kenny/cyber.scope
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source 
Initial commit.
This commit is contained in:
kntran1
2026-03-23 14:40:39 -05:00
parent e84b2b4166
commit 4e2a5258a5
872 changed files with 165227 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

213
bootloader/mcuboot/boot/espressif/hal/CMakeLists.txt Normal file
View File

@@ -0,0 +1,213 @@
# SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
#
# SPDX-License-Identifier: Apache-2.0
cmake_minimum_required(VERSION 3.13)
project(hal)
set(esp_hal_dir ${ESP_HAL_PATH})
set(src_dir ${CMAKE_CURRENT_LIST_DIR}/src)
set(include_dirs
${CMAKE_CURRENT_LIST_DIR}/include
${CMAKE_CURRENT_LIST_DIR}/include/${MCUBOOT_TARGET}
)
list(APPEND include_dirs
${esp_hal_dir}/components/bootloader_support/include
${esp_hal_dir}/components/bootloader_support/private_include
${esp_hal_dir}/components/bootloader_support/bootloader_flash/include
${esp_hal_dir}/components/spi_flash/include
${esp_hal_dir}/components/spi_flash/include/spi_flash
${esp_hal_dir}/components/esp_app_format/include
${esp_hal_dir}/components/newlib/platform_include
${esp_hal_dir}/components/esp_common/include
${esp_hal_dir}/components/${MCUBOOT_ARCH}/include
${esp_hal_dir}/components/esp_rom/include
${esp_hal_dir}/components/esp_rom/include/${MCUBOOT_TARGET}
${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}
${esp_hal_dir}/components/soc/include
${esp_hal_dir}/components/soc/${MCUBOOT_TARGET}
${esp_hal_dir}/components/soc/${MCUBOOT_TARGET}/include
${esp_hal_dir}/components/efuse/include
${esp_hal_dir}/components/efuse/${MCUBOOT_TARGET}/include
${esp_hal_dir}/components/efuse/private_include
${esp_hal_dir}/components/efuse/${MCUBOOT_TARGET}/private_include
${esp_hal_dir}/components/esp_hw_support/include
${esp_hal_dir}/components/esp_hw_support/include/soc
${esp_hal_dir}/components/esp_hw_support/include/soc/${MCUBOOT_TARGET}
${esp_hal_dir}/components/esp_hw_support/port/include
${esp_hal_dir}/components/esp_hw_support/include/esp_private
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}
${esp_hal_dir}/components/hal/${MCUBOOT_TARGET}/include
${esp_hal_dir}/components/hal/include
${esp_hal_dir}/components/hal/platform_port/include
${esp_hal_dir}/components/esp_system/include
${esp_hal_dir}/components/log/include
)
if("${MCUBOOT_ARCH}" STREQUAL "xtensa")
list(APPEND include_dirs
${esp_hal_dir}/components/${MCUBOOT_ARCH}/${MCUBOOT_TARGET}/include
${esp_hal_dir}/components/${MCUBOOT_ARCH}/include
)
endif()
set(hal_srcs
${esp_hal_dir}/components/bootloader_support/src/${MCUBOOT_TARGET}/bootloader_${MCUBOOT_TARGET}.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_init.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_common.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_common_loader.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_console.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_console_loader.c
${esp_hal_dir}/components/bootloader_support/bootloader_flash/src/bootloader_flash.c
${esp_hal_dir}/components/bootloader_support/bootloader_flash/src/bootloader_flash_config_${MCUBOOT_TARGET}.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_clock_init.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_clock_loader.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_efuse.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_panic.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_mem.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_random.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_random_${MCUBOOT_TARGET}.c
${esp_hal_dir}/components/bootloader_support/src/bootloader_utility.c
${esp_hal_dir}/components/bootloader_support/src/esp_image_format.c
${esp_hal_dir}/components/bootloader_support/src/${MCUBOOT_TARGET}/bootloader_soc.c
${esp_hal_dir}/components/bootloader_support/src/${MCUBOOT_TARGET}/bootloader_sha.c
${esp_hal_dir}/components/hal/mpu_hal.c
${esp_hal_dir}/components/hal/efuse_hal.c
${esp_hal_dir}/components/hal/mmu_hal.c
${esp_hal_dir}/components/hal/wdt_hal_iram.c
${esp_hal_dir}/components/hal/${MCUBOOT_TARGET}/efuse_hal.c
${esp_hal_dir}/components/soc/${MCUBOOT_TARGET}/uart_periph.c
${esp_hal_dir}/components/soc/${MCUBOOT_TARGET}/gpio_periph.c
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/rtc_time.c
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/rtc_clk.c
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/rtc_clk_init.c
${esp_hal_dir}/components/esp_rom/patches/esp_rom_uart.c
${esp_hal_dir}/components/esp_rom/patches/esp_rom_sys.c
${esp_hal_dir}/components/esp_rom/patches/esp_rom_spiflash.c
${esp_hal_dir}/components/efuse/${MCUBOOT_TARGET}/esp_efuse_table.c
${esp_hal_dir}/components/efuse/src/esp_efuse_fields.c
${esp_hal_dir}/components/efuse/${MCUBOOT_TARGET}/esp_efuse_fields.c
${esp_hal_dir}/components/efuse/src/esp_efuse_api.c
${esp_hal_dir}/components/efuse/src/esp_efuse_utility.c
${esp_hal_dir}/components/efuse/${MCUBOOT_TARGET}/esp_efuse_utility.c
${esp_hal_dir}/components/log/log_noos.c
${src_dir}/bootloader_banner.c
${src_dir}/bootloader_wdt.c
)
if(DEFINED CONFIG_SECURE_BOOT_V2_ENABLED)
list(APPEND hal_srcs
${src_dir}/secure_boot.c
${esp_hal_dir}/components/bootloader_support/src/secure_boot_v2/secure_boot_signatures_bootloader.c
${esp_hal_dir}/components/bootloader_support/src/${MCUBOOT_TARGET}/secure_boot_secure_features.c
)
list(APPEND include_dirs
${esp_hal_dir}/components/bootloader_support/src/secure_boot_v2
)
endif()
if(DEFINED CONFIG_SECURE_FLASH_ENC_ENABLED)
list(APPEND hal_srcs
${src_dir}/flash_encrypt.c
${esp_hal_dir}/components/bootloader_support/src/${MCUBOOT_TARGET}/flash_encryption_secure_features.c
)
set_source_files_properties(
${src_dir}/flash_encrypt.c
PROPERTIES COMPILE_FLAGS
"-Wno-unused-variable"
)
endif()
if("${MCUBOOT_ARCH}" STREQUAL "xtensa")
list(APPEND hal_srcs
${esp_hal_dir}/components/esp_rom/patches/esp_rom_longjmp.S
)
endif()
set(CFLAGS
"-nostdlib"
"-Wno-frame-address"
"-Wall"
"-Wextra"
"-W"
"-Wwrite-strings"
"-Wlogical-op"
"-Wshadow"
"-ffunction-sections"
"-fdata-sections"
"-fstrict-volatile-bitfields"
"-Werror=all"
"-Wno-error=unused-function"
"-Wno-error=unused-but-set-variable"
"-Wno-error=unused-variable"
"-Wno-error=deprecated-declarations"
"-Wno-unused-parameter"
"-Wno-sign-compare"
"-ggdb"
"-Os"
"-D_GNU_SOURCE"
"-std=gnu17"
"-Wno-old-style-declaration"
"-Wno-implicit-int"
)
set(LDFLAGS
"-Wno-frame-address"
"-Wl,--cref"
"-Wl,--Map=${APP_NAME}.map"
"-fno-rtti"
"-fno-lto"
"-Wl,--gc-sections"
"-Wl,--undefined=uxTopUsedPriority"
"-lm"
"-lgcc"
"-lgcov"
)
if("${MCUBOOT_ARCH}" STREQUAL "xtensa")
list(APPEND CFLAGS
"-mlongcalls"
)
list(APPEND LDFLAGS
"-mlongcalls"
)
endif()
set(LINKER_SCRIPTS
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.ld
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.libgcc.ld
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.api.ld
-T${esp_hal_dir}/components/soc/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.peripherals.ld
)
include(${CMAKE_CURRENT_LIST_DIR}/include/${MCUBOOT_TARGET}/${MCUBOOT_TARGET}.cmake)
add_library(hal STATIC ${hal_srcs} ${include_dirs})
# Wrap for overriding the print banner function from bootloader_support
add_definitions(-DIDF_VER=0)
target_link_libraries(
hal
INTERFACE
"-Wl,--wrap=bootloader_print_banner")
target_include_directories(
hal
PUBLIC
${include_dirs}
)
target_compile_options(
hal
PUBLIC
${CFLAGS}
)
target_link_libraries(
hal
PUBLIC
${LDFLAGS}
${LINKER_SCRIPTS}
)

