jepler/tinyuf2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge pull request #114 from adafruit/update-esp-idf-to-v4.3

Browse source 
Update esp idf to v4.3
This commit is contained in:
Ha Thach 2021-04-29 18:35:39 +07:00 committed by GitHub
commit a1a42ee196
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 403 additions and 1250 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

31
.github/workflows/build.yml vendored
View file

@ -41,38 +41,17 @@ jobs:
- name: Setup Python
uses: actions/setup-python@v2
- name: Pull ESP-IDF docker
run: docker pull espressif/idf:release-v4.3
- name: Checkout
uses: actions/checkout@v2
- name: Checkout submodules
run: git submodule update --init lib/esp-idf lib/tinyusb lib/uf2
# TODO use docker release version
- uses: actions/cache@v2
name: Fetch IDF tool cache
id: idf-cache
with:
path: ${{ github.workspace }}/.idf_tools
key: ${{ runner.os }}-idf-tools-${{ hashFiles('.git/modules/lib/esp-idf/HEAD') }}-20210412
- name: Install IDF tools
if: steps.idf-cache.outputs.cache-hit != 'true'
run: |
$IDF_PATH/tools/idf_tools.py --non-interactive install required
$IDF_PATH/tools/idf_tools.py --non-interactive install cmake
$IDF_PATH/tools/idf_tools.py --non-interactive install-python-env
rm -rf $IDF_TOOLS_PATH/dist
env:
IDF_PATH: ${{ github.workspace }}/lib/esp-idf
IDF_TOOLS_PATH: ${{ github.workspace }}/.idf_tools
run: git submodule update --init lib/tinyusb lib/uf2
- name: Build
run: |
source $IDF_PATH/export.sh
make -C ports/esp32s2/ BOARD=${{ matrix.board }} all self-update copy-artifact
env:
IDF_PATH: ${{ github.workspace }}/lib/esp-idf
IDF_TOOLS_PATH: ${{ github.workspace }}/.idf_tools
run: docker run --rm -v $PWD:/project -w /project espressif/idf:release-v4.3 make -C ports/esp32s2/ BOARD=${{ matrix.board }} all self-update copy-artifact
- uses: actions/upload-artifact@v2
with:

2
lib/esp-idf

@ -1 +1 @@
Subproject commit 8bc19ba893e5544d571a753d82b44a84799b94b1
Subproject commit e9cf9e2978d0187b0f83a9978391217e39946517

2
ports/esp32s2/README.md
View file

@ -18,7 +18,7 @@ Following boards are supported:
### Build
You will need to first run `lib/esp-idf/export.sh (or bat)` to set up environment, then
You will need to download and [set up ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/esp32s2/get-started/). The IDF version is developed and tested by TinyUF2 is at `lib/esp-idf`
```
make BOARD=adafruit_feather_esp32s2 all

10
ports/esp32s2/components/bootloader/CMakeLists.txt
View file

@ -13,9 +13,13 @@ if(NOT CONFIG_SECURE_BOOT)
endif()
esptool_py_custom_target(bootloader-flash bootloader "bootloader")
esptool_py_flash_target_image(bootloader-flash bootloader ${CONFIG_BOOTLOADER_OFFSET_IN_FLASH} "${BOOTLOADER_BUILD_DIR}/bootloader.bin")
esptool_py_flash_target_image(bootloader-flash bootloader
${CONFIG_BOOTLOADER_OFFSET_IN_FLASH}
"${BOOTLOADER_BUILD_DIR}/bootloader.bin")
# Also attach an image to the project flash target
if(NOT CONFIG_SECURE_BOOT)
esptool_py_flash_target_image(flash bootloader ${CONFIG_BOOTLOADER_OFFSET_IN_FLASH} "${BOOTLOADER_BUILD_DIR}/bootloader.bin")
endif()
esptool_py_flash_target_image(flash bootloader
${CONFIG_BOOTLOADER_OFFSET_IN_FLASH}
"${BOOTLOADER_BUILD_DIR}/bootloader.bin")
endif()

165
ports/esp32s2/components/bootloader/Kconfig.projbuild
View file

@ -123,7 +123,8 @@ menu "Bootloader config"
config BOOTLOADER_NUM_PIN_FACTORY_RESET
int "Number of the GPIO input for factory reset"
depends on BOOTLOADER_FACTORY_RESET
range 0 39
range 0 39 if IDF_TARGET_ESP32
range 0 44 if IDF_TARGET_ESP32S2
default 4
help
The selected GPIO will be configured as an input with internal pull-up enabled.
@ -152,6 +153,7 @@ menu "Bootloader config"
config BOOTLOADER_APP_TEST
bool "GPIO triggers boot from test app partition"
default N
depends on !BOOTLOADER_APP_ANTI_ROLLBACK
help
Allows to run the test app from "TEST" partition.
A boot from "test" partition will occur if there is a GPIO input pulled low while device starts up.
@ -254,8 +256,8 @@ menu "Bootloader config"
depends on BOOTLOADER_APP_ANTI_ROLLBACK
range 1 32 if IDF_TARGET_ESP32
default 32 if IDF_TARGET_ESP32
range 1 16 if IDF_TARGET_ESP32S2
default 16 if IDF_TARGET_ESP32S2
range 1 16
default 16
help
The size of the efuse secure version field.
