Commit graph

193 commits

Author SHA1 Message Date
KonstantinKondrashov
0a1919abff esp32: Reduce using ESP_EARLY_LOGx and move some code after the stdout initialization
After setting _GLOBAL_REENT, ESP_LOGIx can be used instead of ESP_EARLY_LOGx.

Closes: https://github.com/espressif/esp-idf/issues/5343
2020-06-17 15:53:45 +08:00
Ivan Grokhotkov
bd3caffdcd bootloader_support: force alignment of flash_read argument 2020-06-04 21:01:56 +10:00
Angus Gratton
a5b4fda207 bootloader: Force bootloader_image_hdr to be word aligned
Possible due to linker order for this file to be placed unaligned,
causing failure from bootloader_flash_read() function.
2020-06-04 20:53:46 +10:00
Angus Gratton
b00f38f91c secure boot v2: Add anti-FI check that secure boot not enabled yet
Prevent a fault from causing bootloader to trust the provided signature incorrectly.
2020-06-02 16:14:01 +10:00
Angus Gratton
3c6b1b4c0a secure boot v2: Don't check efuse BLK2 if only boot-time signature verification is enabled 2020-06-02 16:14:01 +10:00
Angus Gratton
2c531d5bb3 secure boot v2: Don't log warnings when BLK2 is empty as expected
If BLK2 is empty then it's OK to continue with a warning (otherwise it may spook users into thinking
something this is wrong, but this is the expected workflow.)

If BLK2 is not empty and doesn't match then we need to fail because it won't be possible to
trust the signature.
2020-06-02 16:14:01 +10:00
chenjianqiang
eb5bafeb65 flash: fix spi flash clock config error
Closes https://github.com/espressif/esp-idf/issues/5099
2020-04-27 16:56:58 +08:00
Angus Gratton
c17d55eb9b esp32: Enable flash encryption by setting FLASH_CRYPT_CNT to max
Previous method was to write-protect this efuse, however on ECO3
the write protect field also covers the UART_DOWNLOAD_DIS efuse.

Doing it this way keeps the possibility of disabling UART download
mode, later.
2020-03-31 17:31:59 +11:00
Angus Gratton
cf8dd62fc4 secure boot v2: esp32: Prevent read disabling additional efuses
Also reduce the number of eFuse write cycles during first boot when
Secure Boot and/or Flash Encryption are enabled.
2020-03-31 17:31:56 +11:00
Mahavir Jain
b8fe1fdf27 bootloader_support: initialize mbedtls_ctr_drbg_context per mbedtls v2.16.5 requirement
In commit 02d2903e39, mbedtls was
updated to release v2.16.5, where it was made mandatory to initialize
mbedtls_ctr_drbg_context before using same. It was fixed in wpa supplicant
but missed out in secure boot v2 verification code. This commit
fixes that.
2020-03-23 11:22:20 +05:30
Angus Gratton
32756b165e bootloader: Add fault injection resistance to Secure Boot bootloader verification
Goal is that multiple faults would be required to bypass a boot-time signature check.

- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32

Add some additional checks for invalid sections:

- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
2020-03-06 01:16:04 +05:30
Angus Gratton
74b299c4c7 secure boot: Encrypt the bootloader signature when enabling flash encryption + secure boot v2 2020-03-06 01:16:04 +05:30
Supreet Deshpande
60fed38c0f feat/secure_boot_v2: Adding secure boot v2 support for ESP32-ECO3 2020-03-06 01:16:04 +05:30
suda-morris
1ffb546135 esp32s2:remove unsupported xtal choice
ESP32-S2 only supports 40MHz XTAL and doesn't have XTAL autodetection.
2020-01-09 13:09:21 +08:00
Angus Gratton
ba3f47efd6 bootloader_support: fix crash in image verification is SHA doesn't match 2019-12-30 13:48:11 +11:00
Angus Gratton
b2ed553bbf bootloader_support: Reduce log spam about chip revisions
* Don't bother checking the chip revision if it looks like the partition
  doesn't really contain an app
* Don't print the "info" level about the revision & min revision unless
  we're in the bootloader (otherwise it gets printed at random times
  during the OTA process)
2019-12-30 13:48:11 +11:00
Angus Gratton
5139934767 bootloader_common: Fix esp_partition_get_sha256(), add unit tests
Regression in 438d513a95