11
bootloader/mcuboot/boot/espressif/hal/include/app_cpu_start.h Normal file
View File

@@ -0,0 +1,11 @@
/*
* Copyright (c) 2022 Espressif Systems (Shanghai) Co., Ltd.
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include <stdint.h>
void appcpu_start(uint32_t entry_addr);

8
bootloader/mcuboot/boot/espressif/hal/include/bootloader_wdt.h Normal file
View File

@@ -0,0 +1,8 @@
/*
* Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd.
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
void bootloader_wdt_feed(void);

32
bootloader/mcuboot/boot/espressif/hal/include/esp32/esp32.cmake Normal file
View File

@@ -0,0 +1,32 @@
# SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
#
# SPDX-License-Identifier: Apache-2.0
list(APPEND hal_srcs
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/rtc_init.c
${esp_hal_dir}/components/efuse/src/efuse_controller/keys/without_key_purposes/three_key_blocks/esp_efuse_api_key.c
)
if (DEFINED CONFIG_ESP_MULTI_PROCESSOR_BOOT)
list(APPEND hal_srcs
${src_dir}/${MCUBOOT_TARGET}/app_cpu_start.c
${esp_hal_dir}/components/esp_hw_support/cpu.c
)
endif()
if (DEFINED CONFIG_ESP_CONSOLE_UART_CUSTOM)
list(APPEND hal_srcs
${src_dir}/${MCUBOOT_TARGET}/console_uart_custom.c
)
endif()
list(APPEND LINKER_SCRIPTS
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.newlib-funcs.ld
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.eco3.ld
)
set_source_files_properties(
${esp_hal_dir}/components/bootloader_support/src/esp32/bootloader_esp32.c
${esp_hal_dir}/components/bootloader_support/bootloader_flash/src/bootloader_flash.c
PROPERTIES COMPILE_FLAGS
"-Wno-unused-variable -Wno-unused-but-set-variable")

31
bootloader/mcuboot/boot/espressif/hal/include/esp32/sdkconfig.h Normal file
View File

@@ -0,0 +1,31 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#define BOOTLOADER_BUILD 1
#define CONFIG_IDF_FIRMWARE_CHIP_ID 0x0000
#define CONFIG_IDF_TARGET_ESP32 1
#define CONFIG_ESP32_REV_MIN_3 1
#define CONFIG_ESP32_REV_MIN_FULL 300
#define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32_REV_MIN_FULL
#define CONFIG_ESP32_REV_MIN 3
#define CONFIG_ESP32_REV_MAX_FULL 399
#define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32_REV_MAX_FULL
#define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1
#define CONFIG_MMU_PAGE_SIZE 0x10000
#define CONFIG_ESP32_XTAL_FREQ 40
#define CONFIG_XTAL_FREQ 40
#define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ_160 1
#define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ 160
#define CONFIG_MCUBOOT 1
#define NDEBUG 1
#define CONFIG_BOOTLOADER_WDT_TIME_MS 9000
#define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200
#define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x1000
#define CONFIG_PARTITION_TABLE_OFFSET 0x10000
#define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000
#define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000
#define CONFIG_EFUSE_MAX_BLK_LEN 192
#define CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT 1

29
bootloader/mcuboot/boot/espressif/hal/include/esp32c2/esp32c2.cmake Normal file
View File

@@ -0,0 +1,29 @@
# SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
#
# SPDX-License-Identifier: Apache-2.0
list(APPEND hal_srcs
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/rtc_init.c
${esp_hal_dir}/components/hal/cache_hal.c
${esp_hal_dir}/components/efuse/${MCUBOOT_TARGET}/esp_efuse_table.c
${esp_hal_dir}/components/efuse/src/efuse_controller/keys/without_key_purposes/one_key_block/esp_efuse_api_key.c
)
if (DEFINED CONFIG_ESP_CONSOLE_UART_CUSTOM)
list(APPEND hal_srcs
${src_dir}/${MCUBOOT_TARGET}/console_uart_custom.c
)
endif()
list(APPEND LINKER_SCRIPTS
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.newlib.ld
)
set_source_files_properties(
${esp_hal_dir}/components/bootloader_support/src/esp_image_format.c
${esp_hal_dir}/components/bootloader_support/bootloader_flash/src/bootloader_flash.c
${esp_hal_dir}/components/bootloader_support/bootloader_flash/src/bootloader_flash_config_${MCUBOOT_TARGET}.c
${esp_hal_dir}/components/hal/mmu_hal.c
${esp_hal_dir}/components/hal/cache_hal.c
PROPERTIES COMPILE_FLAGS
"-Wno-logical-op")

30
bootloader/mcuboot/boot/espressif/hal/include/esp32c2/sdkconfig.h Normal file
View File

@@ -0,0 +1,30 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#define BOOTLOADER_BUILD 1
#define CONFIG_IDF_FIRMWARE_CHIP_ID 0x000C
#define CONFIG_IDF_TARGET_ESP32C2 1
#define CONFIG_ESP32C2_REV_MIN_0 1
#define CONFIG_ESP32C2_REV_MIN_FULL 3
#define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32C2_REV_MIN_FULL
#define CONFIG_ESP32C2_REV_MIN 3
#define CONFIG_ESP32C2_REV_MAX_FULL 99
#define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32C2_REV_MAX_FULL
#define CONFIG_IDF_TARGET_ARCH_RISCV 1
#define CONFIG_MMU_PAGE_SIZE 0x10000
#define CONFIG_XTAL_FREQ_26 1
#define CONFIG_XTAL_FREQ 26
#define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1
#define CONFIG_MCUBOOT 1
#define NDEBUG 1
#define CONFIG_BOOTLOADER_WDT_TIME_MS 9000
#define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200
#define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x0000
#define CONFIG_PARTITION_TABLE_OFFSET 0x10000
#define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000
#define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000
#define CONFIG_EFUSE_MAX_BLK_LEN 256
#define CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT 1

20
bootloader/mcuboot/boot/espressif/hal/include/esp32c3/esp32c3.cmake Normal file
View File

@@ -0,0 +1,20 @@
# SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
#
# SPDX-License-Identifier: Apache-2.0
list(APPEND hal_srcs
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/rtc_init.c
${esp_hal_dir}/components/hal/cache_hal.c
${esp_hal_dir}/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c
)
if (DEFINED CONFIG_ESP_CONSOLE_UART_CUSTOM)
list(APPEND hal_srcs
${src_dir}/${MCUBOOT_TARGET}/console_uart_custom.c
)
endif()
list(APPEND LINKER_SCRIPTS
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.newlib.ld
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.eco3.ld
)

29
bootloader/mcuboot/boot/espressif/hal/include/esp32c3/sdkconfig.h Normal file
View File

@@ -0,0 +1,29 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#define BOOTLOADER_BUILD 1
#define CONFIG_IDF_FIRMWARE_CHIP_ID 0x0005
#define CONFIG_IDF_TARGET_ESP32C3 1
#define CONFIG_ESP32C3_REV_MIN_3 1
#define CONFIG_ESP32C3_REV_MIN_FULL 3
#define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32C3_REV_MIN_FULL
#define CONFIG_ESP32C3_REV_MIN 3
#define CONFIG_ESP32C3_REV_MAX_FULL 99
#define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32C3_REV_MAX_FULL
#define CONFIG_IDF_TARGET_ARCH_RISCV 1
#define CONFIG_MMU_PAGE_SIZE 0x10000
#define CONFIG_XTAL_FREQ 40
#define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1
#define CONFIG_MCUBOOT 1
#define NDEBUG 1
#define CONFIG_BOOTLOADER_WDT_TIME_MS 9000
#define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200
#define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x0000
#define CONFIG_PARTITION_TABLE_OFFSET 0x10000
#define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000
#define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000
#define CONFIG_EFUSE_MAX_BLK_LEN 256
#define CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT 1

34
bootloader/mcuboot/boot/espressif/hal/include/esp32c6/esp32c6.cmake Normal file
View File

@@ -0,0 +1,34 @@
# SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
#
# SPDX-License-Identifier: Apache-2.0
list(APPEND include_dirs
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/private_include
)
list(APPEND hal_srcs
${esp_hal_dir}/components/hal/cache_hal.c
${esp_hal_dir}/components/hal/lp_timer_hal.c
${esp_hal_dir}/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c
${esp_hal_dir}/components/esp_rom/patches/esp_rom_hp_regi2c_${MCUBOOT_TARGET}.c
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/pmu_param.c
)
if (DEFINED CONFIG_ESP_CONSOLE_UART_CUSTOM)
list(APPEND hal_srcs
${src_dir}/${MCUBOOT_TARGET}/console_uart_custom.c
)
endif()
list(APPEND LINKER_SCRIPTS
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.newlib.ld
)
set_source_files_properties(
${esp_hal_dir}/components/bootloader_support/src/esp_image_format.c
${esp_hal_dir}/components/bootloader_support/bootloader_flash/src/bootloader_flash.c
${esp_hal_dir}/components/bootloader_support/bootloader_flash/src/bootloader_flash_config_${MCUBOOT_TARGET}.c
${esp_hal_dir}/components/hal/mmu_hal.c
${esp_hal_dir}/components/hal/cache_hal.c
PROPERTIES COMPILE_FLAGS
"-Wno-logical-op")

