Commit Graph

140 Commits

Author SHA1 Message Date
Angus Gratton
8c6ff874af Merge branch 'bugfix/custom_log_uart_rx_pin' into 'master'
bootloader_support: Fix UART RXD pin for console output (CUSTOM option)

Closes IDFGH-505

See merge request idf/esp-idf!5009
2019-05-20 13:58:37 +08:00
Konstantin Kondrashov
98c77cebb2 bootloader_support: Fix UART RXD pin for console output (CUSTOM option)
The RXD pin is assigned as input (fix for custom uart option).

Closes: https://github.com/espressif/esp-idf/issues/2843

Closes: IDFGH-505
2019-05-16 11:18:56 +00:00
Renz Christian Bagaporo
477fa49fc0 examples: update idf_as_lib example to use new api 2019-05-14 18:01:14 +08:00
Renz Christian Bagaporo
ffec9d4947 components: update with build system changes 2019-05-13 19:59:17 +08:00
Angus Gratton
fe2565f5d7 Merge branch 'feature/make_bootloader_support_target_dependent' into 'master'
make bootloader_support depend on IDF_TARGET

See merge request idf/esp-idf!4798
2019-04-26 15:36:48 +08:00
suda-morris
3f2d6a0891 make bootloader_support depend on IDF_TARGET
1. move chip-specific code(e.g. encryption) into IDF_TARGET directory
2. splict app-only code to idf directory which won't be compiled into bootloader
2019-04-16 17:37:56 +08:00
Michael (XIAO Xufeng)
562af8f65e global: move the soc component out of the common list
This MR removes the common dependency from every IDF components to the SOC component.

Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components.
But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components.

In CMAKE, we have two kinds of header visibilities (set by include path visibility):

(Assume component A --(depends on)--> B, B is the current component)

1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B)
2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only)

and we have two kinds of depending ways:

(Assume component A --(depends on)--> B --(depends on)--> C, B is the current component)

1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B)
2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B)

1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default.
2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it.
3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers
4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link)

This is a breaking change. Previous code may depends on the long include chain.
You may need to include the following headers for some files after this commit:

- soc/soc.h
- soc/soc_memory_layout.h
- driver/gpio.h
- esp_sleep.h

The major broken include chain includes:

1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h.
2. ets_sys.h no longer includes soc/soc.h
3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h

some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h

BREAKING CHANGE
2019-04-16 13:21:15 +08:00
Anurag Kar
62b0d51c02 Enable secure boot only after encrypting flash
This prevents a device from being bricked in case when both secure boot & flash encryption are enabled and encryption gets interrupted during first boot. After interruption, all partitions on the device need to be reflashed (including the bootloader).

List of changes:
* Secure boot key generation and bootloader digest generation logic, implemented inside function esp_secure_boot_permanently_enable(), has been pulled out into new API esp_secure_boot_generate_digest(). The enabling of R/W protection of secure boot key on EFUSE still happens inside esp_secure_boot_permanently_enable()
* Now esp_secure_boot_permanently_enable() is called only after flash encryption process completes
* esp_secure_boot_generate_digest() is called before flash encryption process starts
2019-04-10 18:17:58 +05:30
Angus Gratton
8e91677701 Merge branch 'bugfix/bootloader_flash_crypt_cnt_ff' into 'master'
flash encryption: reduce FLASH_CRYPT_CNT bit width to 7 bits

See merge request idf/esp-idf!4642
2019-04-09 08:10:06 +08:00
Angus Gratton
4b4cd7fb51 efuse/flash encryption: Reduce FLASH_CRYPT_CNT to a 7 bit efuse field
8th bit is not used by hardware.

As reported https://esp32.com/viewtopic.php?f=2&t=7800&p=40895#p40894
2019-04-03 14:07:20 +11:00
Mahavir Jain
fcff80ecf8 fix cmake build for bootloader 2019-04-01 15:47:01 +05:30
Mahavir Jain
202f689baa bootloader: use mbedTLS for secure boot verification in firmware 2019-04-01 15:46:52 +05:30
morris
709a320f33 move hwcrypto from esp32 to mbedtls 2019-03-26 16:24:22 +08:00
morris
c159984264 separate rom from esp32 component to esp_rom
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
2019-03-21 18:51:45 +08:00
morris
fae39dc326 merge esp_flash_data_types into esp_flash_partitions 2019-03-18 08:51:55 +00:00
Angus Gratton
1cc726b2a3 secure boot: Use mbedtls_sha256() not esp_sha()
Latter is probably compiled into most firmwares already, saves some size.

