Commit graph

179 commits

Author SHA1 Message Date
Tim Nordell
43393cf4d1 bootloader: Support for skipping validation upon wake from deep sleep
This saves time when waking up from deep sleep, but potentially decreases
the security of the system.  If the application able to modify itself
(especially areas that are loaded into RAM) in flash while running
without crashing or is modifies the cached bits of information about
what was last booted from the bootloader, this could cause security
issues if the user does a "deep sleep reset" since the full validation
is skipped.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Tim Nordell
82984f0539 bootloader: Do not obfuscate RAM if we are not doing image validation
No need to take this step if we are not doing image validation.  The
obfuscation only buys us a tiny bit of "security" anyways since the
main parts of flash are memory mapped, too.  This saves a little bit of
wake-up time when waking up from deep sleep when the
BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP option is set.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Tim Nordell
1e32fa2cf7 bootloader: Remove extraneous newlines from some debug statements
ESP_LOGD(...) provides its own new lines so remove these from these
debug strings.

Signed-off-by: Tim Nordell <tim.nordell@nimbelink.com>
2019-08-21 11:44:37 +00:00
Michael (XIAO Xufeng)
264ffbeb14 timer_group: use the LL 2019-08-09 13:46:31 +08:00
Michael Zimmermann
74a459dd3d make code conform to Wstrict-prototypes
Merges https://github.com/espressif/esp-idf/pull/2937
2019-08-01 16:28:56 +07:00
Anton Maklakov
afbaf74007 tools: Mass fixing of empty prototypes (for -Wstrict-prototypes) 2019-08-01 16:28:56 +07:00
chenjianqiang
d77c74770a bugfix(flash): add flash config in app startup
We fixed some flash bugs in bootloader, but for the users used the old
vrsion bootloader, they can not fix these bugs via OTA, the solution is
add these updates in app startup.

These updates include:
1. SPI flash gpio matrix and drive strength configuration
2. SPI flash clock configuration
3. SPI flash read dummy configuration
4. SPI flash cs timing configuration
5. Update flash id of g_rom_flashchip
2019-07-18 14:40:59 +08:00
Angus Gratton
409181361f Merge branch 'bugfix/fix_flash_read_error_in_dio_26MHz_mode' into 'master'
bugfix(flash): fix flash read error in DIO/26MHz mode

See merge request espressif/esp-idf!5381
2019-07-10 08:13:35 +08:00
chenjianqiang
266baa8839 bugfix(flash): fix flash read error in DIO/26MHz mode 2019-07-08 01:50:07 +00:00
chenjianqiang
d6c40c7c1d bugfix(flash): improve spi cs timing settings for flash
cs setup time is recomemded to be 1.5T, and cs hold time is recommended to be 2.5T.
(cs_setup = 1, cs_setup_time = 0; cs_hold = 1, cs_hold_time = 1)
2019-07-05 21:21:17 +08:00
Vikram Dattu
4b42f535ed Add mmu pages available check in non-secure image hash check path.
Made MMU pages available check in `esp_image_format.c`
This now makes it possible to map and process bootoader image as well in chunks when image doesn't fit completely into available free pages.

Signed-off-by: Vikram Dattu <vikram.dattu@espressif.com>
2019-07-01 20:04:15 +00:00
Vikram Dattu
eb99b27f2e Bugfix: ota fails with secure boot on for image size greater than 3.2MB
When an OTA image size is larger than 50 MMU pages (approx. 3.2 MB), secure_boot_generate fails while trying to map it into memory:
https://gitlab.espressif.cn:6688/idf/esp-idf/blob/master/components/bootloader_support/src/esp32/secure_boot.c#L72
Instead of trying to map the whole image, secure boot code should split the image into chunks and map them one by one, like it is done in esp_image_format.c:
https://gitlab.espressif.cn:6688/idf/esp-idf/blob/master/components/bootloader_support/src/esp_image_format.c#L372