30
bootloader/mcuboot/boot/espressif/hal/include/esp32c6/sdkconfig.h Normal file
View File

@@ -0,0 +1,30 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#define BOOTLOADER_BUILD 1
#define CONFIG_IDF_FIRMWARE_CHIP_ID 0x000D
#define CONFIG_IDF_TARGET_ESP32C6 1
#define CONFIG_ESP32C6_REV_MIN_0 1
#define CONFIG_ESP32C6_REV_MIN_FULL 0
#define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32C6_REV_MIN_FULL
#define CONFIG_ESP32C6_REV_MIN 0
#define CONFIG_ESP32C6_REV_MAX_FULL 99
#define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32C6_REV_MAX_FULL
#define CONFIG_IDF_TARGET_ARCH_RISCV 1
#define CONFIG_MMU_PAGE_SIZE 0x10000
#define SOC_MMU_PAGE_SIZE CONFIG_MMU_PAGE_SIZE /* from soc/CMakeLists */
#define CONFIG_XTAL_FREQ 40
#define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1
#define CONFIG_MCUBOOT 1
#define NDEBUG 1
#define CONFIG_BOOTLOADER_WDT_TIME_MS 9000
#define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200
#define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x0000
#define CONFIG_PARTITION_TABLE_OFFSET 0x10000
#define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000
#define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000
#define CONFIG_EFUSE_MAX_BLK_LEN 256
#define CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT 1

34
bootloader/mcuboot/boot/espressif/hal/include/esp32h2/esp32h2.cmake Normal file
View File

@@ -0,0 +1,34 @@
# SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
#
# SPDX-License-Identifier: Apache-2.0
list(APPEND include_dirs
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/private_include
)
list(APPEND hal_srcs
${esp_hal_dir}/components/hal/cache_hal.c
${esp_hal_dir}/components/hal/lp_timer_hal.c
${esp_hal_dir}/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c
${esp_hal_dir}/components/esp_rom/patches/esp_rom_regi2c_${MCUBOOT_TARGET}.c
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/pmu_param.c
)
if (DEFINED CONFIG_ESP_CONSOLE_UART_CUSTOM)
list(APPEND hal_srcs
${src_dir}/${MCUBOOT_TARGET}/console_uart_custom.c
)
endif()
list(APPEND LINKER_SCRIPTS
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.newlib.ld
)
set_source_files_properties(
${esp_hal_dir}/components/bootloader_support/src/esp_image_format.c
${esp_hal_dir}/components/bootloader_support/bootloader_flash/src/bootloader_flash.c
${esp_hal_dir}/components/bootloader_support/bootloader_flash/src/bootloader_flash_config_${MCUBOOT_TARGET}.c
${esp_hal_dir}/components/hal/mmu_hal.c
${esp_hal_dir}/components/hal/cache_hal.c
PROPERTIES COMPILE_FLAGS
"-Wno-logical-op")

31
bootloader/mcuboot/boot/espressif/hal/include/esp32h2/sdkconfig.h Normal file
View File

@@ -0,0 +1,31 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#define BOOTLOADER_BUILD 1
#define CONFIG_IDF_FIRMWARE_CHIP_ID 0x0010
#define CONFIG_IDF_TARGET_ESP32H2 1
#define CONFIG_ESP32H2_REV_MIN_0 1
#define CONFIG_ESP32H2_REV_MIN_FULL 0
#define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32H2_REV_MIN_FULL
#define CONFIG_ESP32H2_REV_MIN 0
#define CONFIG_ESP32H2_REV_MAX_FULL 99
#define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32H2_REV_MAX_FULL
#define CONFIG_IDF_TARGET_ARCH_RISCV 1
#define CONFIG_MMU_PAGE_SIZE 0x10000
#define SOC_MMU_PAGE_SIZE CONFIG_MMU_PAGE_SIZE /* from soc/CMakeLists */
#define CONFIG_XTAL_FREQ_32 1
#define CONFIG_XTAL_FREQ 32
#define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1
#define CONFIG_MCUBOOT 1
#define NDEBUG 1
#define CONFIG_BOOTLOADER_WDT_TIME_MS 9000
#define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200
#define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x0000
#define CONFIG_PARTITION_TABLE_OFFSET 0x10000
#define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000
#define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000
#define CONFIG_EFUSE_MAX_BLK_LEN 256
#define CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT 1

22
bootloader/mcuboot/boot/espressif/hal/include/esp32s2/esp32s2.cmake Normal file
View File

@@ -0,0 +1,22 @@
# SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
#
# SPDX-License-Identifier: Apache-2.0
list(APPEND hal_srcs
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/rtc_init.c
${esp_hal_dir}/components/hal/cache_hal.c
${esp_hal_dir}/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c
${esp_hal_dir}/components/esp_rom/patches/esp_rom_crc.c
${esp_hal_dir}/components/esp_rom/patches/esp_rom_regi2c_esp32s2.c
)
list(APPEND LINKER_SCRIPTS
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.newlib-funcs.ld
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.spiflash.ld
)
set_source_files_properties(
${esp_hal_dir}/components/bootloader_support/src/esp32s2/bootloader_esp32s2.c
PROPERTIES COMPILE_FLAGS
"-Wno-unused-but-set-variable")

29
bootloader/mcuboot/boot/espressif/hal/include/esp32s2/sdkconfig.h Normal file
View File

@@ -0,0 +1,29 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#define BOOTLOADER_BUILD 1
#define CONFIG_IDF_FIRMWARE_CHIP_ID 0x0002
#define CONFIG_IDF_TARGET_ESP32S2 1
#define CONFIG_ESP32S2_REV_MIN_0 1
#define CONFIG_ESP32S2_REV_MIN_FULL 0
#define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32S2_REV_MIN_FULL
#define CONFIG_ESP32S2_REV_MIN 0
#define CONFIG_ESP32S2_REV_MAX_FULL 99
#define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32S2_REV_MAX_FULL
#define CONFIG_MMU_PAGE_SIZE 0x10000
#define CONFIG_XTAL_FREQ 40
#define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1
#define CONFIG_ESP32S2_XTAL_FREQ 40
#define CONFIG_MCUBOOT 1
#define NDEBUG 1
#define CONFIG_BOOTLOADER_WDT_TIME_MS 9000
#define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200
#define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x1000
#define CONFIG_PARTITION_TABLE_OFFSET 0x10000
#define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000
#define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000
#define CONFIG_EFUSE_MAX_BLK_LEN 256
#define CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT 1

25
bootloader/mcuboot/boot/espressif/hal/include/esp32s3/esp32s3.cmake Normal file
View File

@@ -0,0 +1,25 @@
# SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
#
# SPDX-License-Identifier: Apache-2.0
list(APPEND hal_srcs
${esp_hal_dir}/components/esp_hw_support/port/${MCUBOOT_TARGET}/rtc_init.c
${esp_hal_dir}/components/hal/cache_hal.c
${esp_hal_dir}/components/efuse/src/efuse_controller/keys/with_key_purposes/esp_efuse_api_key.c
)
if (DEFINED CONFIG_ESP_MULTI_PROCESSOR_BOOT)
list(APPEND hal_srcs
${src_dir}/${MCUBOOT_TARGET}/app_cpu_start.c
${esp_hal_dir}/components/esp_hw_support/cpu.c
)
endif()
list(APPEND LINKER_SCRIPTS
-T${esp_hal_dir}/components/esp_rom/${MCUBOOT_TARGET}/ld/${MCUBOOT_TARGET}.rom.newlib.ld
)
set_source_files_properties(
${esp_hal_dir}/components/bootloader_support/src/esp32s3/bootloader_esp32s3.c
PROPERTIES COMPILE_FLAGS
"-Wno-unused-variable -Wno-unused-but-set-variable")

27
bootloader/mcuboot/boot/espressif/hal/include/esp32s3/sdkconfig.h Normal file
View File