Reported here: https://esp32.com/viewtopic.php?f=13&t=13250&p=52460
2019-12-30 13:47:47 +11:00
morris
888316fc64 bootloader_support: refactor to better support multi target 2019-12-23 05:45:17 +00:00
morris
01ca687caa esp32s2beta: only support unicore 2019-12-09 09:48:37 +08:00
Angus Gratton
fd27c0a113 Merge branch 'bugfix/bootloader_unicore_cache_enable' into 'master'
bootloader: revert support for booting dual-core apps on single-core bootloader

See merge request espressif/esp-idf!6609
2019-11-27 08:01:59 +08:00
wanglei
7b2348baad fix bug that wrap mode not disabled in none-QIO mode 2019-11-15 15:59:07 +00:00
Ivan Grokhotkov
a8e3ad6bd9 bootloader: revert support for booting dual-core apps on single-core bootloader 2019-11-05 14:42:43 +01:00
Chen Zheng Wei
b4a02c57c2 bugfix(i2s_bootloader_random_disable): fix bug about i2s bootloader_random_disable
bootloader_random_disable disables the ADC incorrectly, causing the ADC to sometimes fail to work. Fix this bug

closes https://github.com/espressif/esp-idf/issues/3973
2019-11-05 10:36:53 +08:00
Angus Gratton
7ce75a42c7 Merge branch 'master' into feature/esp32s2beta_merge 2019-10-25 15:13:52 +11:00
Angus Gratton
5bec9fb010 Merge branch 'bugfix/random_en_dis_for_app' into 'master'
bootloader_support: Fix using shared CLK_EN and RST_EN regs for random

See merge request espressif/esp-idf!6198
2019-10-23 13:18:01 +08:00
Angus Gratton
496ede9bcd Merge branch 'master' into feature/esp32s2beta_merge 2019-10-15 14:59:27 +11:00
Mahavir Jain
99659091fb bootloader_support: fix logging prints around chip revision 2019-10-11 14:35:22 +05:30
KonstantinKondrashov
807826f796 bootloader_support: Fix using shared CLK_EN and RST_EN regs for random
bootloader_random_enable() and bootloader_random_disable() functions
can be used in app.
This MR added the protection for shared CLK_EN and RST_EN registers.
2019-10-07 06:47:00 +00:00
Ivan Grokhotkov
6bddcdac67 bootloader: move esp32 specific code from bootloader_common
Also implements bootloader_clock_get_rated_freq_mhz for esp32s2beta.

Closes IDF-758
2019-10-03 09:38:13 +02:00
Ivan Grokhotkov
5830f529d8 Merge branch 'master' into feature/esp32s2beta_merge 2019-10-02 19:01:39 +02:00
suda-morris
cbab3c34f8 bootloader: shrink bin size
1. write a bootloader version of "getting chip revision" function.
2. reduce wordy log.
2019-09-27 10:58:30 +08:00
KonstantinKondrashov
6f102125b4 bootloader: Add support esp32s2beta 2019-09-20 16:57:33 +10:00
Angus Gratton
adfc06a530 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-20 10:28:37 +10:00
Angus Gratton
83680bd96b Merge branch 'feature/esp32s2beta' into feature/esp32s2beta_merge 2019-09-19 21:08:20 +10:00
Jiang Jiang Jian
d78831ab2b Merge branch 'bugfix/remove_v40_deprecations' into 'master'
Remove features deprecated before ESP-IDF V4.0