Its length is limited to 32 bits for ESP32 and 16 bits for ESP32-S2.
@ -272,6 +274,10 @@ menu "Bootloader config"
config BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP
bool "Skip image validation when exiting deep sleep"
# note: dependencies for this config item are different to other "skip image validation"
# options, allowing to turn on "allow insecure options" and have secure boot with
# "skip validation when existing deep sleep". Keeping this to avoid a breaking change,
# but - as noted in help - it invalidates the integrity of Secure Boot checks
depends on (SECURE_BOOT && SECURE_BOOT_INSECURE) || !SECURE_BOOT
default n
help
@ -284,6 +290,48 @@ menu "Bootloader config"
partition as this would skip the validation upon first load of the new
OTA partition.
It is possible to enable this option with Secure Boot if "allow insecure
options" is enabled, however it's strongly recommended to NOT enable it as
it may allow a Secure Boot bypass.
config BOOTLOADER_SKIP_VALIDATE_ON_POWER_ON
bool "Skip image validation from power on reset (READ HELP FIRST)"
# only available if both Secure Boot and Check Signature on Boot are disabled
depends on !SECURE_SIGNED_ON_BOOT
default n
help
Some applications need to boot very quickly from power on. By default, the entire app binary
is read from flash and verified which takes up a significant portion of the boot time.
Enabling this option will skip validation of the app when the SoC boots from power on.
Note that in this case it's not possible for the bootloader to detect if an app image is
corrupted in the flash, therefore it's not possible to safely fall back to a different app
partition. Flash corruption of this kind is unlikely but can happen if there is a serious
firmware bug or physical damage.
Following other reset types, the bootloader will still validate the app image. This increases
the chances that flash corruption resulting in a crash can be detected following soft reset, and
the bootloader will fall back to a valid app image. To increase the chances of successfully recovering
from a flash corruption event, keep the option BOOTLOADER_WDT_ENABLE enabled and consider also enabling
BOOTLOADER_WDT_DISABLE_IN_USER_CODE - then manually disable the RTC Watchdog once the app is running.
In addition, enable both the Task and Interrupt watchdog timers with reset options set.
config BOOTLOADER_SKIP_VALIDATE_ALWAYS
bool "Skip image validation always (READ HELP FIRST)"
# only available if both Secure Boot and Check Signature on Boot are disabled
depends on !SECURE_SIGNED_ON_BOOT
default n
select BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP
select BOOTLOADER_SKIP_VALIDATE_ON_POWER_ON
help
Selecting this option prevents the bootloader from ever validating the app image before
booting it. Any flash corruption of the selected app partition will make the entire SoC
unbootable.
Although flash corruption is a very rare case, it is not recommended to select this option.
Consider selecting "Skip image validation from power on reset" instead. However, if boot time
is the only important factor then it can be enabled.
config BOOTLOADER_RESERVE_RTC_SIZE
hex
default 0x10 if BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP || BOOTLOADER_CUSTOM_RESERVE_RTC
@ -343,10 +391,15 @@ menu "Security features"
select MBEDTLS_ECDSA_C
depends on SECURE_SIGNED_ON_BOOT || SECURE_SIGNED_ON_UPDATE
config SECURE_BOOT_SUPPORTS_RSA
bool
default y
depends on ESP32_REV_MIN_3 || IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32C3
config SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
bool
default y
depends on IDF_TARGET_ESP32S2
depends on IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32C3
config SECURE_SIGNED_APPS_NO_SECURE_BOOT
@ -371,7 +424,7 @@ menu "Security features"
1. ECDSA based secure boot scheme. (Only choice for Secure Boot V1)
Supported in ESP32 and ESP32-ECO3.
2. The RSA based secure boot scheme. (Only choice for Secure Boot V2)
Supported in ESP32-ECO3. (ESP32 Chip Revision 3 onwards)
Supported in ESP32-ECO3 (ESP32 Chip Revision 3 onwards), ESP32-S2, ESP32-C3, ESP32-S3.
config SECURE_SIGNED_APPS_ECDSA_SCHEME
bool "ECDSA"
@ -383,7 +436,7 @@ menu "Security features"
config SECURE_SIGNED_APPS_RSA_SCHEME
bool "RSA"
depends on (ESP32_REV_MIN_3 || IDF_TARGET_ESP32S2) && SECURE_BOOT_V2_ENABLED
depends on SECURE_BOOT_SUPPORTS_RSA && (SECURE_SIGNED_APPS_NO_SECURE_BOOT || SECURE_BOOT_V2_ENABLED)
help
Appends the RSA-3072 based Signature block to the application.
Refer to <Secure Boot Version 2 documentation link> before enabling.
@ -392,7 +445,7 @@ menu "Security features"
config SECURE_SIGNED_ON_BOOT_NO_SECURE_BOOT
bool "Bootloader verifies app signatures"
default n
depends on SECURE_SIGNED_APPS_NO_SECURE_BOOT
depends on SECURE_SIGNED_APPS_NO_SECURE_BOOT && SECURE_SIGNED_APPS_ECDSA_SCHEME
help
If this option is set, the bootloader will be compiled with code to verify that an app is signed before
booting it.
