Reduces write cycles, and useful on ESP32 ECO3 as UART_DIS_DL is protected by
the same efuse.
Also fixes accidental macro definition introduced in 7635dce502
flash_encryption: modify additional efuses burning method to fix them are not being written
flass_encryption: burn efuse to disable boot from RAM space
flash_encryption: added better checking for key generation state plus set read and write protect for them
soc esp32s2: Add register-level bit definitions for read & wrote protect bits
esp32s2: Fixes for flash encryption
- Write efuses in a batch
- Fix some detection of whether existing efuse blocks are read/write protected
flash_enctryption: enabled flash encryption example on esp32s2
bootloader: raise WDT overflow value providing sufficient interval to encrypt app partition
flash_ encrypt: Fixed the TODOs on flash encryption key generation for esp32s2
flash_encryption: added secure boot features to flash enctryption for esp32s2
bootloader: leave only esp32s2 compatible potentially insecure options on menuconfig.
flash_encryption: removed secure boot version 1 from esp32s2 encryption code
flash_encryption: added CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED option for esp32s2
flash_encryption: fixed the count of left plaintext flash
flash_encryption: disable dcache and icache download when using encryption in release mode
flash_encryption: add cache potentally insecure options for s2 chips
flash_encryption: fixed bug which bricked some chips in relase mode
If BLK2 is empty then it's OK to continue with a warning (otherwise it may spook users into thinking
something this is wrong, but this is the expected workflow.)
If BLK2 is not empty and doesn't match then we need to fail because it won't be possible to
trust the signature.
Previous method was to write-protect this efuse, however on ECO3
the write protect field also covers the UART_DOWNLOAD_DIS efuse.
Doing it this way keeps the possibility of disabling UART download
mode, later.
This commit updates the watchdog timers (MWDT and RWDT)
in the following ways:
- Add seprate LL for MWDT and RWDT.
- Add a combined WDT HAL for all Watchdog Timers
- Update int_wdt.c and task_wdt.c to use WDT HAL
- Remove most dependencies on LL or direct register access
in other components. They will now use the WDT HAL
- Update use of watchdogs (including RTC WDT) in bootloader and
startup code to use the HAL layer.
In commit 02d2903e39, mbedtls was
updated to release v2.16.5, where it was made mandatory to initialize
mbedtls_ctr_drbg_context before using same. It was fixed in wpa supplicant
but missed out in secure boot v2 verification code. This commit
fixes that.
Goal is that multiple faults would be required to bypass a boot-time signature check.
- Also strengthens some address range checks for safe app memory addresses
- Change pre-enable logic to also check the bootloader signature before enabling SBV2 on ESP32
Add some additional checks for invalid sections:
- Sections only partially in DRAM or IRAM are invalid
- If a section is in D/IRAM, allow the possibility only some is in D/IRAM
- Only pass sections that are entirely in the same type of RTC memory region
On the ESP32S2, rtc_clk_cal(RTC_CAL_RTC_MUX) measures the frequency
of the 90kHz RTC clock regardless of the selected slow clock
frequency. Keep track which clock is selected and pass the argument
to rtc_clk_cal accordingly.
fix clock choices
update rtc 32k xtal code for s2
missed api in rtc.h
bootloader_clock: update for S2
1. use spi functions in rom
2. remove unnecessary GPIO configurations.
3. remove unnecessary dummy settings.
4. enable dummy out function
5. flash and psram have independent timing setting registers.
6. no need to set 1.9v for LDO in 80Mhz
7. set IO driver ability to 1 by default.
8. no need to use GPIO matrix on esp32s2, IO MUX is recommended
9. enable spi clock mode and IO mode settings
1. Delete bootloader_clock_get_rated_freq_mhz, esp32s2 do not need it right now
2. Remove bootloader_flash_gpio_config () because it has the same function as bootloader_flash_dummy_config
* Don't bother checking the chip revision if it looks like the partition
doesn't really contain an app
* Don't print the "info" level about the revision & min revision unless
we're in the bootloader (otherwise it gets printed at random times
during the OTA process)
