Commit Graph

622 Commits

Author SHA1 Message Date
Angus Gratton
83a179abb0 esp32: Add esp_fill_random() function
Convenience function to fill a buffer with random bytes.

Add some unit tests (only sanity checks, really.)
2018-09-03 04:39:45 +00:00
Mahavir Jain
62746e414e bootloader: add API for erasing flash region
Signed-off-by: Mahavir Jain <mahavir@espressif.com>
2018-08-29 12:04:32 +00:00
Angus Gratton
b364f23e17 secure boot: Support secure boot signatures without hardware secure boot
Allows OTA updates to be secured via signature checks, without requiring the overhead or complexity
of a full secure boot implementation.

Uses same signing mechanisms (build system and/or espsecure.py as Secure Boot).

Requires:
* [ ] More testing
* [ ] Documentation
2018-08-29 17:05:29 +08:00
Ivan Grokhotkov
90f5456dba Merge branch 'feature/rtc_cpu_freq_config' into 'master'
soc/rtc: Refactoring, support CPU frequencies lower than XTAL

See merge request idf/esp-idf!2856
2018-08-22 11:32:08 +08:00
Ivan Grokhotkov
c722cf3e06 bootloader: use new CPU frequency setting API 2018-08-21 13:02:46 +08:00
Jiang Jiang Jian
98eaa5c2ec Merge branch 'docs/security' into 'master'
docs: Added more wordings to capture secure boot and flash encryption dependency.

See merge request idf/esp-idf!2947
2018-08-16 19:31:36 +08:00
Konstantin Kondrashov
a8e46775c6 soc/rtc_wdt: Add API functions for rtc_wdt
Added functions:
rtc_wdt_protect_off/on
rtc_wdt_set_length_of_reset_signal
rtc_wdt_set_stage
rtc_wdt_set_time
rtc_wdt_feed
rtc_wdt_disable/enable
2018-08-14 17:48:02 +05:00
Sagar Bijwe
b27773e87c docs: Added more wordings to capture secure boot and flash encryption dependency. 2018-08-14 11:27:29 +05:30
Konstantin Kondrashov
117c79eae5 app_update: Add API for getting sha256_of_partition
Added bootloader_common_get_sha256_of_partition() and esp_partition_get_sha256() - get or calculate SHA-256
digest for app and data partitions.
Added bootloader_sha256_hex_to_str() - helps to print SHA-256 digest
Added esp_partition_check_identity() - compares two partitions by SHA-256 digest

Refactoring a function esp_image_load() in bootloader space to esp_image_verify() and
bootloader_load_image(). Old name function esp_image_load is deprecated
and will remove in V4.0 version.

spi_flash/sim: Fix error test_host. Add stub for bootloader_common_get_sha256_of_partition in sim/stubs
2018-08-13 13:59:07 +05:00
Konstantin Kondrashov
8c808c2d9a bootloader: Fix issue - bs->app_count is zero but ota_data have valid entry
If we have the partition table without any ota_apps but in ota_data have
valide entry, in this case we get an error(hang). This commit fix this
case. If bs->app_count is zero when selecting the factory app.

Closes https://github.com/espressif/esp-idf/issues/2218
2018-07-24 13:09:32 +08:00
Angus Gratton
e75a1129e0 Merge branch 'bugfix/bootloader_noreturn_always' into 'master'
bootloader: Ensure bootloader never returns to caller

See merge request idf/esp-idf!2815
2018-07-23 11:56:14 +08:00
Angus Gratton
f0d74b1c64 bootloader: Ensure bootloader never returns to caller
* Fixes some "noreturn" functions in bootloader utils which did return (causing fatal CPU
  exceptions).
* Marks bootloader entry as "noreturn", preventing "user code done" from stalling boot
  Partial fix for https://github.com/espressif/esp-idf/issues/1814 TW20016
  (Comprehensive fix for this issue will be enabling WDT during bootloader, coming shortly.)
2018-07-19 16:24:11 +10:00
Angus Gratton
57b601ab7f secure boot: Pad to avoid data after the signature mapping into the address space
Because address space is mapped in 64KB pages, it was possible for unauthenticated data after the
app .bin to become mapped into the flash cache address space.