@ -418,6 +471,7 @@ menu "Security features"
config SECURE_BOOT
bool "Enable hardware Secure Boot in bootloader (READ DOCS FIRST)"
default n
depends on IDF_TARGET_ESP32 || IDF_TARGET_ESP32S2 || ESP32C3_REV_MIN_3
help
Build a bootloader which enables Secure Boot on first boot.
@ -434,7 +488,7 @@ menu "Security features"
help
Select the Secure Boot Version. Depends on the Chip Revision.
Secure Boot V2 is the new RSA based secure boot scheme.
Supported in ESP32-ECO3. (ESP32 Chip Revision 3 onwards)
Supported in ESP32-ECO3 (ESP32 Chip Revision 3 onwards), ESP32-S2, ESP32-C3 ECO3.
Secure Boot V1 is the AES based secure boot scheme.
Supported in ESP32 and ESP32-ECO3.
@ -447,9 +501,7 @@ menu "Security features"
config SECURE_BOOT_V2_ENABLED
bool "Enable Secure Boot version 2"
depends on ESP32_REV_MIN_3 || IDF_TARGET_ESP32S2
select SECURE_ENABLE_SECURE_ROM_DL_MODE if IDF_TARGET_ESP32S2 && !SECURE_INSECURE_ALLOW_DL_MODE
select SECURE_DISABLE_ROM_DL_MODE if ESP32_REV_MIN_3 && !SECURE_INSECURE_ALLOW_DL_MODE
depends on SECURE_BOOT_SUPPORTS_RSA
help
Build a bootloader which enables Secure Boot version 2 on first boot.
Refer to Secure Boot V2 section of the ESP-IDF Programmer's Guide for this version before enabling.
@ -569,6 +621,7 @@ menu "Security features"
config SECURE_FLASH_ENC_ENABLED
bool "Enable flash encryption on boot (READ DOCS FIRST)"
default N
select SPI_FLASH_ENABLE_ENCRYPTED_READ_WRITE
help
If this option is set, flash contents will be encrypted by the bootloader on first boot.
@ -617,8 +670,6 @@ menu "Security features"
config SECURE_FLASH_ENCRYPTION_MODE_RELEASE
bool "Release"
select SECURE_ENABLE_SECURE_ROM_DL_MODE if SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
endchoice
menu "Potentially insecure options"
@ -683,19 +734,6 @@ menu "Security features"
key digest, causing an immediate denial of service and possibly allowing an additional fault
injection attack to bypass the signature protection.
config SECURE_INSECURE_ALLOW_DL_MODE
bool "Don't automatically restrict UART download mode"
depends on SECURE_BOOT_INSECURE && SECURE_BOOT_V2_ENABLED
default N
help
By default, enabling either flash encryption in release mode or secure boot will automatically
disable UART download mode on ESP32 ECO3, or enable secure download mode on newer chips.
This is recommended to reduce the attack surface of the chip.
To allow the full UART download mode to stay enabled, enable this option and ensure
the options SECURE_DISABLE_ROM_DL_MODE and SECURE_ENABLE_SECURE_ROM_DL_MODE are disabled as applicable.
This is not recommended.
config SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
bool "Leave UART bootloader encryption enabled"
depends on SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
@ -743,47 +781,58 @@ menu "Security features"
endmenu # Potentially Insecure
config SECURE_DISABLE_ROM_DL_MODE
bool "Permanently disable ROM Download Mode"
choice SECURE_UART_ROM_DL_MODE
bool "UART ROM download mode"
default SECURE_ENABLE_SECURE_ROM_DL_MODE if SECURE_TARGET_HAS_SECURE_ROM_DL_MODE && !SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT # NOERROR
default SECURE_INSECURE_ALLOW_DL_MODE
depends on SECURE_BOOT_V2_ENABLED || SECURE_FLASH_ENC_ENABLED
depends on !IDF_TARGET_ESP32 || ESP32_REV_MIN_3
default n
help
If set, during startup the app will burn an eFuse bit to permanently disable the UART ROM
Download Mode. This prevents any future use of esptool.py, espefuse.py and similar tools.
Once disabled, if the SoC is booted with strapping pins set for ROM Download Mode
then an error is printed instead.
config SECURE_DISABLE_ROM_DL_MODE
bool "UART ROM download mode (Permanently disabled (recommended))"
help
If set, during startup the app will burn an eFuse bit to permanently disable the UART ROM
Download Mode. This prevents any future use of esptool.py, espefuse.py and similar tools.
It is recommended to enable this option in any production application where Flash
Encryption and/or Secure Boot is enabled and access to Download Mode is not required.
Once disabled, if the SoC is booted with strapping pins set for ROM Download Mode
then an error is printed instead.
It is also possible to permanently disable Download Mode by calling
esp_efuse_disable_rom_download_mode() at runtime.
It is recommended to enable this option in any production application where Flash
Encryption and/or Secure Boot is enabled and access to Download Mode is not required.
config SECURE_ENABLE_SECURE_ROM_DL_MODE
bool "Permanently switch to ROM UART Secure Download mode"
depends on SECURE_TARGET_HAS_SECURE_ROM_DL_MODE && !SECURE_DISABLE_ROM_DL_MODE
help
If set, during startup the app will burn an eFuse bit to permanently switch the UART ROM
Download Mode into a separate Secure Download mode. This option can only work if
Download Mode is not already disabled by eFuse.
