Additionally, always enable the partition MD5 check if flash encryption is on in
Release mode. This ensures the partition table ciphertext has not been modified
(CVE-2021-27926).
The exception is pre-V3.1 ESP-IDF bootloaders and partition tables, which
don't have support for the MD5 entry.
Sometimes the flash size read from bootloader is not correct. This may
forbid SPI Flash driver from reading the the area larger than the size
in bootloader header.
When the new config option is enabled, the latest configured
ESPTOOLPY_FLAHSIZE in the app header will be used to override the value
read from bootloader header.
For getting secure_version field in anti rollback case, bootloader tries
to map whole firmware partition but fails for cases where partition size
is beyond available MMU free pages capacity.
Fix here ensures to map only required length upto application descriptor
size in firmware partition.
Closes https://github.com/espressif/esp-idf/issues/5911
Allows booting in QIO/QOUT mode or with PSRAM on ESP32-PICO-V3 and
ESP32-PICO-V3-O2 without any config changes.
Custom WP pins (needed for fully custom circuit boards) should still be compatible.
Reduces write cycles, and useful on ESP32 ECO3 as UART_DIS_DL is protected by
the same efuse.
Also fixes accidental macro definition introduced in 7635dce502
flash_encryption: modify additional efuses burning method to fix them are not being written
flass_encryption: burn efuse to disable boot from RAM space
flash_encryption: added better checking for key generation state plus set read and write protect for them
soc esp32s2: Add register-level bit definitions for read & wrote protect bits
esp32s2: Fixes for flash encryption
- Write efuses in a batch
- Fix some detection of whether existing efuse blocks are read/write protected
flash_enctryption: enabled flash encryption example on esp32s2
bootloader: raise WDT overflow value providing sufficient interval to encrypt app partition
flash_ encrypt: Fixed the TODOs on flash encryption key generation for esp32s2
flash_encryption: added secure boot features to flash enctryption for esp32s2
bootloader: leave only esp32s2 compatible potentially insecure options on menuconfig.
flash_encryption: removed secure boot version 1 from esp32s2 encryption code
flash_encryption: added CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED option for esp32s2
flash_encryption: fixed the count of left plaintext flash
flash_encryption: disable dcache and icache download when using encryption in release mode
flash_encryption: add cache potentally insecure options for s2 chips
flash_encryption: fixed bug which bricked some chips in relase mode
If BLK2 is empty then it's OK to continue with a warning (otherwise it may spook users into thinking
something this is wrong, but this is the expected workflow.)
If BLK2 is not empty and doesn't match then we need to fail because it won't be possible to
trust the signature.
Previous method was to write-protect this efuse, however on ECO3
the write protect field also covers the UART_DOWNLOAD_DIS efuse.
Doing it this way keeps the possibility of disabling UART download
mode, later.