This problem is solved by 2 changes:

* "esptool elf2image --secure-pad" will pad the image so that the signature block ends close to the
  64KB boundary. Due to alignment constraints it will be 12 bytes too short after signing (but
  with flash encryption, these 12 bytes are still encrypted as part of the last block and can't be
  arbitrarily changed).
* By default, secure boot now requires all app partitions to be a multiple of 64KB in size.
2018-07-17 15:33:47 +10:00
Jiang Jiang Jian
7f382f461c Merge branch 'feature/support_for_XM25QU64A' into 'master'
feature(flash): set QIO mode for XM25QU64A(1V8_64M_flash)

See merge request idf/esp-idf!2753
2018-07-16 12:16:13 +08:00
Angus Gratton
fb439e48f5 bootloader: Don't verify Partition Table as part of Secure Boot
Partition Tables are still signed for backwards compatibility, but signature is no longer checked as
part of bootloader.

Closes https://github.com/espressif/esp-idf/issues/1641
2018-07-13 15:45:15 +10:00
chenjianqiang
542373b6ef feature(flash): support for QIO mode of XM25QU64A 2018-07-11 22:28:01 +08:00
Anton Maklakov
f42b91fe46 spi_flash: fix errors for GCC 8 support
components/spi_flash/partition.c: In function 'load_partitions':
components/spi_flash/partition.c:179:66: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess]
         strncpy(item->info.label, (const char*) it->label, sizeof(it->label));
                                                                  ^
2018-07-02 09:05:00 +00:00
Ivan Grokhotkov
f525c9ef96 Merge branch 'feature/move_to_soc_rtc_gpio_desc' into 'master'
soc: Fix check_long_hold_gpio and move def to soc

See merge request idf/esp-idf!2550
2018-06-25 12:33:27 +08:00
Konstantin Kondrashov
899fa2dc55 assert: Fix. Move useful functions from wrapped assert functions
Moved useful functions from wrapped assert functions, because option `CONFIG_OPTIMIZATION_ASSERTIONS_DISABLED=y` will remove this functions.

Closes https://github.com/espressif/esp-idf/issues/2068
2018-06-22 15:17:55 +05:00
Konstantin Kondrashov
32da455384 soc: Fix check_long_hold_gpio and move def to soc
Fix factory_reset_pin init as input
Move definition a structure rtc_gpio_desc to soc

Closes https://github.com/espressif/esp-idf/issues/2030
2018-06-22 09:20:27 +05:00
Konstantin Kondrashov
3e0ac4db79 partition_table: Expanding the space under the bootloader
Allows you to move the partition table, it gives more space for the bootloader.
Added a new utility - parttool.py. This utility can search for the offset and/or size of the partitions by name and type/subtype. Use for getting APP_OFFSET and PHY_DATA_OFFSET.
The linker(esp32.bootloader.ld) made changes that allow you to write a custom bootloader code more.

TW14125
2018-06-08 18:47:29 +05:00
Angus Gratton
d775cc4c4c soc: Fix description of rtc_config_t.tieh, add macros
Usage of TIEH was correct but description had 1.8V & 3.3V backwards.

Add macro definitions for TIEH values to improve readability.
2018-05-25 14:58:37 +10:00
Konstantin Kondrashov
ae10abff2f bootloader: Add factory reset and start test app
Added feature:
- reset firmware to Factory app.(by long pressing of the button)
- boot Test app. (by long pressing of the button)
- Added feature erase data partitions from factory reset.

TW10281
TW10280
2018-05-24 16:56:49 +05:00
Wangjialin
f6927ccde9 bootloader(flash): fix flash QIO mode configuration error.
reported from github: https://github.com/espressif/esp-idf/issues/1944

1. Add SPI register setup in execute_flash_command.
2. Save and recover the SPI ctrl register in execute_flash_command.
2018-05-16 12:42:29 +00:00
Ivan Grokhotkov
254e29aca4 mbedtls: update usage of deprecated mbedtls_shaX APIs
The following mbedTLS APIs have been deprecated and replaced with the
new ones which return error codes:

mbedtls_shaX_starts -> mbedtls_shaX_starts_ret
mbedtls_shaX_update -> mbedtls_shaX_update_ret
mbedtls_shaX_finish -> mbedtls_shaX_finish_ret
mbedtls_shaX_process -> mbedtls_shaX_internal_process

Update hardware implementations of SHA functions, and other IDF
components which used above functions, to use new versions.
2018-05-09 23:15:28 +08:00
Angus Gratton
bb1f3ae264 Merge branch 'feature/psram_configure_in_runtime' into 'master'
feature(psram): update psram and flash SPI frequency in runtime