It is also possible to permanently disable Download Mode by calling
esp_efuse_disable_rom_download_mode() at runtime.
Secure Download mode limits the use of Download Mode functions to simple flash read,
write and erase operations, plus a command to return a summary of currently enabled
security features.
config SECURE_ENABLE_SECURE_ROM_DL_MODE
bool "UART ROM download mode (Permanently switch to Secure mode (recommended))"
depends on SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
select ESPTOOLPY_NO_STUB
help
If set, during startup the app will burn an eFuse bit to permanently switch the UART ROM
Download Mode into a separate Secure Download mode. This option can only work if
Download Mode is not already disabled by eFuse.
Secure Download mode is not compatible with the esptool.py flasher stub feature,
espefuse.py, read/writing memory or registers, encrypted download, or any other
features that interact with unsupported Download Mode commands.
Secure Download mode limits the use of Download Mode functions to simple flash read,
write and erase operations, plus a command to return a summary of currently enabled
security features.
Secure Download mode should be enabled in any application where Flash Encryption
and/or Secure Boot is enabled. Disabling this option does not immediately cancel
the benefits of the security features, but it increases the potential "attack
surface" for an attacker to try and bypass them with a successful physical attack.
Secure Download mode is not compatible with the esptool.py flasher stub feature,
espefuse.py, read/writing memory or registers, encrypted download, or any other
features that interact with unsupported Download Mode commands.
It is also possible to enable secure download mode at runtime by calling
esp_efuse_enable_rom_secure_download_mode()
Secure Download mode should be enabled in any application where Flash Encryption
and/or Secure Boot is enabled. Disabling this option does not immediately cancel
the benefits of the security features, but it increases the potential "attack
surface" for an attacker to try and bypass them with a successful physical attack.
It is also possible to enable secure download mode at runtime by calling
esp_efuse_enable_rom_secure_download_mode()
config SECURE_INSECURE_ALLOW_DL_MODE
bool "UART ROM download mode (Enabled (not recommended))"
help
This is a potentially insecure option.
Enabling this option will allow the full UART download mode to stay enabled.
This option SHOULD NOT BE ENABLED for production use cases.
endchoice
endmenu # Security features

5
ports/esp32s2/components/bootloader/Makefile.projbuild
View file

@ -55,6 +55,7 @@ bootloader: $(BOOTLOADER_BIN) | check_python_dependencies
@echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $^"
ESPTOOL_ALL_FLASH_ARGS += $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)
UF2_ADD_BINARIES += $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)
bootloader-flash: $(BOOTLOADER_BIN) $(call prereq_if_explicit,erase_flash) | check_python_dependencies
$(ESPTOOLPY_WRITE_FLASH) 0x1000 $^
@ -102,7 +103,7 @@ endif
bootloader: $(BOOTLOADER_DIGEST_BIN)
@echo $(SEPARATOR)
@echo "Bootloader built and secure digest generated. First time flash command is:"
@echo "$(ESPEFUSEPY) burn_key secure_boot $(SECURE_BOOTLOADER_KEY)"
@echo "$(ESPEFUSEPY) burn_key secure_boot_v1 $(SECURE_BOOTLOADER_KEY)"
@echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)"
@echo $(SEPARATOR)
@echo "To reflash the bootloader after initial flash:"
@ -157,4 +158,4 @@ ifdef CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME
ifdef CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
rm -f $(BOOTLOADER_SIGNED_BIN)
endif
endif
endif

1
ports/esp32s2/components/bootloader/component.mk
View file

@ -4,4 +4,3 @@
#
# See Makefile.projbuild for the targets which actually build the bootloader.
COMPONENT_CONFIG_ONLY := 1

37
ports/esp32s2/components/bootloader/subproject/CMakeLists.txt
View file

@ -15,12 +15,26 @@ if(NOT IDF_TARGET)
"in by the parent build process.")