Closes https://jira.espressif.com:8443/browse/IDF-709

Signed-off-by: Vikram Dattu <vikram.dattu@espressif.com>
2019-07-01 20:04:15 +00:00
Renz Christian Bagaporo
9edc867c62 bootloader: fix secure boot issues
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
2019-06-28 10:54:21 +08:00
Renz Christian Bagaporo
2adf313838 bootloader_support: move embedding key after component registration
Bootloader build requires verification key to be embedded in the binary.
Under specific configs, this key is generated during build time from the
signing key. Move the key generation to after the component
registration, since non scriptable commands are used in the process
(during early expansion)
2019-06-28 10:50:52 +08:00
Angus Gratton
c8570ffa6d bootloader_support: Add C++ header guards
As reported on forum https://esp32.com/viewtopic.php?f=13&t=11173&p=45470
2019-06-26 11:26:56 +10:00
Hemal Gujarathi
a68c7c21e1 Improve flash encryption documentation and add Development & Release modes
This MR improves existing flash encryption document to provide simplified steps
Adds two new modes for user: Development & Release
Adds a simple example
Supports encrypted write through make command
2019-06-25 23:41:18 +00:00
Angus Gratton
9a412d3a08 Merge branch 'feature/use_new_component_registration_apis' into 'master'
Use new component registration API

See merge request idf/esp-idf!4898
2019-06-25 10:24:11 +08:00
Angus Gratton
5cb71b5213 Merge branch 'feature/add_doc_about_app_desc_t' into 'master'
docs: Add description about the app image

Closes IDF-597

See merge request idf/esp-idf!4912
2019-06-24 18:40:02 +08:00
Renz Christian Bagaporo
9b350f9ecc cmake: some formatting fixes
Do not include bootloader in flash target when secure boot is enabled.
Emit signing warning on all cases where signed apps are enabled (secure
boot and signed images)
Follow convention of capital letters for SECURE_BOOT_SIGNING_KEY
variable, since it is
relevant to other components, not just bootloader.
Pass signing key and verification key via config, not requiring
bootloader to know parent app dir.
Misc. variables name corrections
2019-06-21 19:53:29 +08:00
Renz Christian Bagaporo
9eccd7c082 components: use new component registration api 2019-06-21 19:53:29 +08:00
Konstantin Kondrashov
0ed590640e bootloader: Move some structs to separated file
Moved structures which describe the app image to separated file.

Closes: IDF-597
2019-06-21 18:43:27 +08:00
Michael (XIAO Xufeng)
1036a091fe spi_flash: support working on differnt buses and frequency 2019-06-18 06:32:52 +00:00
Wang Jia Lin
e2d1c6234f Merge branch 'bugfix/improve_flash_dio_read_timing' into 'master'
bugfix(flash): fix flash dio read mode configuration error on SPI0

See merge request idf/esp-idf!5086
2019-06-14 12:10:46 +08:00
Ivan Grokhotkov
08557be5df Merge branch 'fix/bootloader_region_overlap_update' into 'master'
bootloader: remove duplicate region overlap logic

See merge request idf/esp-idf!5128
2019-06-13 16:07:05 +08:00
Renz Christian Bagaporo
54ef60f26b component: revert some of the dependency corrections
!4452 and !4897 made some ill-advised corrections to dependency info;
revert those in this MR. Handling pre-built binaries as imported
libraries is retained, however.
2019-06-11 18:09:26 +08:00
Angus Gratton
c9bf3a3b17 Merge branch 'bugfix/remove_secure_boot_test_mode' into 'master'
remove secure boot test mode

See merge request idf/esp-idf!5059
2019-06-11 07:25:07 +08:00
Michael (XIAO Xufeng)
c8d967417c bootloader: remove duplicate region overlap logic
(MINOR CHANGE)
2019-06-05 14:43:23 +08:00
Konstantin Kondrashov
399d2d2605 all: Using xxx_periph.h
Using xxx_periph.h in whole IDF instead of xxx_reg.h, xxx_struct.h, xxx_channel.h ... .

