Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).
The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
This reverts commit bf35ef1ce7.
It has been noticed that there are scenarios where even though firmware is not enabled
with flash encryption config feature, it should be able to write to encrypted partitions.
This revert adds the feature back which was removed around v4.0 timelines, and same
change will be backported to all releases (upto v4.0) for consistency.
esp_partition_register_external did not call load_partitions, so if
it was called before any call to esp_partition_find, then the main
partition table would never be loaded. Introduce new function,
ensure_partitions_loaded, and call it both from esp_partition_find and
esp_partition_register_external.
Closes https://github.com/espressif/esp-idf/issues/4116
When legacy mode is used, the coredump still fails during linking
because "esp_flash_init_default_chip", "esp_flash_app_init" and
"esp_flash_default_chip " are not compiled and linked.
Instead of using ``if`` macros in callers, these functions are protected
by ``if`` macros in the header, and also not compiled in the sources.
"esp_flash_default_chip" variable is compiled with safe default value.
spi_flash has been updated and its functions work from flash by default instead of IRAM that cause issue
add Kconfig value into espcoredump to enable spi_flash legacy mode (CONFIG_SPI_FLASH_USE_LEGACY_IMPL) when core dump is selected
fix spi_flash issues to work correctly with legacy mode when CONFIG_SPI_FLASH_USE_LEGACY_IMPL is used
The name "start_addr" (which goes straight into the docs) implies
it's an absolute address while in fact it's an offset into the
partition like what's used in all the other esp_partition_*
functions.
So in order to avoid confusion make the name consistent with the
parameter names used for the other partition functions and call it
"offset".
Merges https://github.com/espressif/esp-idf/pull/3750
According to the documentation[1][2] for partitions, setting the encrypted
flag for partitions should be a no-op when system level encryption isn't
enabled. The current implementation, however, does not actually match
the documentation and it ends up with an unreadable partition via the
partition API if a partition flag is marked as encrypted without
system-level encryption enabled. (This is because the writes go through
the encryption block, and reads do not go through the encryption block
when this situation occurs causing unreadable data to the application
running.) This fixes up the read-back of the partition table to match
whether or not the partition is currently encrypted under the hood.
This should not affect the bootloader's code for reading/writing encrypted
partitions as the bootloader directly invokes the spi_flash_write*(...)
APIs.
[1] https://docs.espressif.com/projects/esp-idf/en/latest/api-guides/partition-tables.html#flags
[2] https://docs.espressif.com/projects/esp-idf/en/latest/security/flash-encryption.html#encrypted-partition-flag
Closes https://github.com/espressif/esp-idf/pull/3328
Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
1. separate rom include files and linkscript to esp_rom
2. modefiy "include rom/xxx.h" to "include esp32/rom/xxx.h"
3. Forward compatible
4. update mqtt
Added bootloader_common_get_sha256_of_partition() and esp_partition_get_sha256() - get or calculate SHA-256
digest for app and data partitions.
Added bootloader_sha256_hex_to_str() - helps to print SHA-256 digest
Added esp_partition_check_identity() - compares two partitions by SHA-256 digest
Refactoring a function esp_image_load() in bootloader space to esp_image_verify() and
bootloader_load_image(). Old name function esp_image_load is deprecated
and will remove in V4.0 version.
spi_flash/sim: Fix error test_host. Add stub for bootloader_common_get_sha256_of_partition in sim/stubs
components/spi_flash/partition.c: In function 'load_partitions':
components/spi_flash/partition.c:179:66: error: argument to 'sizeof' in 'strncpy' call is the same expression as the source; did you mean to use the size of the destination? [-Werror=sizeof-pointer-memaccess]
strncpy(item->info.label, (const char*) it->label, sizeof(it->label));
^
Allows you to move the partition table, it gives more space for the bootloader.
Added a new utility - parttool.py. This utility can search for the offset and/or size of the partitions by name and type/subtype. Use for getting APP_OFFSET and PHY_DATA_OFFSET.
The linker(esp32.bootloader.ld) made changes that allow you to write a custom bootloader code more.
TW14125
* App access functions are all flash encryption-aware
* Documentation for flash encryption
* Partition read/write is flash aware
* New encrypted write function
This implements esp_partition_read, esp_partition_write, esp_partition_erase_range, esp_partition_mmap.
Also removed getters which didn't add much sugar after all.