endif()
set(COMPONENTS bootloader esptool_py partition_table soc bootloader_support log spi_flash micro-ecc main efuse)
set(COMPONENTS
bootloader
esptool_py
esp_hw_support
hal
partition_table
soc
bootloader_support
log
spi_flash
micro-ecc
main
efuse
esp_system
newlib)
set(BOOTLOADER_BUILD 1)
include("${IDF_PATH}/tools/cmake/project.cmake")
set(common_req log esp_rom esp_common xtensa)
set(common_req log esp_rom esp_common esp_hw_support hal newlib)
if(LEGACY_INCLUDE_COMMON_HEADERS)
list(APPEND common_req soc)
list(APPEND common_req soc hal)
endif()
idf_build_set_property(__COMPONENT_REQUIRES_COMMON "${common_req}")
idf_build_set_property(__OUTPUT_SDKCONFIG 0)
@ -87,7 +101,7 @@ if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
DEPENDS gen_secure_bootloader_key gen_project_binary
VERBATIM)
add_custom_target (gen_bootloader_digest_bin ALL DEPENDS "${bootloader_digest_bin}")
add_custom_target(gen_bootloader_digest_bin ALL DEPENDS "${bootloader_digest_bin}")
endif()
if(CONFIG_SECURE_BOOT_V2_ENABLED)
@ -105,12 +119,14 @@ if(CONFIG_SECURE_BOOT_V2_ENABLED)
set(bootloader_unsigned_bin "bootloader-unsigned.bin")
add_custom_command(OUTPUT ".signed_bin_timestamp"
COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
COMMAND ${CMAKE_COMMAND} -E copy "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
"${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
COMMAND ${ESPSECUREPY} sign_data --version 2 --keyfile "${secure_boot_signing_key}"
-o "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" "${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
COMMAND ${CMAKE_COMMAND} -E echo "Generated signed binary image ${build_dir}/${PROJECT_BIN}"
"from ${CMAKE_BINARY_DIR}/${bootloader_unsigned_bin}"
COMMAND ${CMAKE_COMMAND} -E md5sum "${CMAKE_BINARY_DIR}/${PROJECT_BIN}" > "${CMAKE_BINARY_DIR}/.signed_bin_timestamp"
COMMAND ${CMAKE_COMMAND} -E md5sum "${CMAKE_BINARY_DIR}/${PROJECT_BIN}"
> "${CMAKE_BINARY_DIR}/.signed_bin_timestamp"
DEPENDS "${build_dir}/.bin_timestamp"
VERBATIM
COMMENT "Generated the signed Bootloader")
@ -120,7 +136,7 @@ if(CONFIG_SECURE_BOOT_V2_ENABLED)
COMMENT "Bootloader generated but not signed")
endif()
add_custom_target (gen_signed_bootloader ALL DEPENDS "${build_dir}/.signed_bin_timestamp")
add_custom_target(gen_signed_bootloader ALL DEPENDS "${build_dir}/.signed_bin_timestamp")
endif()
if(CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH)
@ -147,7 +163,7 @@ elseif(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
COMMAND ${CMAKE_COMMAND} -E echo
"Burn secure boot key to efuse using:"
COMMAND ${CMAKE_COMMAND} -E echo
"\t${espefusepy} burn_key secure_boot ${secure_bootloader_key}"
"\t${espefusepy} burn_key secure_boot_v1 ${secure_bootloader_key}"
COMMAND ${CMAKE_COMMAND} -E echo
"First time flash command is:"
COMMAND ${CMAKE_COMMAND} -E echo
@ -166,7 +182,7 @@ elseif(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
"* Not recommended to re-use the same secure boot keyfile on multiple production devices."
DEPENDS gen_secure_bootloader_key gen_bootloader_digest_bin
VERBATIM)
elseif(CONFIG_SECURE_BOOT_V2_ENABLED AND CONFIG_IDF_TARGET_ESP32S2)
elseif(CONFIG_SECURE_BOOT_V2_ENABLED AND (CONFIG_IDF_TARGET_ESP32S2 OR CONFIG_IDF_TARGET_ESP32C3))
add_custom_command(TARGET bootloader.elf POST_BUILD
COMMAND ${CMAKE_COMMAND} -E echo
"=============================================================================="
@ -175,7 +191,8 @@ elseif(CONFIG_SECURE_BOOT_V2_ENABLED AND CONFIG_IDF_TARGET_ESP32S2)
COMMAND ${CMAKE_COMMAND} -E echo
"To sign the bootloader with additional private keys."
COMMAND ${CMAKE_COMMAND} -E echo
"\t${espsecurepy} sign_data -k secure_boot_signing_key2.pem -v 2 --append_signatures -o signed_bootloader.bin build/bootloader/bootloader.bin"
"\t${espsecurepy} sign_data -k secure_boot_signing_key2.pem -v 2 \
--append_signatures -o signed_bootloader.bin build/bootloader/bootloader.bin"
COMMAND ${CMAKE_COMMAND} -E echo
"Secure boot enabled, so bootloader not flashed automatically."
