Secure version in the image header is only available for the application
image. However, for certain security workflows, bootloader verifies
itself (own image) and hence the secure version check during that must be
avoided.
Regression introduced in recent commit-id: 3305cb4d
Tested that both secure boot and flash-enc workflows work correctly
with the anti-rollback scenario.
Some additional checks related to secure version of the application in
anti-rollback case have been added to avoid any attempts to boot lower
security version but valid application (e.g., passive partition image).
- Read secure_version under sha256 protection
- First check has been added in the bootloader to ensure correct secure
version after application verification and loading stage. This check
happens before setting up the flash cache mapping and handling over
the final control to application. This check ensures that application
was not swapped (e.g., to lower security version but valid image) just
before the load stage in bootloader.
- Second check has been added in the application startup code to ensure
that currently booting app has higher security version than the one
programmed in the eFuse for anti-rollback scenario. This will ensure
that only the legit application boots-up on the device for
anti-rollback case.
On ESP32-S3 with the default efuse settings, USB PHY is connected to
the USB_SERIAL_JTAG peripheral. If USB OTG peripheral is used for the
console, we need to additionally switch the PHY to USB OTG, otherwise
we won't get any output.
Closes https://github.com/espressif/esp-idf/issues/12437
esp_efuse_utility_load_efuses_from_flash() read emul_efuse
as an encrypted partition, but that is not correct,
this partition was never encrypted.
Need to read it as not encrypted partition.
Fxed the case: If FE is already on then EFUSE VIRT mode can work with it.
Closes https://github.com/espressif/esp-idf/issues/10929
User's custom data are not taken into account during the CRC calculation anymore.
Which means taht the retained mem structure is not systematically erased
on each reboot anymore.
For secure boot enabled cases, bootloader and firmware images have signature
appended and size is variable based on scheme being used. This appended data
must be considered while verifying image length against allocated partition
size to avoid any possibilities of going beyond reserved size.
Closes IDF-5617
Currently, we pull up cs io for spi flash/ram to reduce current leakage during
light sleep. But some kind of spi flash/ram chip need all io pull up. Otherwise,
current leakage will still exist.
ESP32-S2 and ESP32-S3
supports up to 1 GB of external flash and RAM
add support for
- 32MB
- 64MB
- 128MB ( example NOR spiFLASH 1G-BIT W25Q01JVZEIQ Winbond 0xEF 0x40 0x21 )
Merges https://github.com/espressif/esp-idf/pull/7688
Signed-off-by: Ivan Grokhotkov <ivan@espressif.com>
