Commit graph

125 commits

Author SHA1 Message Date
Angus Gratton
615376d14a secure boot: Use mbedtls_sha256() not esp_sha()
Latter is probably compiled into most firmwares already, saves some size.

Ref https://github.com/espressif/esp-idf/issues/3127
2019-03-15 17:34:06 +11:00
Konstantin Kondrashov
509e1264b9 efuse: Fix to pass CI tests 2019-02-28 07:31:29 +00:00
Konstantin Kondrashov
7626145e6d bootloader: Add support efuse component 2019-02-28 07:31:29 +00:00
Ivan Grokhotkov
8cc6226051 soc: define named constants for DPORT_CPUPERIOD_SEL values 2019-02-26 17:07:59 +08:00
Ivan Grokhotkov
178e5b25e6 bootloader: check previously used clock frequency at run time
In the situation when bootloader was compiled for 240MHz, and app was
compiled for 160MHz, and the chip is a revision 0 chip, the
bootloader will assume that the application has also been running at
240MHz. This will cause the chip to lock up later. Modify this to use
a run time check of DPORT_CPUPERIOD_SEL, which indicates which of the
PLL frequencies was used.

Closes https://github.com/espressif/esp-idf/issues/2731.
2019-02-26 17:02:34 +08:00
Konstantin Kondrashov
e916cf52a3 bootloader: Add support of anti-rollback
Added:
* set a secure version in app/bootloader.
* description anti-rollback to ota part
* emulate the secure_version write and read operations
* efuse_em partition.
* a description about a rollback for native_ota_example.

Closes: TW26335
2019-02-14 18:51:43 +08:00
Ivan Grokhotkov
96d0f7f5e2 bootloader: account for load address when mapping cache pages
Bootloader used to calculate the number of cache pages assuming that
load address was aligned, while in reality load address for DROM and
IROM was offset by 0x20 bytes from the start of 64kB page. This
caused the bootloader to map one less page if the size of the image
was 0x4..0x1c less than a multiple of 64kB.

Reported in https://esp32.com/viewtopic.php?f=13&t=6952.
2019-01-19 14:44:55 +08:00
Ivan Grokhotkov
182e917d78 bootloader: fix IROM and DROM swapped in log messages 2019-01-19 14:44:55 +08:00
Konstantin Kondrashov
dde1fd9b94 bootloader: Add support flags for rollback app
Added
* Set actual ota_seq if both ota are init or incorrect.
* Description of rollback
* UT tests

Closes TW15459
2018-12-11 11:54:21 +08:00
Konstantin Kondrashov
f9522a0eb6 bootloader app_update: Refactoring otadata part 2018-12-05 11:20:03 +08:00
Konstantin Kondrashov
3b9cb25fe1 esp32: Add firmware version to app
Added a new structure esp_app_desc_t. It has info about firmware:
version, secure_version, project_name, time/date build and IDF version.
Added the ability to add a custom structure with a description of the firmware.

The esp_app_desc_t is located in fixed place in start of ROM secotor. It is located after structures esp_image_header_t and esp_image_segment_header_t.

app_version is filed from PROJECT_VER variable (if set in custom make file) or PROJECT_PATH/version.txt or git repo (git describe).

Add API to get app_desc from partition.
2018-12-03 16:52:04 +08:00
Ivan Grokhotkov
964f5a91f7 bootloader, esp32: add workaround for Tensilica erratum 572
If zero-overhead loop buffer is enabled, under certain rare conditions
when executing a zero-overhead loop, the CPU may attempt to execute an invalid instruction. Work around by disabling the buffer.
2018-11-19 04:39:35 +00:00
Anurag Kar
1f6622b2d1 CMake : Secure Boot support added 2018-11-06 17:09:55 +05:30
Ivan Grokhotkov
73d1b5a7a0 bootloader: verify that loaded image does not overlap bootloader code
Fixes CVE-2018-18558
2018-10-26 12:44:10 +08:00
Renz Bagaporo
cc774111bf cmake: Add support for test build 2018-10-20 12:07:24 +08:00
Ivan Grokhotkov
bd11965f6c Merge branch 'bugfix/ndebug_build' into 'master'
soc,sdmmc: fix build failures when NDEBUG is used