COMMAND ${CMAKE_COMMAND} -E echo

2
ports/esp32s2/components/bootloader/subproject/Makefile
View file

@ -8,7 +8,7 @@ endif
PROJECT_NAME := bootloader
COMPONENTS := esptool_py bootloader_support log spi_flash micro-ecc soc main efuse esp_rom
COMPONENTS := esp_hw_support esptool_py bootloader_support log spi_flash micro-ecc soc main efuse esp_rom hal
# Clear C and CXX from top level project
CFLAGS =

4
ports/esp32s2/components/bootloader/subproject/components/micro-ecc/uECC_verify_antifault.c
View file

@ -34,7 +34,7 @@ int uECC_verify_antifault(const uint8_t *public_key,
uECC_word_t *_public = (uECC_word_t *)public_key;
#else
uECC_word_t _public[uECC_MAX_WORDS * 2];
#endif
#endif
uECC_word_t r[uECC_MAX_WORDS], s[uECC_MAX_WORDS];
wordcount_t num_words = curve->num_words;
wordcount_t num_n_words = BITS_TO_WORDS(curve->num_n_bits);
@ -127,7 +127,7 @@ int uECC_verify_antifault(const uint8_t *public_key,
const uECC_word_t *mhash_words = (const uECC_word_t *)message_hash;
uECC_word_t *vhash_words = (uECC_word_t *)verified_hash;
unsigned hash_words = hash_size / sizeof(uECC_word_t);
for (int w = 0; w < hash_words; w++) {
for (unsigned int w = 0; w < hash_words; w++) {
/* note: using curve->num_words here to encourage compiler to re-read this variable */
vhash_words[w] = mhash_words[w] ^ rx[w % curve->num_words] ^ r[w % curve->num_words];
}

8
ports/esp32s2/components/bootloader/subproject/main/CMakeLists.txt
View file

@ -3,8 +3,10 @@ idf_component_register(SRCS "bootloader_start.c"
REQUIRES bootloader bootloader_support)
idf_build_get_property(target IDF_TARGET)
set(scripts "ld/${target}/bootloader.ld"
"ld/${target}/bootloader.rom.ld")
set(scripts "ld/${target}/bootloader.ld")
if(NOT CONFIG_IDF_TARGET_ESP32C3)
list(APPEND scripts "ld/${target}/bootloader.rom.ld")
endif()
target_linker_script(${COMPONENT_LIB} INTERFACE "${scripts}")

2
ports/esp32s2/components/bootloader/subproject/main/component.mk
View file

@ -18,7 +18,7 @@ ifdef CONFIG_IDF_TARGET_ESP32
ifndef CONFIG_SPI_FLASH_ROM_DRIVER_PATCH
LINKER_SCRIPTS += $(IDF_PATH)/components/esp_rom/$(IDF_TARGET)/ld/$(IDF_TARGET).rom.spiflash.ld
endif
ifdef CONFIG_ESP32_REV_MIN_3
ifdef CONFIG_ESP32_REV_MIN_3
LINKER_SCRIPTS += $(IDF_PATH)/components/esp_rom/$(IDF_TARGET)/ld/$(IDF_TARGET).rom.eco3.ld
endif
endif

21
ports/esp32s2/components/bootloader/subproject/main/ld/esp32/bootloader.ld
View file

@ -38,23 +38,26 @@ SECTIONS
*(.iram1 .iram1.*) /* catch stray IRAM_ATTR */
*liblog.a:(.literal .text .literal.* .text.*)
*libgcc.a:(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_clock.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_common.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_clock_loader.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_common_loader.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_flash.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_random.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_random*.*(.literal.bootloader_random_disable .text.bootloader_random_disable)
*libbootloader_support.a:bootloader_efuse_esp32.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_utility.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_sha.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_console_loader.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_panic.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:esp_image_format.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:flash_encrypt.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:flash_partitions.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:secure_boot.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:secure_boot_signatures.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:secure_boot_signatures_bootloader.*(.literal .text .literal.* .text.*)
*libmicro-ecc.a:*.*(.literal .text .literal.* .text.*)
*libspi_flash.a:*.*(.literal .text .literal.* .text.*)
*libsoc.a:wdt_hal_iram.*(.literal .text .literal.* .text.*)
*libsoc.a:rtc_clk.*(.literal .text .literal.* .text.*)
*libhal.a:wdt_hal_iram.*(.literal .text .literal.* .text.*)
*libesp_hw_support.a:rtc_clk.*(.literal .text .literal.* .text.*)
*libesp_hw_support.a:rtc_time.*(.literal .text .literal.* .text.*)
*libefuse.a:*.*(.literal .text .literal.* .text.*)
*(.fini.literal)
*(.fini)
@ -164,6 +167,14 @@ SECTIONS
*(.fini.literal)
*(.fini)
*(.gnu.version)
/** CPU will try to prefetch up to 16 bytes of
* of instructions. This means that any configuration (e.g. MMU, PMS) must allow
* safe access to up to 16 bytes after the last real instruction, add
* dummy bytes to ensure this
*/
. += 16;
_text_end = ABSOLUTE(.);
_etext = .;
} > iram_seg

190
ports/esp32s2/components/bootloader/subproject/main/ld/esp32c3/bootloader.ld Normal file
View file

@ -0,0 +1,190 @@
/** Simplified memory map for the bootloader.
* Make sure the bootloader can load into main memory without overwriting itself.
* We put 2nd bootloader in the high address space (before ROM stack/data/bss).
* See memory usage for ROM bootloader at the end of this file.