@@ -0,0 +1,27 @@
/*
* SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#define BOOTLOADER_BUILD 1
#define CONFIG_IDF_FIRMWARE_CHIP_ID 0x0009
#define CONFIG_IDF_TARGET_ESP32S3 1
#define CONFIG_ESP32S3_REV_MIN_0 1
#define CONFIG_ESP32S3_REV_MIN_FULL 0
#define CONFIG_ESP_REV_MIN_FULL CONFIG_ESP32S3_REV_MIN_FULL
#define CONFIG_ESP32S3_REV_MIN 0
#define CONFIG_ESP32S3_REV_MAX_FULL 99
#define CONFIG_ESP_REV_MAX_FULL CONFIG_ESP32S3_REV_MAX_FULL
#define CONFIG_MMU_PAGE_SIZE 0x10000
#define CONFIG_XTAL_FREQ 40
#define CONFIG_SPI_FLASH_ROM_DRIVER_PATCH 1
#define CONFIG_MCUBOOT 1
#define NDEBUG 1
#define CONFIG_BOOTLOADER_WDT_TIME_MS 9000
#define CONFIG_ESP_CONSOLE_UART_BAUDRATE 115200
#define CONFIG_BOOTLOADER_OFFSET_IN_FLASH 0x0000
#define CONFIG_PARTITION_TABLE_OFFSET 0x10000
#define CONFIG_EFUSE_VIRTUAL_OFFSET 0x250000
#define CONFIG_EFUSE_VIRTUAL_SIZE 0x2000
#define CONFIG_EFUSE_MAX_BLK_LEN 256

29
bootloader/mcuboot/boot/espressif/hal/include/esp_log.h Normal file
View File

@@ -0,0 +1,29 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include <inttypes.h>
#include <mcuboot_config/mcuboot_logging.h>
/* Log levels from IDF are similar to MCUboot's */
#ifndef CONFIG_BOOTLOADER_LOG_LEVEL
#define CONFIG_BOOTLOADER_LOG_LEVEL MCUBOOT_LOG_LEVEL
#endif
#define ESP_LOGE(tag, fmt, ...) MCUBOOT_LOG_ERR("[%s] " fmt, tag, ##__VA_ARGS__)
#define ESP_LOGW(tag, fmt, ...) MCUBOOT_LOG_WRN("[%s] " fmt, tag, ##__VA_ARGS__)
#define ESP_LOGI(tag, fmt, ...) MCUBOOT_LOG_INF("[%s] " fmt, tag, ##__VA_ARGS__)
#define ESP_LOGD(tag, fmt, ...) MCUBOOT_LOG_DBG("[%s] " fmt, tag, ##__VA_ARGS__)
#define ESP_LOGV(tag, fmt, ...) MCUBOOT_LOG_DBG("[%s] " fmt, tag, ##__VA_ARGS__)
#define ESP_EARLY_LOGE(tag, fmt, ...) MCUBOOT_LOG_ERR("[%s] " fmt, tag, ##__VA_ARGS__)
#define ESP_EARLY_LOGW(tag, fmt, ...) MCUBOOT_LOG_WRN("[%s] " fmt, tag, ##__VA_ARGS__)
#define ESP_EARLY_LOGI(tag, fmt, ...) MCUBOOT_LOG_INF("[%s] " fmt, tag, ##__VA_ARGS__)
#define ESP_EARLY_LOGD(tag, fmt, ...) MCUBOOT_LOG_DBG("[%s] " fmt, tag, ##__VA_ARGS__)
#define ESP_EARLY_LOGV(tag, fmt, ...) MCUBOOT_LOG_DBG("[%s] " fmt, tag, ##__VA_ARGS__)
uint32_t esp_log_early_timestamp(void);

26
bootloader/mcuboot/boot/espressif/hal/include/esp_mcuboot_image.h Normal file
View File

@@ -0,0 +1,26 @@
/*
* SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
/* Magic is derived from sha256sum of the string "espmcuboot"
* The application header magic must match this number
*/
#define ESP_LOAD_HEADER_MAGIC 0xace637d3
/* Load header that should be a part of application image
* for MCUboot-Espressif port booting.
*/
typedef struct esp_image_load_header {
uint32_t header_magic; /* Magic for load header */
uint32_t entry_addr; /* Application entry address */
uint32_t iram_dest_addr; /* Destination address(VMA) for IRAM region */
uint32_t iram_flash_offset; /* Flash offset(LMA) for start of IRAM region */
uint32_t iram_size; /* Size of IRAM region */
uint32_t dram_dest_addr; /* Destination address(VMA) for DRAM region */
uint32_t dram_flash_offset; /* Flash offset(LMA) for start of DRAM region */
uint32_t dram_size; /* Size of DRAM region */
} esp_image_load_header_t;

19
bootloader/mcuboot/boot/espressif/hal/include/mcuboot_config/mcuboot_assert.h Normal file
View File

@@ -0,0 +1,19 @@
/*
* Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd.
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
extern void mcuboot_assert_handler(const char *file, int line, const char *func);
#ifdef assert
#undef assert
#endif
#define assert(arg) \
do { \
if (!(arg)) { \
mcuboot_assert_handler(__FILE__, __LINE__, __func__); \
} \
} while(0)

193
bootloader/mcuboot/boot/espressif/hal/include/mcuboot_config/mcuboot_config.h Normal file
View File

@@ -0,0 +1,193 @@
/*
* Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd.
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifndef __MCUBOOT_CONFIG_H__
#define __MCUBOOT_CONFIG_H__
/*
* Signature types
*
* You must choose exactly one signature type - check bootloader.conf
* configuration file
*/
/* Uncomment for RSA signature support */
#if defined(CONFIG_ESP_SIGN_RSA)
#define MCUBOOT_SIGN_RSA
# if (CONFIG_ESP_SIGN_RSA_LEN != 2048 && \
CONFIG_ESP_SIGN_RSA_LEN != 3072)
# error "Invalid RSA key size (must be 2048 or 3072)"
# else
# define MCUBOOT_SIGN_RSA_LEN CONFIG_ESP_SIGN_RSA_LEN
# endif
#elif defined(CONFIG_ESP_SIGN_EC256)
#define MCUBOOT_SIGN_EC256
#elif defined(CONFIG_ESP_SIGN_ED25519)
#define MCUBOOT_SIGN_ED25519
#endif
#if defined(CONFIG_SECURE_FLASH_ENC_ENABLED)
#define MCUBOOT_BOOT_MAX_ALIGN 32
#endif
/*
* Upgrade mode
*
* The default is to support A/B image swapping with rollback. Other modes
* with simpler code path, which only supports overwriting the existing image
* with the update image or running the newest image directly from its flash
* partition, are also available.
*
* You can enable only one mode at a time from the list below to override
* the default upgrade mode.
*/
/* Uncomment to enable the overwrite-only code path. */
/* #define MCUBOOT_OVERWRITE_ONLY */
#ifdef MCUBOOT_OVERWRITE_ONLY
/* Uncomment to only erase and overwrite those primary slot sectors needed
* to install the new image, rather than the entire image slot. */
/* #define MCUBOOT_OVERWRITE_ONLY_FAST */
#endif
/* Uncomment to enable the direct-xip code path. */
/* #define MCUBOOT_DIRECT_XIP */
/* Uncomment to enable the ram-load code path. */
/* #define MCUBOOT_RAM_LOAD */
/*
* Cryptographic settings
*
* You must choose between Mbed TLS and Tinycrypt as source of
* cryptographic primitives. Other cryptographic settings are also
* available.
*/
/* Uncomment to use Mbed TLS cryptographic primitives */
#if defined(CONFIG_ESP_USE_MBEDTLS)
#define MCUBOOT_USE_MBED_TLS
#else
/* MCUboot requires the definition of a crypto lib,
* using Tinycrypt as default */
#define MCUBOOT_USE_TINYCRYPT
#endif
/*
* Always check the signature of the image in the primary slot before booting,
* even if no upgrade was performed. This is recommended if the boot
* time penalty is acceptable.
*/
#define MCUBOOT_VALIDATE_PRIMARY_SLOT
#ifdef CONFIG_ESP_DOWNGRADE_PREVENTION
#define MCUBOOT_DOWNGRADE_PREVENTION 1
/* MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER is used later as bool value so it is
* always defined, (unlike MCUBOOT_DOWNGRADE_PREVENTION which is only used in
* preprocessor condition and my be not defined) */
# ifdef CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER
# define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 1
# else
# define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 0
# endif
#endif
/*
* Flash abstraction
*/
/* Uncomment if your flash map API supports flash_area_get_sectors().
* See the flash APIs for more details. */
#define MCUBOOT_USE_FLASH_AREA_GET_SECTORS
/* Default maximum number of flash sectors per image slot; change
* as desirable. */
#define MCUBOOT_MAX_IMG_SECTORS 512
/* Default number of separately updateable images; change in case of
* multiple images. */
#if defined(CONFIG_ESP_IMAGE_NUMBER)
#define MCUBOOT_IMAGE_NUMBER CONFIG_ESP_IMAGE_NUMBER
#else
#define MCUBOOT_IMAGE_NUMBER 1
#endif
/*
* Logging
*/
/*
* If logging is enabled the following functions must be defined by the
* platform:
*
* MCUBOOT_LOG_MODULE_REGISTER(domain)
* Register a new log module and add the current C file to it.
*
* MCUBOOT_LOG_MODULE_DECLARE(domain)
* Add the current C file to an existing log module.
*
* MCUBOOT_LOG_ERR(...)
* MCUBOOT_LOG_WRN(...)
* MCUBOOT_LOG_INF(...)
* MCUBOOT_LOG_DBG(...)
*
* The function priority is:
*
* MCUBOOT_LOG_ERR > MCUBOOT_LOG_WRN > MCUBOOT_LOG_INF > MCUBOOT_LOG_DBG
*/
#define MCUBOOT_HAVE_LOGGING 1
/* #define MCUBOOT_LOG_LEVEL MCUBOOT_LOG_LEVEL_INFO */
/*
* Assertions
*/
/* Uncomment if your platform has its own mcuboot_config/mcuboot_assert.h.
* If so, it must provide an ASSERT macro for use by bootutil. Otherwise,
* "assert" is used. */
#define MCUBOOT_HAVE_ASSERT_H 1
#ifdef CONFIG_ESP_MCUBOOT_SERIAL
#define CONFIG_MCUBOOT_SERIAL
#endif
/*
* When a serial recovery process is receiving the image data, this option
* enables it to erase flash progressively (by sectors) instead of the
* default behavior that is erasing whole image size of flash area after
* receiving first frame.
* Enabling this options prevents stalling the beginning of transfer
* for the time needed to erase large chunk of flash.
*/
#ifdef CONFIG_ESP_MCUBOOT_ERASE_PROGRESSIVELY
#define MCUBOOT_ERASE_PROGRESSIVELY
#endif
/* Serial extensions are not implemented
*/
#define MCUBOOT_PERUSER_MGMT_GROUP_ENABLED 0
/*
* Watchdog feeding
*/
/* This macro might be implemented if the OS / HW watchdog is enabled while
* doing a swap upgrade and the time it takes for a swapping is long enough
* to cause an unwanted reset. If implementing this, the OS main.c must also
* enable the watchdog (if required)!
*/
#include <bootloader_wdt.h>
#define MCUBOOT_WATCHDOG_FEED() \
do { \
bootloader_wdt_feed(); \
} while (0)
#define MCUBOOT_CPU_IDLE() \
do { \
} while (0)
#endif /* __MCUBOOT_CONFIG_H__ */