Ref https://github.com/espressif/esp-idf/issues/3127
2019-03-14 05:56:06 +00:00
Konstantin Kondrashov
509e1264b9 efuse: Fix to pass CI tests 2019-02-28 07:31:29 +00:00
Konstantin Kondrashov
7626145e6d bootloader: Add support efuse component 2019-02-28 07:31:29 +00:00
Ivan Grokhotkov
8cc6226051 soc: define named constants for DPORT_CPUPERIOD_SEL values 2019-02-26 17:07:59 +08:00
Ivan Grokhotkov
178e5b25e6 bootloader: check previously used clock frequency at run time
In the situation when bootloader was compiled for 240MHz, and app was
compiled for 160MHz, and the chip is a revision 0 chip, the
bootloader will assume that the application has also been running at
240MHz. This will cause the chip to lock up later. Modify this to use
a run time check of DPORT_CPUPERIOD_SEL, which indicates which of the
PLL frequencies was used.

Closes https://github.com/espressif/esp-idf/issues/2731.
2019-02-26 17:02:34 +08:00
Konstantin Kondrashov
e916cf52a3 bootloader: Add support of anti-rollback
Added:
* set a secure version in app/bootloader.
* description anti-rollback to ota part
* emulate the secure_version write and read operations
* efuse_em partition.
* a description about a rollback for native_ota_example.

Closes: TW26335
2019-02-14 18:51:43 +08:00
Ivan Grokhotkov
96d0f7f5e2 bootloader: account for load address when mapping cache pages
Bootloader used to calculate the number of cache pages assuming that
load address was aligned, while in reality load address for DROM and
IROM was offset by 0x20 bytes from the start of 64kB page. This
caused the bootloader to map one less page if the size of the image
was 0x4..0x1c less than a multiple of 64kB.

Reported in https://esp32.com/viewtopic.php?f=13&t=6952.
2019-01-19 14:44:55 +08:00
Ivan Grokhotkov
182e917d78 bootloader: fix IROM and DROM swapped in log messages 2019-01-19 14:44:55 +08:00
Konstantin Kondrashov
dde1fd9b94 bootloader: Add support flags for rollback app
Added
* Set actual ota_seq if both ota are init or incorrect.
* Description of rollback
* UT tests

Closes TW15459
2018-12-11 11:54:21 +08:00
Konstantin Kondrashov
f9522a0eb6 bootloader app_update: Refactoring otadata part 2018-12-05 11:20:03 +08:00
Konstantin Kondrashov
3b9cb25fe1 esp32: Add firmware version to app
Added a new structure esp_app_desc_t. It has info about firmware:
version, secure_version, project_name, time/date build and IDF version.
Added the ability to add a custom structure with a description of the firmware.

The esp_app_desc_t is located in fixed place in start of ROM secotor. It is located after structures esp_image_header_t and esp_image_segment_header_t.

app_version is filed from PROJECT_VER variable (if set in custom make file) or PROJECT_PATH/version.txt or git repo (git describe).

Add API to get app_desc from partition.
2018-12-03 16:52:04 +08:00
Ivan Grokhotkov
964f5a91f7 bootloader, esp32: add workaround for Tensilica erratum 572
If zero-overhead loop buffer is enabled, under certain rare conditions
when executing a zero-overhead loop, the CPU may attempt to execute an invalid instruction. Work around by disabling the buffer.
2018-11-19 04:39:35 +00:00
Anurag Kar
1f6622b2d1 CMake : Secure Boot support added 2018-11-06 17:09:55 +05:30
Ivan Grokhotkov
73d1b5a7a0 bootloader: verify that loaded image does not overlap bootloader code
Fixes CVE-2018-18558
2018-10-26 12:44:10 +08:00
Renz Bagaporo
cc774111bf cmake: Add support for test build 2018-10-20 12:07:24 +08:00
Ivan Grokhotkov
bd11965f6c Merge branch 'bugfix/ndebug_build' into 'master'
soc,sdmmc: fix build failures when NDEBUG is used