Cleaned up header files from unnecessary headers (releated to soc/... headers).
2019-06-03 14:15:08 +08:00
Angus Gratton
30d9ee56fb Merge branch 'feature/config_spi_pins_based_on_efuse_value' into 'master'
feat(psram): config SPI psram pins based on efuse value

See merge request idf/esp-idf!4950
2019-05-31 16:15:56 +08:00
Angus Gratton
31b854e17d Merge branch 'feature/do_not_use_link_groups' into 'master'
Do not use link groups

See merge request idf/esp-idf!4897
2019-05-29 15:18:31 +08:00
Angus Gratton
73b90387cb Merge branch 'bugfix/reset_log_uart_port' into 'master'
esp32: Add reset CONSOLE_UART port

See merge request idf/esp-idf!5011
2019-05-29 14:28:37 +08:00
chenjianqiang
db138ae19b feat(psram): config SPI psram pins based on efuse value 2019-05-28 21:25:16 +08:00
chenjianqiang
d68f1907ef bugfix(flash): improve flash dio read timing
When flash work in DIO Mode, in order to ensure the fast read mode of flash
is a fixed value, we merged the mode bits into address part, and the fast
read mode value is 0 (the default value).
2019-05-28 14:51:04 +08:00
Renz Christian Bagaporo
2c12080049 components: correct dependency information for linking without link groups 2019-05-28 10:51:02 +08:00
hemal.gujarathi
865b24144e remove secure boot test mode 2019-05-23 14:13:08 +05:30
Roland Dobai
1ad2283641 Rename Kconfig options (components/bootloader) 2019-05-21 09:32:55 +02:00
Roland Dobai
997b29a9ca Rename Kconfig options (components/esptool_py) 2019-05-21 09:32:55 +02:00
Roland Dobai
0ae53691ba Rename Kconfig options (components/esp32) 2019-05-21 09:09:01 +02:00
Konstantin Kondrashov
be6f5563b4 esp32: Add reset uart
Fixed the case when the first part of log was missed
this was happened when:
 * CONFIG_CONSOLE_UART_CUSTOM option is selected (UART1)
 * The selected CONSOLE_UART port is used also for the console component
 * in code esp_restart() or abort() functions were called.
2019-05-21 06:18:28 +00:00
Angus Gratton
8c6ff874af Merge branch 'bugfix/custom_log_uart_rx_pin' into 'master'
bootloader_support: Fix UART RXD pin for console output (CUSTOM option)

Closes IDFGH-505

See merge request idf/esp-idf!5009
2019-05-20 13:58:37 +08:00
Konstantin Kondrashov
98c77cebb2 bootloader_support: Fix UART RXD pin for console output (CUSTOM option)
The RXD pin is assigned as input (fix for custom uart option).

Closes: https://github.com/espressif/esp-idf/issues/2843

Closes: IDFGH-505
2019-05-16 11:18:56 +00:00
Renz Christian Bagaporo
477fa49fc0 examples: update idf_as_lib example to use new api 2019-05-14 18:01:14 +08:00
Renz Christian Bagaporo
ffec9d4947 components: update with build system changes 2019-05-13 19:59:17 +08:00
Angus Gratton
fe2565f5d7 Merge branch 'feature/make_bootloader_support_target_dependent' into 'master'
make bootloader_support depend on IDF_TARGET

See merge request idf/esp-idf!4798
2019-04-26 15:36:48 +08:00
suda-morris
3f2d6a0891 make bootloader_support depend on IDF_TARGET
1. move chip-specific code(e.g. encryption) into IDF_TARGET directory
2. splict app-only code to idf directory which won't be compiled into bootloader
2019-04-16 17:37:56 +08:00
Michael (XIAO Xufeng)
562af8f65e global: move the soc component out of the common list
This MR removes the common dependency from every IDF components to the SOC component.