79
bootloader/mcuboot/boot/espressif/hal/include/mcuboot_config/mcuboot_logging.h Normal file
View File

@@ -0,0 +1,79 @@
/*
* Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd.
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include "sdkconfig.h"
#include "mcuboot_config.h"
extern int ets_printf(const char *fmt, ...);
#define MCUBOOT_LOG_LEVEL_OFF 0
#define MCUBOOT_LOG_LEVEL_ERROR 1
#define MCUBOOT_LOG_LEVEL_WARNING 2
#define MCUBOOT_LOG_LEVEL_INFO 3
#define MCUBOOT_LOG_LEVEL_DEBUG 4
#if CONFIG_IDF_TARGET_ESP32
#define TARGET "[esp32]"
#elif CONFIG_IDF_TARGET_ESP32S2
#define TARGET "[esp32s2]"
#elif CONFIG_IDF_TARGET_ESP32S3
#define TARGET "[esp32s3]"
#elif CONFIG_IDF_TARGET_ESP32C3
#define TARGET "[esp32c3]"
#elif CONFIG_IDF_TARGET_ESP32C6
#define TARGET "[esp32c6]"
#elif CONFIG_IDF_TARGET_ESP32C2
#define TARGET "[esp32c2]"
#elif CONFIG_IDF_TARGET_ESP32H2
#define TARGET "[esp32h2]"
#else
#error "Selected target not supported."
#endif
#ifndef MCUBOOT_LOG_LEVEL
#define MCUBOOT_LOG_LEVEL MCUBOOT_LOG_LEVEL_INFO
#endif
#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_ERROR
#define MCUBOOT_LOG_ERR(_fmt, ...) \
do { \
ets_printf(TARGET " [ERR] " _fmt "\n\r", ##__VA_ARGS__); \
} while (0)
#else
#define MCUBOOT_LOG_ERR(_fmt, ...)
#endif
#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_WARNING
#define MCUBOOT_LOG_WRN(_fmt, ...) \
do { \
ets_printf(TARGET " [WRN] " _fmt "\n\r", ##__VA_ARGS__); \
} while (0)
#else
#define MCUBOOT_LOG_WRN(_fmt, ...)
#endif
#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_INFO
#define MCUBOOT_LOG_INF(_fmt, ...) \
do { \
ets_printf(TARGET " [INF] " _fmt "\n\r", ##__VA_ARGS__); \
} while (0)
#else
#define MCUBOOT_LOG_INF(_fmt, ...)
#endif
#if MCUBOOT_LOG_LEVEL >= MCUBOOT_LOG_LEVEL_DEBUG
#define MCUBOOT_LOG_DBG(_fmt, ...) \
do { \
ets_printf(TARGET " [DBG] " _fmt "\n\r", ##__VA_ARGS__); \
} while (0)
#else
#define MCUBOOT_LOG_DBG(_fmt, ...)
#endif
#define MCUBOOT_LOG_MODULE_DECLARE(...)
#define MCUBOOT_LOG_MODULE_REGISTER(...)

15
bootloader/mcuboot/boot/espressif/hal/include/soc_log.h Normal file
View File

@@ -0,0 +1,15 @@
/*
* Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd.
*
* SPDX-License-Identifier: Apache-2.0
*/
#pragma once
#include <mcuboot_config/mcuboot_logging.h>
#include <esp_rom_sys.h>
#define SOC_LOGE(tag, fmt, ...) MCUBOOT_LOG_ERR("[%s] " fmt, tag, ##__VA_ARGS__)
#define SOC_LOGW(tag, fmt, ...) MCUBOOT_LOG_WRN("[%s] " fmt, tag, ##__VA_ARGS__)
#define SOC_LOGI(tag, fmt, ...) MCUBOOT_LOG_INF("[%s] " fmt, tag, ##__VA_ARGS__)
#define SOC_LOGD(tag, fmt, ...) MCUBOOT_LOG_DBG("[%s] " fmt, tag, ##__VA_ARGS__)

15
bootloader/mcuboot/boot/espressif/hal/src/bootloader_banner.c Normal file
View File

@@ -0,0 +1,15 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <mcuboot_config/mcuboot_logging.h>
/**
* Override the bootloader's print banner function from IDF.
*/
void __wrap_bootloader_print_banner(void)
{
MCUBOOT_LOG_INF("*** Booting MCUboot build %s ***", MCUBOOT_VER);
}

17
bootloader/mcuboot/boot/espressif/hal/src/bootloader_wdt.c Normal file
View File

@@ -0,0 +1,17 @@
/*
* Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd.
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <bootloader_wdt.h>
#include <hal/wdt_hal.h>
#include "soc/rtc.h"
void bootloader_wdt_feed(void)
{
wdt_hal_context_t rtc_wdt_ctx = RWDT_HAL_CONTEXT_DEFAULT();
wdt_hal_write_protect_disable(&rtc_wdt_ctx);
wdt_hal_feed(&rtc_wdt_ctx);
wdt_hal_write_protect_enable(&rtc_wdt_ctx);
}

38
bootloader/mcuboot/boot/espressif/hal/src/esp32/app_cpu_start.c Normal file
View File

@@ -0,0 +1,38 @@
/*
* SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include "app_cpu_start.h"
#include "soc/dport_reg.h"
#include "soc/gpio_periph.h"
#include "soc/rtc_periph.h"
#include "soc/rtc_cntl_reg.h"
#include "esp32/rom/cache.h"
#include "esp32/rom/uart.h"
#include "esp_cpu.h"
#include "esp_log.h"
static const char *TAG = "app_cpu_start";
void appcpu_start(uint32_t entry_addr)
{
ESP_LOGI(TAG, "Starting APPCPU");
Cache_Flush(1);
Cache_Read_Enable(1);
esp_cpu_unstall(1);
DPORT_SET_PERI_REG_MASK(DPORT_APPCPU_CTRL_B_REG, DPORT_APPCPU_CLKGATE_EN);
DPORT_CLEAR_PERI_REG_MASK(DPORT_APPCPU_CTRL_C_REG, DPORT_APPCPU_RUNSTALL);
DPORT_SET_PERI_REG_MASK(DPORT_APPCPU_CTRL_A_REG, DPORT_APPCPU_RESETTING);
DPORT_CLEAR_PERI_REG_MASK(DPORT_APPCPU_CTRL_A_REG, DPORT_APPCPU_RESETTING);
ets_set_appcpu_boot_addr(entry_addr);
ets_delay_us(10000);
uart_tx_wait_idle(0);
ESP_LOGI(TAG, "APPCPU start sequence complete");
}

24
bootloader/mcuboot/boot/espressif/hal/src/esp32/console_uart_custom.c Normal file
View File