See merge request idf/esp-idf!3352
2018-10-19 11:55:37 +08:00
Angus Gratton
f53fef9936 Secure Boot & Flash encryption: Support 3/4 Coding Scheme
Includes esptool update to v2.6-beta1
2018-10-16 16:24:10 +11:00
Ivan Grokhotkov
a1f809fcc5 bootloader: provide implementation of abort
ROM definition of `abort` was removed in 9240bbb. The old definition
resulted in a panic due to a jump to a null pointer (abort member in
ROM stub table was zero). The new definition triggers a debug
exception if JTAG is connected, or goes into an infinite loop to be
reset by the WDT.
2018-10-15 15:02:56 +08:00
Angus Gratton
1b272bb77e Merge branch 'bugfix/rom_export_functions' into 'master'
esp32, bootloader: fix issues related to linking order

See merge request idf/esp-idf!3375
2018-10-05 12:40:05 +08:00
Angus Gratton
326d791ebb bootloader: Fix secure boot digest generation for image length where (len%128 < 32) 2018-10-02 15:17:14 +10:00
Ivan Grokhotkov
f694d057be bootloader_support: exclude bootloader_init.c when building app
Depending on link order of libraries, bootloader implementation of
__assert_func could be linked instead of the one provided by newlib.
2018-10-02 01:20:04 +00:00
Angus Gratton
98b42a8b71 Merge branch 'bugfix/disable_coding_scheme_security_features' into 'master'
bootloader: Don't enable secure boot or flash encryption for 3/4 Coding Scheme

See merge request idf/esp-idf!3369
2018-10-02 07:54:11 +08:00
Ivan Grokhotkov
22b840f3df bootloader: don’t reload RTC_FAST DRAM after deep sleep
When CONFIG_ESP32_RTCDATA_IN_FAST_MEM is enabled, RTC data is placed
into RTC_FAST memory region, viewed from the data bus. However the
bootloader was missing a check that this region should not be
overwritten after deep sleep, which caused .rtc.bss segment to loose
its contents after wakeup.
2018-09-29 14:02:16 +08:00
Angus Gratton
ff33406e74 bootloader: Don't enable secure boot or flash encryption for 3/4 Coding Scheme 2018-09-26 18:26:06 +10:00
Sagar Bijwe
48fccbf5dd nvs_flash: Add support for nvs encryption 2018-09-24 11:25:21 +05:30
Renz Christian Bagaporo
d9939cedd9 cmake: make main a component again 2018-09-11 09:44:12 +08:00
Angus Gratton
b355854d4d Merge branch 'master' into feature/cmake 2018-09-05 10:35:04 +08:00
Angus Gratton
2ec0fd8fd6 Merge branch 'feature/signature_verify_updates' into 'master'
secure boot: Support signed app verification without hardware secure boot

See merge request idf/esp-idf!2814
2018-09-04 18:56:47 +08:00
Angus Gratton
e54f3d9616 Merge branch 'bugfix/bootloader_random_in_app' into 'master'
esp32: Allow bootloader_random.h use in app, add esp_fill_random() function

See merge request idf/esp-idf!3124
2018-09-04 10:39:12 +08:00
Konstantin Kondrashov
9c715d7946 bootloader_support: Fix enable rtc_wdt for resolve issue with varying supply
Eliminates the issue with the lock up in the bootloader due to a power drawdown during its operation.

Closes https://github.com/espressif/esp-idf/issues/1814
2018-09-03 05:43:01 +00:00
Angus Gratton
83a179abb0 esp32: Add esp_fill_random() function
Convenience function to fill a buffer with random bytes.

Add some unit tests (only sanity checks, really.)
2018-09-03 04:39:45 +00:00
Angus Gratton
767ec27350 bootloader_support: Move bootloader_random.h to public header directory 2018-09-03 04:39:45 +00:00
Angus Gratton
a9c4ed7139 Merge branch 'master' into feature/cmake 2018-08-30 18:51:01 +08:00
Mahavir Jain
62746e414e bootloader: add API for erasing flash region
Signed-off-by: Mahavir Jain <mahavir@espressif.com>
2018-08-29 12:04:32 +00:00
Angus Gratton
b364f23e17 secure boot: Support secure boot signatures without hardware secure boot
Allows OTA updates to be secured via signature checks, without requiring the overhead or complexity
of a full secure boot implementation.

Uses same signing mechanisms (build system and/or espsecure.py as Secure Boot).

Requires:
* [ ] More testing
* [ ] Documentation
2018-08-29 17:05:29 +08:00
Ivan Grokhotkov
90f5456dba Merge branch 'feature/rtc_cpu_freq_config' into 'master'
soc/rtc: Refactoring, support CPU frequencies lower than XTAL

See merge request idf/esp-idf!2856
2018-08-22 11:32:08 +08:00
Ivan Grokhotkov
c722cf3e06 bootloader: use new CPU frequency setting API 2018-08-21 13:02:46 +08:00
Jiang Jiang Jian
98eaa5c2ec Merge branch 'docs/security' into 'master'
docs: Added more wordings to capture secure boot and flash encryption dependency.