See merge request idf/esp-idf!1776
2018-05-08 15:23:47 +08:00
Alexey Gerenkov
439140d269 esp32: Adds support for SW breakpoints in flash
Disables app image integrity checks when running under OpenOCD control.
Allows setting breakpoints in flash before application start (just after reset).
2018-04-26 10:17:02 +03:00
Wangjialin
b1dcb52fec feature(psram): configure flash and psram speed during runtime
1. Bootloader reads SPI configuration from bin header, so that the burning configuration can be different with compiling configuration.
2. Psram mode init will overwrite original flash speed mode, so that users can change psram and flash speed after OTA.
3. Flash read mode(QIO/DIO…) will not be changed in app bin. It is decided by bootloader, OTA can not change this mode.
4. Add read flash ID function, and save flash ID in g_rom_flashchip
5. Set drive ability for all related GPIOs
6. Check raise VDDSDIO voltage in 80Mhz mode
7. Add check flash ID and update settings in bootloader
8. Read flash ID once and keep in global variable
9. Read flash image header once and reuse the result

Tested cases:
1. Test new and old version of bootloader
boot Flash 20M —> app Flash 80M + Psram 80M
boot Flash 40M —> app Flash 80M + Psram 80M
boot Flash 80M —> app Flash 80M + Psram 80M
boot Flash 20M —> app Flash 80M + Psram 40M
boot Flash 40M —> app Flash 80M + Psram 40M
boot Flash 80M —> app Flash 80M + Psram 40M
boot Flash 20M —> app Flash 40M + Psram 40M
boot Flash 40M —> app Flash 40M + Psram 40M
boot Flash 80M —> app Flash 40M + Psram 40M
2. Working after esp_restart reboot.
2018-04-20 20:51:44 +08:00
Konstantin Kondrashov
86256b3541 bootloader: Refactoring
Need to make the bootloader modular so that users can redefine its functional part.

- refactoring and moving functions to the bootloader_support component
- Changed function to `void` bootloader_utility_load_image(...);

TW19596
2018-04-17 16:36:49 +05:00
Jiang Jiang Jian
8eaae96658 Merge branch 'bugfix/flash_mapp' into 'master'
spi_flash: add api to get valid mmu table pages number

See merge request idf/esp-idf!2070
2018-03-30 19:32:35 +08:00
Tian Zhong Xing
fa68774344 spi_flash:
1. add test code for new api
2. resolve some comments
2018-03-26 10:24:42 +08:00
Konstantin Kondrashov
f7df532ec0 bugfix/rtc_clk_32k_bootstrap: Fix starting 32k RTC
1. External 32kHz crystal is started for too long or it may not start at all. It is often observed at the first start.
2. At the first start, it is possible that the crystal did not start. And the recorded period was recorded as 0. Which led to a division error by zero during the transition to the deep sleep mode (Maybe somewhere else).
3. Added a unit test to test a new method of oscillation an external crystal.
4. Added a new method of oscillating of an external crystal. The legs of the crystal are fed with a 32 kHz frequency.

The new method eliminates these errors.

Added unit test: `\esp-idf\components\soc\esp32\test\test_rtc_clk.c`: `make TEST_COMPONENTS=soc`
- 8 Test starting external RTC crystal. Will pass.

`Bootstrap cycles for external 32kHz crystal` - is specified in the file Kconfig by default 100.

QA tested a new method of oscillation the crystal on 25 boards. The supply of square waves on the crystal showed a 100% result in contrast to the previous method of launching the crystal. After the tests, the old method was deleted.

Closes TW19143
2018-03-21 13:27:56 +05:00
Tian Zhong Xing
7555031553 add api get valid mmu table pages number 2018-03-16 10:40:55 +08:00
Roland Dobai
cf7a4cc650 Protect partition table by MD5 checksum 2018-02-05 11:36:03 +01:00
Ivan Grokhotkov
f8bda324ec Merge branch 'bugfix/bootloader_v10_backwards_compat' into 'master'
esp32: Fix backwards compatibility for pre-v2.1 bootloaders

See merge request !1673
2017-12-18 17:20:08 +08:00
Angus Gratton
c69af42b96 esp32: Fix backwards compatibility for pre-v2.1 bootloaders
Older bootloaders don't set RTC_XTAL_FREQ_REG or call rtc_clk_init(),
app needs to pick this up.