@@ -0,0 +1,24 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <esp_rom_uart.h>
#include <hal/uart_ll.h>
#include <soc/uart_periph.h>
#if CONFIG_ESP_CONSOLE_UART_CUSTOM
static uart_dev_t *alt_console_uart_dev = (CONFIG_ESP_CONSOLE_UART_NUM == 0) ?
&UART0 :
(CONFIG_ESP_CONSOLE_UART_NUM == 1) ?
&UART1 :
&UART2;
void IRAM_ATTR esp_rom_uart_putc(char c)
{
while (uart_ll_get_txfifo_len(alt_console_uart_dev) == 0);
uart_ll_write_txfifo(alt_console_uart_dev, (const uint8_t *) &c, 1);
}
#endif

21
bootloader/mcuboot/boot/espressif/hal/src/esp32c2/console_uart_custom.c Normal file
View File

@@ -0,0 +1,21 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <esp_rom_uart.h>
#include <hal/uart_ll.h>
#include <soc/uart_periph.h>
#if CONFIG_ESP_CONSOLE_UART_CUSTOM
static uart_dev_t *alt_console_uart_dev = (CONFIG_ESP_CONSOLE_UART_NUM == 0) ?
&UART0 :
&UART1;
void IRAM_ATTR esp_rom_uart_putc(char c)
{
while (uart_ll_get_txfifo_len(alt_console_uart_dev) == 0);
uart_ll_write_txfifo(alt_console_uart_dev, (const uint8_t *) &c, 1);
}
#endif

22
bootloader/mcuboot/boot/espressif/hal/src/esp32c3/console_uart_custom.c Normal file
View File

@@ -0,0 +1,22 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <esp_rom_uart.h>
#include <hal/uart_ll.h>
#include <soc/uart_periph.h>
#if CONFIG_ESP_CONSOLE_UART_CUSTOM
static uart_dev_t *alt_console_uart_dev = (CONFIG_ESP_CONSOLE_UART_NUM == 0) ?
&UART0 :
&UART1;
void IRAM_ATTR esp_rom_uart_putc(char c)
{
while (uart_ll_get_txfifo_len(alt_console_uart_dev) == 0);
uart_ll_write_txfifo(alt_console_uart_dev, (const uint8_t *) &c, 1);
}
#endif

23
bootloader/mcuboot/boot/espressif/hal/src/esp32c6/console_uart_custom.c Normal file
View File

@@ -0,0 +1,23 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <esp_rom_uart.h>
#include <hal/uart_ll.h>
#include <soc/uart_periph.h>
#include <esp_attr.h>
#if CONFIG_ESP_CONSOLE_UART_CUSTOM
static uart_dev_t *alt_console_uart_dev = (CONFIG_ESP_CONSOLE_UART_NUM == 0) ?
&UART0 :
&UART1;
void IRAM_ATTR esp_rom_uart_putc(char c)
{
while (uart_ll_get_txfifo_len(alt_console_uart_dev) == 0);
uart_ll_write_txfifo(alt_console_uart_dev, (const uint8_t *) &c, 1);
}
#endif

22
bootloader/mcuboot/boot/espressif/hal/src/esp32h2/console_uart_custom.c Normal file
View File

@@ -0,0 +1,22 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <esp_rom_uart.h>
#include <hal/uart_ll.h>
#include <soc/uart_periph.h>
#include <esp_attr.h>
#if CONFIG_ESP_CONSOLE_UART_CUSTOM
static uart_dev_t *alt_console_uart_dev = (CONFIG_ESP_CONSOLE_UART_NUM == 0) ?
&UART0 :
&UART1;
void IRAM_ATTR esp_rom_uart_putc(char c)
{
while (uart_ll_get_txfifo_len(alt_console_uart_dev) == 0);
uart_ll_write_txfifo(alt_console_uart_dev, (const uint8_t *) &c, 1);
}
#endif

42
bootloader/mcuboot/boot/espressif/hal/src/esp32s3/app_cpu_start.c Normal file
View File

@@ -0,0 +1,42 @@
/*
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include "app_cpu_start.h"
#include "esp_rom_sys.h"
#include "soc/dport_reg.h"
#include "soc/gpio_periph.h"
#include "soc/rtc_periph.h"
#include "soc/rtc_cntl_reg.h"
#include "esp32s3/rom/cache.h"
#include "esp32s3/rom/uart.h"
#include "esp_cpu.h"
#include "esp_log.h"
static const char *TAG = "app_cpu_start";
void appcpu_start(uint32_t entry_addr)
{
ESP_LOGI(TAG, "Starting APPCPU");
esp_cpu_unstall(1);
// Enable clock and reset APP CPU. Note that OpenOCD may have already
// enabled clock and taken APP CPU out of reset. In this case don't reset
// APP CPU again, as that will clear the breakpoints which may have already
// been set.
if (!REG_GET_BIT(SYSTEM_CORE_1_CONTROL_0_REG, SYSTEM_CONTROL_CORE_1_CLKGATE_EN)) {
REG_SET_BIT(SYSTEM_CORE_1_CONTROL_0_REG, SYSTEM_CONTROL_CORE_1_CLKGATE_EN);
REG_CLR_BIT(SYSTEM_CORE_1_CONTROL_0_REG, SYSTEM_CONTROL_CORE_1_RUNSTALL);
REG_SET_BIT(SYSTEM_CORE_1_CONTROL_0_REG, SYSTEM_CONTROL_CORE_1_RESETING);
REG_CLR_BIT(SYSTEM_CORE_1_CONTROL_0_REG, SYSTEM_CONTROL_CORE_1_RESETING);
}
ets_set_appcpu_boot_addr(entry_addr);
esp_rom_delay_us(10000);
uart_tx_wait_idle(0);
ESP_LOGI(TAG, "APPCPU start sequence complete");
}

482
bootloader/mcuboot/boot/espressif/hal/src/flash_encrypt.c Normal file
View File