See merge request idf/esp-idf!3352
2018-10-19 11:55:37 +08:00
Angus Gratton
f53fef9936 Secure Boot & Flash encryption: Support 3/4 Coding Scheme
Includes esptool update to v2.6-beta1
2018-10-16 16:24:10 +11:00
Ivan Grokhotkov
a1f809fcc5 bootloader: provide implementation of abort
ROM definition of `abort` was removed in 9240bbb. The old definition
resulted in a panic due to a jump to a null pointer (abort member in
ROM stub table was zero). The new definition triggers a debug
exception if JTAG is connected, or goes into an infinite loop to be
reset by the WDT.
2018-10-15 15:02:56 +08:00
Angus Gratton
1b272bb77e Merge branch 'bugfix/rom_export_functions' into 'master'
esp32, bootloader: fix issues related to linking order

See merge request idf/esp-idf!3375
2018-10-05 12:40:05 +08:00
Angus Gratton
326d791ebb bootloader: Fix secure boot digest generation for image length where (len%128 < 32) 2018-10-02 15:17:14 +10:00
Ivan Grokhotkov
f694d057be bootloader_support: exclude bootloader_init.c when building app
Depending on link order of libraries, bootloader implementation of
__assert_func could be linked instead of the one provided by newlib.
2018-10-02 01:20:04 +00:00
Angus Gratton
98b42a8b71 Merge branch 'bugfix/disable_coding_scheme_security_features' into 'master'
bootloader: Don't enable secure boot or flash encryption for 3/4 Coding Scheme

See merge request idf/esp-idf!3369
2018-10-02 07:54:11 +08:00
Ivan Grokhotkov
22b840f3df bootloader: don’t reload RTC_FAST DRAM after deep sleep
When CONFIG_ESP32_RTCDATA_IN_FAST_MEM is enabled, RTC data is placed
into RTC_FAST memory region, viewed from the data bus. However the
bootloader was missing a check that this region should not be
overwritten after deep sleep, which caused .rtc.bss segment to loose
its contents after wakeup.
2018-09-29 14:02:16 +08:00
Angus Gratton
ff33406e74 bootloader: Don't enable secure boot or flash encryption for 3/4 Coding Scheme 2018-09-26 18:26:06 +10:00
Sagar Bijwe
48fccbf5dd nvs_flash: Add support for nvs encryption 2018-09-24 11:25:21 +05:30
Renz Christian Bagaporo
d9939cedd9 cmake: make main a component again 2018-09-11 09:44:12 +08:00
Angus Gratton
b355854d4d Merge branch 'master' into feature/cmake 2018-09-05 10:35:04 +08:00
Angus Gratton
2ec0fd8fd6 Merge branch 'feature/signature_verify_updates' into 'master'
secure boot: Support signed app verification without hardware secure boot

See merge request idf/esp-idf!2814
2018-09-04 18:56:47 +08:00
Angus Gratton
e54f3d9616 Merge branch 'bugfix/bootloader_random_in_app' into 'master'
esp32: Allow bootloader_random.h use in app, add esp_fill_random() function

See merge request idf/esp-idf!3124
2018-09-04 10:39:12 +08:00
Konstantin Kondrashov
9c715d7946 bootloader_support: Fix enable rtc_wdt for resolve issue with varying supply
Eliminates the issue with the lock up in the bootloader due to a power drawdown during its operation.

Closes https://github.com/espressif/esp-idf/issues/1814
2018-09-03 05:43:01 +00:00
Angus Gratton
83a179abb0 esp32: Add esp_fill_random() function
Convenience function to fill a buffer with random bytes.

Add some unit tests (only sanity checks, really.)
2018-09-03 04:39:45 +00:00
Angus Gratton
767ec27350 bootloader_support: Move bootloader_random.h to public header directory 2018-09-03 04:39:45 +00:00
Angus Gratton
a9c4ed7139 Merge branch 'master' into feature/cmake 2018-08-30 18:51:01 +08:00
Mahavir Jain
62746e414e bootloader: add API for erasing flash region
Signed-off-by: Mahavir Jain <mahavir@espressif.com>
2018-08-29 12:04:32 +00:00
Angus Gratton
b364f23e17 secure boot: Support secure boot signatures without hardware secure boot
Allows OTA updates to be secured via signature checks, without requiring the overhead or complexity
of a full secure boot implementation.

Uses same signing mechanisms (build system and/or espsecure.py as Secure Boot).

Requires:
* [ ] More testing
* [ ] Documentation
2018-08-29 17:05:29 +08:00