Closes IDF-507

See merge request espressif/esp-idf!5841
2019-09-19 16:07:01 +08:00
suda-morris
dd248ffc32 Add chip revision into image header
Check chip id and chip revision before boot app image

Closes https://github.com/espressif/esp-idf/issues/4000
2019-09-16 18:13:53 +08:00
Angus Gratton
438d513a95 Merge branch 'master' into feature/esp32s2beta_merge 2019-09-16 16:18:48 +10:00
Angus Gratton
62c06047da bootloader_support: Remove deprecated partition load/verify functions
Deprecated since v3.2
2019-09-13 09:44:07 +10:00
KonstantinKondrashov
d3637cd06b rtc_wdt: re-enable RTC_WDT 2019-09-13 00:03:52 +08:00
Angus Gratton
b547aef2a0 flash encryption: Ensure flash encryption can't be disabled if Secure Boot is on 2019-09-10 11:28:11 +10:00
Li Shuai
bd29202520 1. Fix backtrace is incomplete
2. Optimization code style
2019-09-05 18:40:33 +08:00
Angus Gratton
abd6d40796 secure boot: Ensure mbedTLS enables ECDSA if signatures are checked in app
and all ECDSA to be disabled if secure boot is not enabled

Previously if ECDSA disabled in config then secure_boot_signatures.c would
fail to build (whether or not secure boot was enabled).

To avoid breaking apps that might be using the signature scheme with custom OTA
without enabling secure boot signatures in config, this change just disables
this functionality if unavailable in mbedTLS config.

Possible fix for root cause of https://github.com/espressif/esp-idf/pull/3703
2019-08-30 14:56:11 +10:00
Angus Gratton
06898325e6 Merge branch 'bugfix/bootloader_efuse_build_regression' into 'master'
bootloader: add definition of esp_clk_apb_freq

Closes IDFGH-1734

See merge request espressif/esp-idf!5913
2019-08-29 08:35:48 +08:00
Angus Gratton
a21ca2270a Merge branch 'feature/deep_sleep_fast_wake' into 'master'
bootloader: Reduce the time spent in image validation when waking from deep sleep

See merge request espressif/esp-idf!5140
2019-08-28 08:54:28 +08:00
Ivan Grokhotkov
fb72a6f629 bootloader: add definition of esp_clk_apb_freq
Commit 8cd04c80 has added a dependency of efuse component on
esp_clk_apb_freq, however there was no definition of this function in
the bootloader context.

Reported at https://esp32.com/viewtopic.php?f=13&t=12035
2019-08-27 12:01:11 +02:00
Ivan Grokhotkov
12c9d9a564 spi_flash: remove duplicate definition of spi_flash_unlock
The other (static) definition is in flash_ops.c, all references are
also in flash_ops.c.
2019-08-23 12:37:55 +08:00
KonstantinKondrashov
c543aac91e bootloader: API for the fast wakeup and custom using RTC mem
Added "Reserve RTC FAST memory for custom purposes" option.
Added a boot counter.
2019-08-21 11:44:37 +00:00
Tim Nordell
43393cf4d1 bootloader: Support for skipping validation upon wake from deep sleep
This saves time when waking up from deep sleep, but potentially decreases
the security of the system.  If the application able to modify itself
(especially areas that are loaded into RAM) in flash while running
without crashing or is modifies the cached bits of information about
what was last booted from the bootloader, this could cause security
issues if the user does a "deep sleep reset" since the full validation
is skipped.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Tim Nordell
82984f0539 bootloader: Do not obfuscate RAM if we are not doing image validation
No need to take this step if we are not doing image validation.  The
obfuscation only buys us a tiny bit of "security" anyways since the
main parts of flash are memory mapped, too.  This saves a little bit of
wake-up time when waking up from deep sleep when the
BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP option is set.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Tim Nordell
1e32fa2cf7 bootloader: Remove extraneous newlines from some debug statements
ESP_LOGD(...) provides its own new lines so remove these from these
debug strings.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00