Reported at
https://esp32.com/viewtopic.php?f=2&t=3939&p=17836
2017-12-18 13:45:57 +11:00
Angus Gratton
ea2afa83a8 log: Remove non-static TAG variables 2017-12-15 10:59:48 +11:00
Angus Gratton
7a18575af8 flash encryption: Also always disable ROM BASIC console when enabling flash encryption 2017-08-29 14:52:00 +10:00
Angus Gratton
1e22bcdfde esp32: Add KConfig option to disable ROM Console fallback on first boot 2017-08-29 14:52:00 +10:00
Angus Gratton
7755015f4f secure boot: Fix enabling secure boot on first bootloader boot
Bootloader would accidentally check its own image for a secure boot signature,
but bootloader is unsigned (protected by secure boot digest).
2017-08-23 11:19:42 +10:00
Angus Gratton
5eef5e7a5d bootloader: Fallback if OTA data is invalid
Make bootloader more robust if either OTA data or some OTA app slots are corrupt.
2017-08-15 09:42:19 +10:00
Angus Gratton
17adb40ca8 bootloader: Calculate SHA256 hash of image on every boot
Makes app image booting more reliable (256-bit rather than 8-bit verification.)

Some measurements, time to boot a 655KB app.bin file and run to app_main() execution.

(All for rev 1 silicon, ie no 340ms spurious WDT delay.)

80MHz QIO mode:
before = 300ms
after = 140ms

40MHz DIO mode:
before = 712ms
after = 577ms

40MHz DIO mode, secure boot enabled
before = 1380ms
after = 934ms

(Secure boot involves two ECC signature verifications (partition table, app) that take approx 300ms each with 80MHz CPU.)
2017-07-19 18:31:59 +10:00
Angus Gratton
43b99edf2b bootloader: Calculate SHA-256 of image while loading/verifying 2017-07-19 18:25:17 +10:00
Angus Gratton
8f6134dd96 bootloader: Obfuscate loaded memory until verification is complete 2017-07-19 18:25:17 +10:00
Angus Gratton
0c8888d68f bootloader: Combine loading from flash & verifying to save boot time
Still needs updating to account for secure boot.
2017-07-19 18:25:17 +10:00
Tian Hao
26a3cb93c7 component/soc : move dport access header files to soc
1. move dport access header files to soc
2. reduce dport register write protection. Only protect read operation
2017-05-09 18:06:00 +08:00
Tian Hao
f7e8856520 component/esp32 : fix dualcore bug
1. When dual core cpu run access DPORT register, must do protection.
2. If access DPORT register, must use DPORT_REG_READ/DPORT_REG_WRITE and DPORT_XXX register operation macro.
2017-05-08 21:53:43 +08:00
Angus Gratton
e2479b46f7 secure boot: Fix bootloader image verification failure
* Failure prevented secure boot from enabling.
* Also adds unit test cases for esp_image_basic_verify()

Ref https://esp32.com/viewtopic.php?f=2&t=1602
TW11878
2017-04-26 11:23:35 +10:00
Ivan Grokhotkov
8a9516a973 Merge branch 'bugfix/bootloader_error_handling_code' into 'master'
Add error handling code in bootloader

Forgotten error handling

See merge request !650
2017-04-13 15:28:49 +08:00
Anton Maklakov
e4353f2119 bootloader: Add error handling code 2017-04-11 18:15:36 +08:00
Alexey Gerenkov
0860f46220 spi_flash: Fixed bug in SPI flash ROM driver to work with embedded flash chip
1) fixed SPI_read_status: added check for flash busy flag in matrix mode
2) fixed SPI_page_program: enable write before writing data to SPI FIFO
3) SPI flash ROM funcs replacement is controlled via menuconfig option
2017-04-11 10:51:19 +08:00
Ivan Grokhotkov
8911e666a0 Merge branch 'feature/docs_partition_ota_flash' into 'master'
Partition/SPI/OTA docs & OTA new functionality

* Update partition, SPI flash & OTA docs to reflect functionality changes
* Refactor OTA implementation to perform checks mentioned in API doc
* Add new functions to OTA API: esp_ota_get_running_partition() & esp_ota_get_next_update_partition() functions
* Add spi_flash_cache2phys() & spi_flash_phys2cache() functions to support esp_ota_get_running_partition()


