache and icache download when using encryption in release mode

flash_encryption:  add cache potentally insecure options for s2 chips

flash_encryption: fixed bug which bricked some chips in relase mode
2020-04-24 12:43:47 -03:00
Angus Gratton
b26f93415e secure boot v2: Add anti-FI check that secure boot not enabled yet
Prevent a fault from causing bootloader to trust the provided signature incorrectly.
2020-04-24 15:03:31 +10:00
Angus Gratton
fc4b653729 secure boot v2: Don't check efuse BLK2 if only boot-time signature verification is enabled 2020-04-24 15:03:03 +10:00
Angus Gratton
fc0d6a99f8 secure boot v2: Don't log warnings when BLK2 is empty as expected
If BLK2 is empty then it's OK to continue with a warning (otherwise it may spook users into thinking
something this is wrong, but this is the expected workflow.)

If BLK2 is not empty and doesn't match then we need to fail because it won't be possible to
trust the signature.
2020-04-24 14:43:55 +10:00
chenjianqiang
ec9cc27e08 flash: fix spi flash clock config error
Closes https://github.com/espressif/esp-idf/issues/5099
2020-04-17 16:26:26 +08:00
Angus Gratton
25aa5b0e28 esp32: Enable flash encryption by setting FLASH_CRYPT_CNT to max
Previous method was to write-protect this efuse, however on ECO3
the write protect field also covers the UART_DOWNLOAD_DIS efuse.

Doing it this way keeps the possibility of disabling UART download
mode, later.
2020-03-30 18:13:42 +11:00
Angus Gratton
142f69448f secure boot v2: esp32: Prevent read disabling additional efuses
Also reduce the number of eFuse write cycles during first boot when
Secure Boot and/or Flash Encryption are enabled.
2020-03-30 18:00:40 +11:00
Darian Leung
91841a53ff WDT: Add LL and HAL for watchdog timers
This commit updates the watchdog timers (MWDT and RWDT)
in the following ways:

- Add seprate LL for MWDT and RWDT.
- Add a combined WDT HAL for all Watchdog Timers
- Update int_wdt.c and task_wdt.c to use WDT HAL
- Remove most dependencies on LL or direct register access
  in other components. They will now use the WDT HAL
- Update use of watchdogs (including RTC WDT) in bootloader and
  startup code to use the HAL layer.
2020-03-26 02:14:02 +08:00
Angus Gratton
62426a6c90 Merge branch 'refactor/use_new_component_registration_functions' into 'master'
CMake: Use new component registration function

See merge request espressif/esp-idf!8068
2020-03-25 08:02:42 +08:00
Renz Bagaporo
3d0967a58a test: declare requirements and include dirs private 2020-03-23 10:58:50 +08:00
Mahavir Jain
409b3db22f bootloader_support: initialize mbedtls_ctr_drbg_context per mbedtls v2.16.5 requirement
In commit 02d2903e39, mbedtls was
updated to release v2.16.5, where it was made mandatory to initialize
mbedtls_ctr_drbg_context before using same. It was fixed in wpa supplicant
but missed out in secure boot v2 verification code. This commit
fixes that.
2020-03-20 20:48:22 +05:30
Angus Gratton
207914a13a Merge branch 'refactor/common_code_panic_handler' into 'master'
Panic handling common code refactor

See merge request espressif/esp-idf!7489
2020-03-19 11:23:57 +08:00
Renz Christian Bagaporo
2b100789b7 esp32, esp32s2: move panic handling code to new component 2020-03-10 19:56:24 +08:00
Angus Gratton
df9d3c6e43 Merge branch 'refactor/print_app_description_on_startup' into 'master'
esp32s2: print app description on startup

See merge request espressif/esp-idf!7899
2020-03-09 14:05:04 +08:00
morris
ddcba3d574 bootloader_support: read random from register 2020-03-06 15:32:01 +08:00
Ivan Grokhotkov
22516b256f bootloader_support: force alignment of flash_read argument 2020-03-04 09:56:01 +01:00
Angus Gratton
04ccb84b83 Merge branch 'feature/cpu_abstraction' into 'master'
CPU related operations abstraction

See merge request espressif/esp-idf!7301
2020-02-28 11:54:29 +08:00
Angus Gratton
d40c69375c bootloader: Add fault injection resistance to Secure Boot bootloader verification
Goal is that multiple faults would be required to bypass a boot-time signature check.

- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32

Add some additional checks for invalid sections:

- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
2020-02-27 14:37:19 +05:30