Commit Graph

30 Commits

Author SHA1 Message Date
Sachin Parekh
3c7f439d5b bootloader: Add fault injection resistance to Secure Boot bootloader verification 2021-03-31 17:54:45 +05:30
Konstantin Kondrashov
e916cf52a3 bootloader: Add support of anti-rollback
Added:
* set a secure version in app/bootloader.
* description anti-rollback to ota part
* emulate the secure_version write and read operations
* efuse_em partition.
* a description about a rollback for native_ota_example.

Closes: TW26335
2019-02-14 18:51:43 +08:00
Renz Christian Bagaporo
5e08698039 make: use otatool and parttool for build 2018-11-28 15:57:20 +08:00
Deomid Ryabkov
d40bfd21dc Remove trailing spaces from parttool.py output 2018-09-18 16:49:30 +03:00
Roland Dobai
f755a0371d Use check_python_dependencies everywhere as order-only-prerequisite 2018-09-03 11:42:10 +02:00
Angus Gratton
31ae3fe683 make: Use order-only prereq to check python dependencies 2018-08-23 08:28:57 +02:00
Roland Dobai
62cad3a7d7 Add python-future by using python requirements file 2018-08-23 08:28:57 +02:00
Konstantin Kondrashov
de2b1cb02a make: Add feature to cmd 'make flash' - reset ota_data partition
Add a command `make erase_ota` - erases otadata if it there is in the
partition table otherwise error 'Partition table does not have ota_data partition'.

Closes https://github.com/espressif/esp-idf/issues/1821
2018-07-25 11:22:15 +00:00
Angus Gratton
57b601ab7f secure boot: Pad to avoid data after the signature mapping into the address space
Because address space is mapped in 64KB pages, it was possible for unauthenticated data after the
app .bin to become mapped into the flash cache address space.

This problem is solved by 2 changes:

* "esptool elf2image --secure-pad" will pad the image so that the signature block ends close to the
  64KB boundary. Due to alignment constraints it will be 12 bytes too short after signing (but
  with flash encryption, these 12 bytes are still encrypted as part of the last block and can't be
  arbitrarily changed).
* By default, secure boot now requires all app partitions to be a multiple of 64KB in size.
2018-07-17 15:33:47 +10:00
Angus Gratton
077469c823 partition_table: Support same fallback logic as bootloader for default boot partition
Generates correct "make flash" command even when partition table has no factory partition.

Also adds unit tests for parttool.py

Closes https://github.com/espressif/esp-idf/issues/2086
2018-06-22 11:14:22 +10:00
Konstantin Kondrashov
3e0ac4db79 partition_table: Expanding the space under the bootloader
Allows you to move the partition table, it gives more space for the bootloader.
Added a new utility - parttool.py. This utility can search for the offset and/or size of the partitions by name and type/subtype. Use for getting APP_OFFSET and PHY_DATA_OFFSET.
The linker(esp32.bootloader.ld) made changes that allow you to write a custom bootloader code more.

TW14125
2018-06-08 18:47:29 +05:00
Angus Gratton
8fbdad5b0c partition table: Fix regression with make 3.81
"undefine" was added in make 3.8.2

Namespace the global partition table option variables to minimise scope leakage.
2018-04-26 12:07:27 +10:00
Angus Gratton
fa3205737f partition_table: Check configured flash size fits in partition table
Check happens at build time, so flash size config may need to be changed.

Also fixes MD5_OPT undefined warning, closes https://github.com/espressif/esp-idf/issues/1867
2018-04-26 09:51:55 +10:00
Roland Dobai
4017cf3516 partition_table: Optionally disable the MD5 checksum in partition tables 2018-02-22 07:46:41 +01:00
Anton Maklakov
301751ede0 build system: Fix undefined variables
make/project.mk:315: warning: undefined variable `CC'
    make/project.mk:316: warning: undefined variable `LD'
    make/project.mk:317: warning: undefined variable `AR'
    make/project.mk:62: warning: undefined variable `MAKECMDGOALS'
    components/partition_table/Makefile.projbuild:24: warning: undefined variable `quote'
    components/bootloader/Makefile.projbuild:123: warning: undefined variable 'BOOTLOADER_DIGEST_BIN'
    components/bootloader/Makefile.projbuild:123: warning: undefined variable 'SECURE_BOOTLOADER_KEY'
2017-12-28 19:21:34 +08:00
Ivan Grokhotkov
b52e3fae64 build system: fix warning about undefined variable 'quote' 2017-10-19 21:35:23 +08:00
Angus Gratton
d664e32394 build system: Use component.mk for all components, refactor bootloader build
For config-only components, component.mk should now contain "COMPONENT_CONFIG_ONLY := 1"

Also refactored some of the generation of linker paths, library list. This required cleaning up the way the bootloader
project works, it's now mostly independent from the parent.
2017-07-19 09:10:48 +10:00
Deomid Ryabkov
74f78540ae Allow providing custom PARTITION_TABLE_CSV_PATH
Provide direct absolute path to CSV, without project_path
2017-01-25 00:30:29 +00:00
Angus Gratton
d6fafd00db Secure boot: Option for app & partition table signing to happen outside build system 2016-12-19 13:12:05 +11:00
Angus Gratton
a9d5e26748 Secure boot: Correctly re-sign if signing key changes, better error if missing 2016-12-01 23:49:12 -08:00
Angus Gratton
9eb135fd73 Flash encryption: Support enabling flash encryption in bootloader, app support
* App access functions are all flash encryption-aware
* Documentation for flash encryption
* Partition read/write is flash aware
* New encrypted write function
2016-12-01 23:49:12 -08:00
Angus Gratton
c15024e629 Merge branch 'master' into feature/build_component_project_vars 2016-11-14 14:54:41 +11:00
Angus Gratton
e459f803da secure boot: Functional partition table & app signature verification 2016-11-14 11:08:42 +11:00
Angus Gratton
7402a1b973 partition_table: Move from 0x4000 to 0x8000
Also fix a bug with correctly padding bootloader image when length is
already a multiple of 16.
2016-11-14 11:08:42 +11:00
Angus Gratton
b5de581399 Secure boot: initial image signature support 2016-11-14 11:08:42 +11:00
Angus Gratton
341593f7d2 build system: Remove need for $(Q) macro in recipes, use --silent in MAKEFLAGS instead 2016-11-11 12:32:47 +11:00
Angus Gratton
d793d23b94 Remove bin/ directory in favour of an add_path.sh script that can be sourced
Remaining file in bin/ will be moved out as part of !34
2016-09-01 18:45:10 +10:00
Angus Gratton
f853f94335 Use IDF_PATH instead of SDK_PATH for the environment variable pointing to esp-idf
This will require a matching change in all projects using ESP-IDF.
2016-08-19 15:01:49 +08:00
Angus Gratton
14eb490bb3 make: 'make all' default target builds everything, 'make flash' flashes everything
Also added 'make help' target which prints some useful usage summary.
2016-08-18 21:42:37 +08:00
Ivan Grokhotkov
bd6ea4393c Initial public version 2016-08-17 23:08:22 +08:00