See merge request !513
2017-03-03 11:27:01 +08:00
Angus Gratton
4d67a2ba8b esp32 phy_init: Move DPORT Wifi clock masks to macro values
Amended fix for c642079 !534
2017-03-01 12:11:57 +11:00
Angus Gratton
25f739c183 ota ops: Add new functions esp_ota_get_next_update_partition / esp_ota_get_running_partition
* Update OTA example to use these.
* Refactor esp_ota_begin() to return ESP_ERR_OTA_PARTITION_CONFLICT as documented
2017-02-22 10:24:42 +11:00
Ivan Grokhotkov
3b583c150f bootloader: disconnect VRTC from SAR input in bootloader_random_disable
Bootloader enables SAR ADC in test mode to get some entropy for the RNG.
The bits which control the ADC test mux were not disabled, which caused
extra ~24uA current to be drawn from VRTC, increasing deep sleep current
consumption. This change disables relevant test mode bits in
bootloader_random_disable.
2017-02-21 17:07:15 +08:00
Angus Gratton
eea2788f5a OTA: Fix issues with encrypted OTA
- OTA source can write non-16-byte multiples of data
- Assumption that empty ota_data is 0xFFFFFFFF untrue when encrypted
2017-01-26 18:52:35 +11:00
Tian Zhong Xing
2173ad3b45 bootloader_support: fix bug OTA & flash encryption incompatible
ota data partition should be encrypted unconditionally when flash encrypt enable
2017-01-26 16:20:06 +11:00
Angus Gratton
7d40f17d1d bootloader_random: Restore all SARADC/I2S registers to reset values
Fix for issue with I2S0 not being usable after bootloader_random_enable()
2017-01-13 12:19:13 +11:00
Angus Gratton
3922ce47b2 bootloader: Enable early boot RNG entropy source
This reverts commit ceb8566970.
2017-01-04 17:07:12 +11:00
Angus Gratton
3783e28f0e bootloader: Check all partitions fit inside configured flash size 2016-12-30 14:19:46 +11:00
Angus Gratton
ceb8566970 Flash encryption / secure boot: Temporarily disable on-device key generation
Will be enabled after seeding of HWRNG in bootloader is fully tested/qualified.
2016-12-01 23:49:13 -08:00
Angus Gratton
506c8cd964 secure boot & flash encryption: Rework configuration options
Add UART bootloader disable options for flash encryption
2016-12-01 23:49:12 -08:00
Angus Gratton
9eb135fd73 Flash encryption: Support enabling flash encryption in bootloader, app support
* App access functions are all flash encryption-aware
* Documentation for flash encryption
* Partition read/write is flash aware
* New encrypted write function
2016-12-01 23:49:12 -08:00
Angus Gratton
c48612e516 mbedTLS SHA acceleration: Allow concurrent digest calculation, works with TLS
SHA hardware allows each of SHA1, SHA256, SHA384&SHA512 to calculate digests
concurrently.

Currently incompatible with AES acceleration due to a hardware reset problem.

Ref TW7111.
2016-11-22 20:42:38 +11:00
Angus Gratton
60f29236f6 Build system: Raise warning level
Default esp-idf builds now show -Wextra warnings (except for a few:
signed/unsigned comparison, unused parameters, old-style C declarations.)

CI building of examples runs with that level raised to -Werror, to catch
those changes going into the main repo.
2016-11-16 15:57:34 +11:00
Angus Gratton
8691b54758 secure boot: Rename efuse option for UART bootloader to option for ROM interpreter 2016-11-14 11:08:42 +11:00
Angus Gratton
e459f803da secure boot: Functional partition table & app signature verification 2016-11-14 11:08:42 +11:00
Angus Gratton
fe66dd85f0 secure boot: Enable based on sdkconfig, remove "secure boot flag" from binary image 2016-11-14 11:08:42 +11:00
Angus Gratton
7402a1b973 partition_table: Move from 0x4000 to 0x8000
Also fix a bug with correctly padding bootloader image when length is
already a multiple of 16.
2016-11-14 11:08:42 +11:00
Angus Gratton
b5de581399 Secure boot: initial image signature support 2016-11-14 11:08:42 +11:00
Angus Gratton
98a0387854 bootloader_support: Move secure boot code to bootloader_support 2016-11-08 11:13:54 +11:00
Angus Gratton
aceb6517c0 Refactor existing bootloader common functionality into bootloader_support component 2016-11-02 17:58:41 +11:00