@@ -0,0 +1,482 @@
/*
* SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <strings.h>
#include "bootloader_flash_priv.h"
#include "bootloader_random.h"
#include "esp_image_format.h"
#include "esp_flash_encrypt.h"
#include "esp_flash_partitions.h"
#include "esp_secure_boot.h"
#include "esp_efuse.h"
#include "esp_efuse_table.h"
#include "esp_log.h"
#include "hal/wdt_hal.h"
#include "hal/efuse_hal.h"
#include "soc/soc_caps.h"
#ifdef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
#include "soc/sensitive_reg.h"
#endif
#include "esp_mcuboot_image.h"
#if CONFIG_IDF_TARGET_ESP32
#define CRYPT_CNT ESP_EFUSE_FLASH_CRYPT_CNT
#define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT
#else
#define CRYPT_CNT ESP_EFUSE_SPI_BOOT_CRYPT_CNT
#define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT
#endif
#define FLASH_ENC_CNT_MAX (CRYPT_CNT[0]->bit_count)
/* This file implements FLASH ENCRYPTION related APIs to perform
* various operations such as programming necessary flash encryption
* eFuses, detect whether flash encryption is enabled (by reading eFuse)
* and if required encrypt the partitions in flash memory
*/
static const char *TAG = "flash_encrypt";
/* Static functions for stages of flash encryption */
static esp_err_t encrypt_bootloader(void);
static esp_err_t encrypt_primary_slot(void);
static size_t get_flash_encrypt_cnt_value(void);
/**
* This former inlined function must not be defined in the header file anymore.
* As it depends on efuse component, any use of it outside of `bootloader_support`,
* would require the caller component to include `efuse` as part of its `REQUIRES` or
* `PRIV_REQUIRES` entries.
* Attribute IRAM_ATTR must be specified for the app build.
*/
bool IRAM_ATTR esp_flash_encryption_enabled(void)
{
#ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
return efuse_hal_flash_encryption_enabled();
#else
uint32_t flash_crypt_cnt = 0;
#if CONFIG_IDF_TARGET_ESP32
esp_efuse_read_field_blob(ESP_EFUSE_FLASH_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count);
#else
esp_efuse_read_field_blob(ESP_EFUSE_SPI_BOOT_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count);
#endif
/* __builtin_parity is in flash, so we calculate parity inline */
bool enabled = false;
while (flash_crypt_cnt) {
if (flash_crypt_cnt & 1) {
enabled = !enabled;
}
flash_crypt_cnt >>= 1;
}
return enabled;
#endif // CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
}
static size_t get_flash_encrypt_cnt_value(void)
{
size_t flash_crypt_cnt = 0;
esp_efuse_read_field_cnt(CRYPT_CNT, &flash_crypt_cnt);
return flash_crypt_cnt;
}
bool esp_flash_encrypt_initialized_once(void)
{
return get_flash_encrypt_cnt_value() != 0;
}
bool esp_flash_encrypt_is_write_protected(bool print_error)
{
if (esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT)) {
if (print_error) {
ESP_LOGE(TAG, "Flash Encryption cannot be enabled (CRYPT_CNT (%d) is write protected)", get_flash_encrypt_cnt_value());
}
return true;
}
return false;
}
bool esp_flash_encrypt_state(void)
{
size_t flash_crypt_cnt = get_flash_encrypt_cnt_value();
bool flash_crypt_wr_dis = esp_flash_encrypt_is_write_protected(false);
ESP_LOGV(TAG, "CRYPT_CNT %d, write protection %d", flash_crypt_cnt, flash_crypt_wr_dis);
if (flash_crypt_cnt % 2 == 1) {
/* Flash is already encrypted */
int left = (FLASH_ENC_CNT_MAX - flash_crypt_cnt) / 2;
if (flash_crypt_wr_dis) {
left = 0; /* can't update FLASH_CRYPT_CNT, no more flashes */
}
ESP_LOGI(TAG, "flash encryption is enabled (%d plaintext flashes left)", left);
return true;
}
return false;
}
esp_err_t esp_flash_encrypt_check_and_update(void)
{
bool flash_encryption_enabled = esp_flash_encrypt_state();
if (!flash_encryption_enabled) {
#ifndef CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
if (esp_flash_encrypt_is_write_protected(true)) {
return ESP_FAIL;
}
esp_err_t err = esp_flash_encrypt_init();
if (err != ESP_OK) {
ESP_LOGE(TAG, "Initialization of Flash encryption key failed (%d)", err);
return err;
}
err = esp_flash_encrypt_contents();
if (err != ESP_OK) {
ESP_LOGE(TAG, "Encryption flash contents failed (%d)", err);
return err;
}
err = esp_flash_encrypt_enable();
if (err != ESP_OK) {
ESP_LOGE(TAG, "Enabling of Flash encryption failed (%d)", err);
return err;
}
#else
ESP_LOGE(TAG, "flash encryption is not enabled, and SECURE_FLASH_REQUIRE_ALREADY_ENABLED "
"is set, refusing to boot.");
return ESP_ERR_INVALID_STATE;
#endif // CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
}
return ESP_OK;
}
static esp_err_t check_and_generate_encryption_keys(void)
{
size_t key_size = 32;
#ifdef CONFIG_IDF_TARGET_ESP32
enum { BLOCKS_NEEDED = 1 };
esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
ESP_EFUSE_KEY_PURPOSE_FLASH_ENCRYPTION,
};
esp_efuse_coding_scheme_t coding_scheme = esp_efuse_get_coding_scheme(EFUSE_BLK_ENCRYPT_FLASH);
if (coding_scheme != EFUSE_CODING_SCHEME_NONE && coding_scheme != EFUSE_CODING_SCHEME_3_4) {
ESP_LOGE(TAG, "Unknown/unsupported CODING_SCHEME value 0x%x", coding_scheme);
return ESP_ERR_NOT_SUPPORTED;
}
if (coding_scheme == EFUSE_CODING_SCHEME_3_4) {
key_size = 24;
}
#else
#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_AES256
enum { BLOCKS_NEEDED = 2 };
esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1,
ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2,
};
if (esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY, NULL)) {
ESP_LOGE(TAG, "XTS_AES_128_KEY is already in use, XTS_AES_256_KEY_1/2 can not be used");
return ESP_ERR_INVALID_STATE;
}
#else
#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_AES128_DERIVED
enum { BLOCKS_NEEDED = 1 };
esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY_DERIVED_FROM_128_EFUSE_BITS,
};
key_size = 16;
#else
enum { BLOCKS_NEEDED = 1 };
esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY,
};
#endif // CONFIG_SECURE_FLASH_ENCRYPTION_AES128_DERIVED
#endif // CONFIG_SECURE_FLASH_ENCRYPTION_AES256
#endif // CONFIG_IDF_TARGET_ESP32
/* Initialize all efuse block entries to invalid (max) value */
esp_efuse_block_t blocks[BLOCKS_NEEDED] = {[0 ... BLOCKS_NEEDED-1] = EFUSE_BLK_KEY_MAX};
bool has_key = true;
for (unsigned i = 0; i < BLOCKS_NEEDED; i++) {
bool tmp_has_key = esp_efuse_find_purpose(purposes[i], &blocks[i]);
if (tmp_has_key) { // For ESP32: esp_efuse_find_purpose() always returns True, need to check whether the key block is used or not.
tmp_has_key &= !esp_efuse_key_block_unused(blocks[i]);
}
if (i == 1 && tmp_has_key != has_key) {
ESP_LOGE(TAG, "Invalid efuse key blocks: Both AES-256 key blocks must be set.");
return ESP_ERR_INVALID_STATE;
}
has_key &= tmp_has_key;
}
if (!has_key) {
/* Generate key */
uint8_t keys[BLOCKS_NEEDED][32] = { 0 };
ESP_LOGI(TAG, "Generating new flash encryption key...");
for (unsigned i = 0; i < BLOCKS_NEEDED; ++i) {
bootloader_fill_random(keys[i], key_size);
}
ESP_LOGD(TAG, "Key generation complete");
esp_err_t err = esp_efuse_write_keys(purposes, keys, BLOCKS_NEEDED);
if (err != ESP_OK) {
if (err == ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS) {
ESP_LOGE(TAG, "Not enough free efuse key blocks (need %d) to continue", BLOCKS_NEEDED);
} else {
ESP_LOGE(TAG, "Failed to write efuse block with purpose (err=0x%x). Can't continue.", err);
}
return err;
}
} else {
for (unsigned i = 0; i < BLOCKS_NEEDED; i++) {
if (!esp_efuse_get_key_dis_write(blocks[i])
|| !esp_efuse_get_key_dis_read(blocks[i])
|| !esp_efuse_get_keypurpose_dis_write(blocks[i])) { // For ESP32: no keypurpose, it returns always True.
ESP_LOGE(TAG, "Invalid key state, check read&write protection for key and keypurpose(if exists)");
return ESP_ERR_INVALID_STATE;
}
}
ESP_LOGI(TAG, "Using pre-loaded flash encryption key in efuse");
}
return ESP_OK;
}
esp_err_t esp_flash_encrypt_init(void)
{
if (esp_flash_encryption_enabled() || esp_flash_encrypt_initialized_once()) {
return ESP_OK;
}
/* Very first flash encryption pass: generate keys, etc. */
esp_efuse_batch_write_begin(); /* Batch all efuse writes at the end of this function */
/* Before first flash encryption pass, need to initialise key & crypto config */
esp_err_t err = check_and_generate_encryption_keys();
if (err != ESP_OK) {
esp_efuse_batch_write_cancel();
return err;
}
err = esp_flash_encryption_enable_secure_features();
if (err != ESP_OK) {
esp_efuse_batch_write_cancel();
return err;
}
err = esp_efuse_batch_write_commit();
if (err != ESP_OK) {
ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err);
return err;
}
return ESP_OK;
}
/* Encrypt all flash data that should be encrypted */
esp_err_t esp_flash_encrypt_contents(void)
{
esp_err_t err;
#ifdef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
REG_WRITE(SENSITIVE_XTS_AES_KEY_UPDATE_REG, 1);
#endif
err = encrypt_bootloader();
if (err != ESP_OK) {
return err;
}
/* If the primary slot executable application is not encrypted,
* then encrypt it
*/
err = encrypt_primary_slot();
if (err != ESP_OK) {
return err;
}
/* Unconditionally encrypts remaining regions
* This will need changes when implementing multi-slot support
*/
ESP_LOGI(TAG, "Encrypting remaining flash...");
uint32_t region_addr = CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS;
size_t region_size = CONFIG_ESP_APPLICATION_SIZE;
err = esp_flash_encrypt_region(region_addr, region_size);
if (err != ESP_OK) {
return err;
}
region_addr = CONFIG_ESP_SCRATCH_OFFSET;
region_size = CONFIG_ESP_SCRATCH_SIZE;
err = esp_flash_encrypt_region(region_addr, region_size);
if (err != ESP_OK) {
return err;
}
#if defined(CONFIG_ESP_IMAGE_NUMBER) && (CONFIG_ESP_IMAGE_NUMBER == 2)
region_addr = CONFIG_ESP_IMAGE1_PRIMARY_START_ADDRESS;
region_size = CONFIG_ESP_APPLICATION_SIZE;
err = esp_flash_encrypt_region(region_addr, region_size);
if (err != ESP_OK) {
return err;
}
region_addr = CONFIG_ESP_IMAGE1_SECONDARY_START_ADDRESS;
region_size = CONFIG_ESP_APPLICATION_SIZE;
err = esp_flash_encrypt_region(region_addr, region_size);
if (err != ESP_OK) {
return err;
}
#endif
ESP_LOGI(TAG, "Flash encryption completed");
return ESP_OK;
}
esp_err_t esp_flash_encrypt_enable(void)
{
esp_err_t err = ESP_OK;
if (!esp_flash_encryption_enabled()) {
if (esp_flash_encrypt_is_write_protected(true)) {
return ESP_FAIL;
}
size_t flash_crypt_cnt = get_flash_encrypt_cnt_value();
#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
// Go straight to max, permanently enabled
ESP_LOGI(TAG, "Setting CRYPT_CNT for permanent encryption");
size_t new_flash_crypt_cnt = FLASH_ENC_CNT_MAX - flash_crypt_cnt;
#else
/* Set least significant 0-bit in flash_crypt_cnt */
size_t new_flash_crypt_cnt = 1;
#endif
ESP_LOGD(TAG, "CRYPT_CNT %d -> %d", flash_crypt_cnt, new_flash_crypt_cnt);
err = esp_efuse_write_field_cnt(CRYPT_CNT, new_flash_crypt_cnt);
#if defined(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE) && defined(CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED)
// For AES128_DERIVED, FE key is 16 bytes and XTS_KEY_LENGTH_256 is 0.
// It is important to protect XTS_KEY_LENGTH_256 from further changing it to 1. Set write protection for this bit.
// Burning WR_DIS_CRYPT_CNT, blocks further changing of eFuses: DOWNLOAD_DIS_MANUAL_ENCRYPT, SPI_BOOT_CRYPT_CNT, [XTS_KEY_LENGTH_256], SECURE_BOOT_EN.
esp_efuse_write_field_bit(WR_DIS_CRYPT_CNT);
#endif
}
ESP_LOGI(TAG, "Flash encryption completed");
#ifdef CONFIG_EFUSE_VIRTUAL
ESP_LOGW(TAG, "Flash encryption not really completed. Must disable virtual efuses");
#endif
return err;
}
static esp_err_t encrypt_bootloader(void)
{
esp_err_t err;
uint32_t image_length;
/* Check for plaintext bootloader (verification will fail if it's already encrypted) */
if (esp_image_verify_bootloader(&image_length) == ESP_OK) {
ESP_LOGI(TAG, "Encrypting bootloader...");
err = esp_flash_encrypt_region(ESP_BOOTLOADER_OFFSET, CONFIG_ESP_BOOTLOADER_SIZE);
if (err != ESP_OK) {
ESP_LOGE(TAG, "Failed to encrypt bootloader in place: 0x%x", err);
return err;
}
ESP_LOGI(TAG, "Bootloader encrypted successfully");
} else {
ESP_LOGW(TAG, "No valid bootloader was found");
return ESP_ERR_NOT_FOUND;
}
return ESP_OK;
}
static esp_err_t verify_img_header(uint32_t addr, const esp_image_load_header_t *image, bool silent)
{
esp_err_t err = ESP_OK;
if (image->header_magic != ESP_LOAD_HEADER_MAGIC) {
if (!silent) {
ESP_LOGE(TAG, "image at 0x%x has invalid magic byte",
addr);
}
err = ESP_ERR_IMAGE_INVALID;
}
return err;
}
static esp_err_t encrypt_primary_slot(void)
{
esp_err_t err;
esp_image_load_header_t img_header;
/* Check if the slot is plaintext or encrypted, 0x20 offset is for skipping
* MCUboot header
*/
err = bootloader_flash_read(CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS + 0x20,
&img_header, sizeof(esp_image_load_header_t), true);
if (err != ESP_OK) {
ESP_LOGE(TAG, "Failed to read slot img header");
return err;
} else {
err = verify_img_header(CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS,
&img_header, true);
}
if (err == ESP_OK) {
ESP_LOGI(TAG, "Encrypting primary slot...");
err = esp_flash_encrypt_region(CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS,
CONFIG_ESP_APPLICATION_SIZE);
if (err != ESP_OK) {
ESP_LOGE(TAG, "Failed to encrypt slot in place: 0x%x", err);
return err;
}
} else {
ESP_LOGW(TAG, "Slot already encrypted or no valid image was found");
}
return ESP_OK;
}
esp_err_t esp_flash_encrypt_region(uint32_t src_addr, size_t data_length)
{
esp_err_t err;
uint32_t buf[FLASH_SECTOR_SIZE / sizeof(uint32_t)];
if (src_addr % FLASH_SECTOR_SIZE != 0) {
ESP_LOGE(TAG, "esp_flash_encrypt_region bad src_addr 0x%x", src_addr);
return ESP_FAIL;
}
wdt_hal_context_t rtc_wdt_ctx = RWDT_HAL_CONTEXT_DEFAULT();
for (size_t i = 0; i < data_length; i += FLASH_SECTOR_SIZE) {
wdt_hal_write_protect_disable(&rtc_wdt_ctx);
wdt_hal_feed(&rtc_wdt_ctx);
wdt_hal_write_protect_enable(&rtc_wdt_ctx);
uint32_t sec_start = i + src_addr;
err = bootloader_flash_read(sec_start, buf, FLASH_SECTOR_SIZE, true);
if (err != ESP_OK) {
goto flash_failed;
}
err = bootloader_flash_erase_sector(sec_start / FLASH_SECTOR_SIZE);
if (err != ESP_OK) {
goto flash_failed;
}
err = bootloader_flash_write(sec_start, buf, FLASH_SECTOR_SIZE, true);
if (err != ESP_OK) {
goto flash_failed;
}
}
return ESP_OK;
flash_failed:
ESP_LOGE(TAG, "flash operation failed: 0x%x", err);
return err;
}