See merge request idf/esp-idf!2947
2018-08-16 19:31:36 +08:00
Angus Gratton
ff2404a272 Merge branch 'master' into feature/cmake 2018-08-16 17:14:17 +10:00
Konstantin Kondrashov
a8e46775c6 soc/rtc_wdt: Add API functions for rtc_wdt
Added functions:
rtc_wdt_protect_off/on
rtc_wdt_set_length_of_reset_signal
rtc_wdt_set_stage
rtc_wdt_set_time
rtc_wdt_feed
rtc_wdt_disable/enable
2018-08-14 17:48:02 +05:00
Sagar Bijwe
b27773e87c docs: Added more wordings to capture secure boot and flash encryption dependency. 2018-08-14 11:27:29 +05:30
Konstantin Kondrashov
117c79eae5 app_update: Add API for getting sha256_of_partition
Added bootloader_common_get_sha256_of_partition() and esp_partition_get_sha256() - get or calculate SHA-256
digest for app and data partitions.
Added bootloader_sha256_hex_to_str() - helps to print SHA-256 digest
Added esp_partition_check_identity() - compares two partitions by SHA-256 digest

Refactoring a function esp_image_load() in bootloader space to esp_image_verify() and
bootloader_load_image(). Old name function esp_image_load is deprecated
and will remove in V4.0 version.

spi_flash/sim: Fix error test_host. Add stub for bootloader_common_get_sha256_of_partition in sim/stubs
2018-08-13 13:59:07 +05:00
Konstantin Kondrashov
8c808c2d9a bootloader: Fix issue - bs->app_count is zero but ota_data have valid entry
If we have the partition table without any ota_apps but in ota_data have
valide entry, in this case we get an error(hang). This commit fix this
case. If bs->app_count is zero when selecting the factory app.

Closes https://github.com/espressif/esp-idf/issues/2218
2018-07-24 13:09:32 +08:00
Angus Gratton
0905aa0103 Merge branch 'bugfix/bootloader_include_priv' into 'master'
bootloader_support: Rename include_priv directory to include_bootloader

See merge request idf/esp-idf!2686
2018-07-23 18:50:35 +08:00
Angus Gratton
fbec7de7f8 bootloader_support: Rename include_priv directory to include_bootloader
Old rationale for "priv" no longer applies.

As reported here: https://esp32.com/viewtopic.php?f=13&t=6155&p=27151#p26601
2018-07-23 15:58:27 +10:00
Angus Gratton
e75a1129e0 Merge branch 'bugfix/bootloader_noreturn_always' into 'master'
bootloader: Ensure bootloader never returns to caller

See merge request idf/esp-idf!2815
2018-07-23 11:56:14 +08:00
Angus Gratton
f0d74b1c64 bootloader: Ensure bootloader never returns to caller
* Fixes some "noreturn" functions in bootloader utils which did return (causing fatal CPU
  exceptions).
* Marks bootloader entry as "noreturn", preventing "user code done" from stalling boot
  Partial fix for https://github.com/espressif/esp-idf/issues/1814 TW20016
  (Comprehensive fix for this issue will be enabling WDT during bootloader, coming shortly.)
2018-07-19 16:24:11 +10:00
Angus Gratton
57b601ab7f secure boot: Pad to avoid data after the signature mapping into the address space
Because address space is mapped in 64KB pages, it was possible for unauthenticated data after the
app .bin to become mapped into the flash cache address space.

This problem is solved by 2 changes:

* "esptool elf2image --secure-pad" will pad the image so that the signature block ends close to the
  64KB boundary. Due to alignment constraints it will be 12 bytes too short after signing (but
  with flash encryption, these 12 bytes are still encrypted as part of the last block and can't be
  arbitrarily changed).
* By default, secure boot now requires all app partitions to be a multiple of 64KB in size.
2018-07-17 15:33:47 +10:00
Jiang Jiang Jian
7f382f461c Merge branch 'feature/support_for_XM25QU64A' into 'master'
feature(flash): set QIO mode for XM25QU64A(1V8_64M_flash)

See merge request idf/esp-idf!2753
2018-07-16 12:16:13 +08:00
Angus Gratton
fb439e48f5 bootloader: Don't verify Partition Table as part of Secure Boot
Partition Tables are still signed for backwards compatibility, but signature is no longer checked as
part of bootloader.

Closes https://github.com/espressif/esp-idf/issues/1641
2018-07-13 15:45:15 +10:00