Currently, in the ``idf_functions.cmake`` script, we include the header path of SOC component by default for all components.
But for better code organization (or maybe also benifits to the compiling speed), we may remove the dependency to SOC components for most components except the driver and kernel related components.

In CMAKE, we have two kinds of header visibilities (set by include path visibility):

(Assume component A --(depends on)--> B, B is the current component)

1. public (``COMPONENT_ADD_INCLUDEDIRS``): means this path is visible to other depending components (A) (visible to A and B)
2. private (``COMPONENT_PRIV_INCLUDEDIRS``): means this path is only visible to source files inside the component (visible to B only)

and we have two kinds of depending ways:

(Assume component A --(depends on)--> B --(depends on)--> C, B is the current component)

1. public (```COMPONENT_REQUIRES```): means B can access to public include path of C. All other components rely on you (A) will also be available for the public headers. (visible to A, B)
2. private (``COMPONENT_PRIV_REQUIRES``): means B can access to public include path of C, but don't propagate this relation to other components (A). (visible to B)

1. remove the common requirement in ``idf_functions.cmake``, this makes the SOC components invisible to all other components by default.
2. if a component (for example, DRIVER) really needs the dependency to SOC, add a private dependency to SOC for it.
3. some other components that don't really depends on the SOC may still meet some errors saying "can't find header soc/...", this is because it's depended component (DRIVER) incorrectly include the header of SOC in its public headers. Moving all this kind of #include into source files, or private headers
4. Fix the include requirements for some file which miss sufficient #include directives. (Previously they include some headers by the long long long header include link)

This is a breaking change. Previous code may depends on the long include chain.
You may need to include the following headers for some files after this commit:

- soc/soc.h
- soc/soc_memory_layout.h
- driver/gpio.h
- esp_sleep.h

The major broken include chain includes:

1. esp_system.h no longer includes esp_sleep.h. The latter includes driver/gpio.h and driver/touch_pad.h.
2. ets_sys.h no longer includes soc/soc.h
3. freertos/portmacro.h no longer includes soc/soc_memory_layout.h

some peripheral headers no longer includes their hw related headers, e.g. rom/gpio.h no longer includes soc/gpio_pins.h and soc/gpio_reg.h

BREAKING CHANGE
2019-04-16 13:21:15 +08:00
Anurag Kar
62b0d51c02 Enable secure boot only after encrypting flash
This prevents a device from being bricked in case when both secure boot & flash encryption are enabled and encryption gets interrupted during first boot. After interruption, all partitions on the device need to be reflashed (including the bootloader).

List of changes:
* Secure boot key generation and bootloader digest generation logic, implemented inside function esp_secure_boot_permanently_enable(), has been pulled out into new API esp_secure_boot_generate_digest(). The enabling of R/W protection of secure boot key on EFUSE still happens inside esp_secure_boot_permanently_enable()
* Now esp_secure_boot_permanently_enable() is called only after flash encryption process completes
* esp_secure_boot_generate_digest() is called before flash encryption process starts
2019-04-10 18:17:58 +05:30
Angus Gratton
8e91677701 Merge branch 'bugfix/bootloader_flash_crypt_cnt_ff' into 'master'
flash encryption: reduce FLASH_CRYPT_CNT bit width to 7 bits

See merge request idf/esp-idf!4642
2019-04-09 08:10:06 +08:00
Angus Gratton
4b4cd7fb51 efuse/flash encryption: Reduce FLASH_CRYPT_CNT to a 7 bit efuse field
8th bit is not used by hardware.

As reported https://esp32.com/viewtopic.php?f=2&t=7800&p=40895#p40894
2019-04-03 14:07:20 +11:00
Mahavir Jain
fcff80ecf8 fix cmake build for bootloader 2019-04-01 15:47:01 +05:30