Commit graph

17 commits

Author SHA1 Message Date
Angus Gratton
3783e28f0e bootloader: Check all partitions fit inside configured flash size 2016-12-30 14:19:46 +11:00
Angus Gratton
d6fafd00db Secure boot: Option for app & partition table signing to happen outside build system 2016-12-19 13:12:05 +11:00
Angus Gratton
ceb8566970 Flash encryption / secure boot: Temporarily disable on-device key generation
Will be enabled after seeding of HWRNG in bootloader is fully tested/qualified.
2016-12-01 23:49:13 -08:00
Angus Gratton
a9d5e26748 Secure boot: Correctly re-sign if signing key changes, better error if missing 2016-12-01 23:49:12 -08:00
Angus Gratton
506c8cd964 secure boot & flash encryption: Rework configuration options
Add UART bootloader disable options for flash encryption
2016-12-01 23:49:12 -08:00
Angus Gratton
9eb135fd73 Flash encryption: Support enabling flash encryption in bootloader, app support
* App access functions are all flash encryption-aware
* Documentation for flash encryption
* Partition read/write is flash aware
* New encrypted write function
2016-12-01 23:49:12 -08:00
Angus Gratton
c48612e516 mbedTLS SHA acceleration: Allow concurrent digest calculation, works with TLS
SHA hardware allows each of SHA1, SHA256, SHA384&SHA512 to calculate digests
concurrently.

Currently incompatible with AES acceleration due to a hardware reset problem.

Ref TW7111.
2016-11-22 20:42:38 +11:00
Angus Gratton
60f29236f6 Build system: Raise warning level
Default esp-idf builds now show -Wextra warnings (except for a few:
signed/unsigned comparison, unused parameters, old-style C declarations.)

CI building of examples runs with that level raised to -Werror, to catch
those changes going into the main repo.
2016-11-16 15:57:34 +11:00
Angus Gratton
c15024e629 Merge branch 'master' into feature/build_component_project_vars 2016-11-14 14:54:41 +11:00
Angus Gratton
8691b54758 secure boot: Rename efuse option for UART bootloader to option for ROM interpreter 2016-11-14 11:08:42 +11:00
Angus Gratton
e459f803da secure boot: Functional partition table & app signature verification 2016-11-14 11:08:42 +11:00
Angus Gratton
fe66dd85f0 secure boot: Enable based on sdkconfig, remove "secure boot flag" from binary image 2016-11-14 11:08:42 +11:00
Angus Gratton
7402a1b973 partition_table: Move from 0x4000 to 0x8000
Also fix a bug with correctly padding bootloader image when length is
already a multiple of 16.
2016-11-14 11:08:42 +11:00
Angus Gratton
64f3893cb9 secure boot: Derive secure bootloader key from private key
Means only one key needs to be managed.
2016-11-14 11:08:42 +11:00
Angus Gratton
b5de581399 Secure boot: initial image signature support 2016-11-14 11:08:42 +11:00
Angus Gratton
98a0387854 bootloader_support: Move secure boot code to bootloader_support 2016-11-08 11:13:54 +11:00
Angus Gratton
aceb6517c0 Refactor existing bootloader common functionality into bootloader_support component 2016-11-02 17:58:41 +11:00