*/
MEMORY
{
iram_seg (RWX) : org = 0x403CE000, len = 0x2000
iram_loader_seg (RWX) : org = 0x403D0000, len = 0x6000
dram_seg (RW) : org = 0x3FCD6000, len = 0x4000
}
/* Default entry point: */
ENTRY(call_start_cpu0);
SECTIONS
{
.iram_loader.text :
{
. = ALIGN (16);
_loader_text_start = ABSOLUTE(.);
*(.stub .gnu.warning .gnu.linkonce.literal.* .gnu.linkonce.t.*.literal .gnu.linkonce.t.*)
*(.iram1 .iram1.*) /* catch stray IRAM_ATTR */
*liblog.a:(.literal .text .literal.* .text.*)
*libgcc.a:(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_clock_loader.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_common_loader.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_flash.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_random.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_random*.*(.literal.bootloader_random_disable .text.bootloader_random_disable)
*libbootloader_support.a:bootloader_random*.*(.literal.bootloader_random_enable .text.bootloader_random_enable)
*libbootloader_support.a:bootloader_efuse_esp32c3.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_utility.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_sha.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_console_loader.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_panic.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:esp_image_format.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:flash_encrypt.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:flash_partitions.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:secure_boot.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:secure_boot_signatures_bootloader.*(.literal .text .literal.* .text.*)
*libmicro-ecc.a:*.*(.literal .text .literal.* .text.*)
*libspi_flash.a:*.*(.literal .text .literal.* .text.*)
*libhal.a:wdt_hal_iram.*(.literal .text .literal.* .text.*)
*libesp_hw_support.a:rtc_clk.*(.literal .text .literal.* .text.*)
*libesp_hw_support.a:rtc_time.*(.literal .text .literal.* .text.*)
*libesp_hw_support.a:regi2c_ctrl.*(.literal .text .literal.* .text.*)
*libefuse.a:*.*(.literal .text .literal.* .text.*)
*(.fini.literal)
*(.fini)
*(.gnu.version)
_loader_text_end = ABSOLUTE(.);
} > iram_loader_seg
.iram.text :
{
. = ALIGN (16);
*(.entry.text)
*(.init.literal)
*(.init)
} > iram_seg
/* Shared RAM */
.dram0.bss (NOLOAD) :
{
. = ALIGN (8);
_dram_start = ABSOLUTE(.);
_bss_start = ABSOLUTE(.);
*(.dynsbss)
*(.sbss)
*(.sbss.*)
*(.gnu.linkonce.sb.*)
*(.scommon)
*(.sbss2)
*(.sbss2.*)
*(.gnu.linkonce.sb2.*)
*(.dynbss)
*(.bss)
*(.bss.*)
*(.gnu.linkonce.b.*)
*(COMMON)
. = ALIGN (8);
_bss_end = ABSOLUTE(.);
} > dram_seg
.dram0.data :
{
_data_start = ABSOLUTE(.);
*(.data)
*(.data.*)
*(.gnu.linkonce.d.*)
*(.data1)
*(.sdata)
*(.sdata.*)
*(.gnu.linkonce.s.*)
*(.sdata2)
*(.sdata2.*)
*(.gnu.linkonce.s2.*)
*(.jcr)
_data_end = ABSOLUTE(.);
} > dram_seg
.dram0.rodata :
{
_rodata_start = ABSOLUTE(.);
*(.rodata)
*(.rodata.*)
*(.gnu.linkonce.r.*)
*(.rodata1)
__XT_EXCEPTION_TABLE_ = ABSOLUTE(.);
*(.xt_except_table)
*(.gcc_except_table)
*(.gnu.linkonce.e.*)
*(.gnu.version_r)
*(.eh_frame)
. = (. + 3) & ~ 3;
/* C++ constructor and destructor tables, properly ordered: */
__init_array_start = ABSOLUTE(.);
KEEP (*crtbegin.*(.ctors))
KEEP (*(EXCLUDE_FILE (*crtend.*) .ctors))
KEEP (*(SORT(.ctors.*)))
KEEP (*(.ctors))
__init_array_end = ABSOLUTE(.);
KEEP (*crtbegin.*(.dtors))
KEEP (*(EXCLUDE_FILE (*crtend.*) .dtors))
KEEP (*(SORT(.dtors.*)))
KEEP (*(.dtors))
/* C++ exception handlers table: */
__XT_EXCEPTION_DESCS_ = ABSOLUTE(.);
*(.xt_except_desc)
*(.gnu.linkonce.h.*)
__XT_EXCEPTION_DESCS_END__ = ABSOLUTE(.);
*(.xt_except_desc_end)
*(.dynamic)
*(.gnu.version_d)
_rodata_end = ABSOLUTE(.);
/* Literals are also RO data. */
_lit4_start = ABSOLUTE(.);
*(*.lit4)
*(.lit4.*)
*(.gnu.linkonce.lit4.*)
_lit4_end = ABSOLUTE(.);
. = ALIGN(4);
_dram_end = ABSOLUTE(.);
} > dram_seg
.iram.text :
{
_stext = .;
_text_start = ABSOLUTE(.);
*(.literal .text .literal.* .text.* .stub .gnu.warning .gnu.linkonce.literal.* .gnu.linkonce.t.*.literal .gnu.linkonce.t.*)
*(.iram .iram.*) /* catch stray IRAM_ATTR */
*(.fini.literal)
*(.fini)
*(.gnu.version)
/** CPU will try to prefetch up to 16 bytes of
* of instructions. This means that any configuration (e.g. MMU, PMS) must allow
* safe access to up to 16 bytes after the last real instruction, add
* dummy bytes to ensure this
*/
. += 16;
_text_end = ABSOLUTE(.);
_etext = .;
} > iram_seg
}
/**
* Appendix: Memory Usage of ROM bootloader
*
* +--------+--------------+------+ 0x3FCC_B000
* | ^ |
* | | |
* | | data/bss |
* | | |
* | v |
* +------------------------------+ 0x3FCD_C910
* | ^ |
* | | |
* | | stack |
* | | |
* | v |
* +------------------------------+ 0x3FCD_E910
*/

20
ports/esp32s2/components/bootloader/subproject/main/ld/esp32s2/bootloader.ld
View file

@ -25,21 +25,27 @@ SECTIONS
*(.iram1 .iram1.*) /* catch stray IRAM_ATTR */
*liblog.a:(.literal .text .literal.* .text.*)
*libgcc.a:(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_common.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_clock_loader.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_common_loader.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_flash.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_random.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_random*.*(.literal.bootloader_random_disable .text.bootloader_random_disable)
*libbootloader_support.a:bootloader_efuse_esp32s2.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_utility.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_sha.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_console_loader.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_panic.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:esp_image_format.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:flash_encrypt.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:flash_partitions.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:secure_boot.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:secure_boot_signatures.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:secure_boot_signatures_bootloader.*(.literal .text .literal.* .text.*)
*libmicro-ecc.a:*.*(.literal .text .literal.* .text.*)
*libspi_flash.a:*.*(.literal .text .literal.* .text.*)
*libsoc.a:wdt_hal_iram.*(.literal .text .literal.* .text.*)
*libhal.a:wdt_hal_iram.*(.literal .text .literal.* .text.*)
*libesp_hw_support.a:rtc_clk.*(.literal .text .literal.* .text.*)
*libesp_hw_support.a:rtc_time.*(.literal .text .literal.* .text.*)
*libesp_hw_support.a:regi2c_ctrl.*(.literal .text .literal.* .text.*)
*libefuse.a:*.*(.literal .text .literal.* .text.*)
*(.fini.literal)
*(.fini)
@ -149,6 +155,14 @@ SECTIONS
*(.fini.literal)
*(.fini)
*(.gnu.version)
/** CPU will try to prefetch up to 16 bytes of
* of instructions. This means that any configuration (e.g. MMU, PMS) must allow
* safe access to up to 16 bytes after the last real instruction, add
* dummy bytes to ensure this
*/
. += 16;
_text_end = ABSOLUTE(.);
_etext = .;
} > iram_seg

27
ports/esp32s2/components/bootloader/subproject/main/ld/esp32s3/bootloader.ld
View file

@ -6,8 +6,8 @@
MEMORY
{
iram_seg (RWX) : org = 0x403B8000, len = 0x4000
iram_loader_seg (RWX) : org = 0x403BC000, len = 0x4000
iram_seg (RWX) : org = 0x403B6000, len = 0x4000
iram_loader_seg (RWX) : org = 0x403BA000, len = 0x6000
dram_seg (RW) : org = 0x3FCD0000, len = 0x4000
}
@ -25,23 +25,28 @@ SECTIONS
*(.iram1 .iram1.*) /* catch stray IRAM_ATTR */
*liblog.a:(.literal .text .literal.* .text.*)
*libgcc.a:(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_clock.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_common.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_clock_loader.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_common_loader.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_flash.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_random.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_random*.*(.literal.bootloader_random_disable .text.bootloader_random_disable)
*libbootloader_support.a:bootloader_random*.*(.literal.bootloader_random_enable .text.bootloader_random_enable)
*libbootloader_support.a:bootloader_efuse_esp32s3.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_utility.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_sha.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_console_loader.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:bootloader_panic.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:esp_image_format.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:flash_encrypt.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:flash_partitions.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:secure_boot.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:secure_boot_signatures.*(.literal .text .literal.* .text.*)
*libbootloader_support.a:secure_boot_signatures_bootloader.*(.literal .text .literal.* .text.*)
*libmicro-ecc.a:*.*(.literal .text .literal.* .text.*)
*libspi_flash.a:*.*(.literal .text .literal.* .text.*)
*libsoc.a:wdt_hal_iram.*(.literal .text .literal.* .text.*)
*libsoc.a:rtc_clk.*(.literal .text .literal.* .text.*)
*libhal.a:wdt_hal_iram.*(.literal .text .literal.* .text.*)
*libesp_hw_support.a:rtc_clk.*(.literal .text .literal.* .text.*)
*libesp_hw_support.a:rtc_time.*(.literal .text .literal.* .text.*)
*libesp_hw_support.a:regi2c_ctrl.*(.literal .text .literal.* .text.*)
*libefuse.a:*.*(.literal .text .literal.* .text.*)
*(.fini.literal)
*(.fini)
@ -151,6 +156,14 @@ SECTIONS
*(.fini.literal)
*(.fini)
*(.gnu.version)
/** CPU will try to prefetch up to 16 bytes of
* of instructions. This means that any configuration (e.g. MMU, PMS) must allow
* safe access to up to 16 bytes after the last real instruction, add
* dummy bytes to ensure this
*/
. += 16;
_text_end = ABSOLUTE(.);
_etext = .;
} > iram_seg

5
ports/esp32s2/self_update/CMakeLists.txt
View file

@ -2,11 +2,6 @@
# CMakeLists in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.5)
# hack default to espressif_saola_1_wrover for quick testing
if(NOT (DEFINED BOARD))
set(BOARD espressif_saola_1_wrover)
endif()
# Check for -DBOARD=
if(NOT (DEFINED BOARD AND EXISTS "${CMAKE_SOURCE_DIR}/../boards/${BOARD}/board.h") )
file(GLOB BOARD_LIST RELATIVE ${CMAKE_SOURCE_DIR}/../boards "boards/*/board.h")

1121
ports/esp32s2/self_update/sdkconfig
View file

File diff suppressed because it is too large Load diff