266
bootloader/mcuboot/boot/espressif/hal/src/secure_boot.c Normal file
View File

@@ -0,0 +1,266 @@
/*
* SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include <string.h>
#include "sdkconfig.h"
#include "esp_log.h"
#include "esp_secure_boot.h"
#include "bootloader_flash_priv.h"
#include "bootloader_sha.h"
#include "bootloader_utility.h"
#include "esp_image_format.h"
#include "esp_efuse.h"
#include "esp_efuse_table.h"
#include "secure_boot_signature_priv.h"
/* The following API implementations are used only when called
* from the bootloader code.
*/
#ifdef CONFIG_SECURE_BOOT_V2_ENABLED
#define ALIGN_UP(num, align) (((num) + ((align) - 1)) & ~((align) - 1))
static const char *TAG = "secure_boot_v2";
/* A signature block is valid when it has correct magic byte, crc and image digest. */
static esp_err_t validate_signature_block(const ets_secure_boot_sig_block_t *block, int block_num, const uint8_t *image_digest)
{
if (block->magic_byte != ETS_SECURE_BOOT_V2_SIGNATURE_MAGIC) {
// All signature blocks have been parsed, no new signature block present.
ESP_LOGD(TAG, "Signature block(%d) invalid/absent.", block_num);
return ESP_FAIL;
}
if (block->block_crc != esp_rom_crc32_le(0, (uint8_t *)block, CRC_SIGN_BLOCK_LEN)) {
ESP_LOGE(TAG, "Magic byte correct but incorrect crc.");
return ESP_FAIL;
}
if (memcmp(image_digest, block->image_digest, ESP_SECURE_BOOT_DIGEST_LEN)) {
ESP_LOGE(TAG, "Magic byte & CRC correct but incorrect image digest.");
return ESP_FAIL;
} else {
ESP_LOGD(TAG, "valid signature block(%d) found", block_num);
return ESP_OK;
}
return ESP_FAIL;
}
/* Generates the public key digests of the valid public keys in an image's
signature block, verifies each signature, and stores the key digests in the
public_key_digests structure.
@param flash_offset Image offset in flash
@param flash_size Image size in flash (not including signature block)
@param[out] public_key_digests Pointer to structure to hold the key digests for valid sig blocks
Note that this function doesn't read any eFuses, so it doesn't know if the
keys are ultimately trusted by the hardware or not
@return - ESP_OK if no signatures failed to verify, or if no valid signature blocks are found at all.
- ESP_FAIL if there's a valid signature block that doesn't verify using the included public key (unexpected!)
*/
static esp_err_t s_calculate_image_public_key_digests(uint32_t flash_offset, uint32_t flash_size, esp_image_sig_public_key_digests_t *public_key_digests)
{
esp_err_t ret;
uint8_t image_digest[ESP_SECURE_BOOT_DIGEST_LEN] = {0};
uint8_t __attribute__((aligned(4))) key_digest[ESP_SECURE_BOOT_DIGEST_LEN] = {0};
size_t sig_block_addr = flash_offset + ALIGN_UP(flash_size, FLASH_SECTOR_SIZE);
ESP_LOGD(TAG, "calculating public key digests for sig blocks of image offset 0x%x (sig block offset 0x%x)", flash_offset, sig_block_addr);
bzero(public_key_digests, sizeof(esp_image_sig_public_key_digests_t));
ret = bootloader_sha256_flash_contents(flash_offset, sig_block_addr - flash_offset, image_digest);
if (ret != ESP_OK) {
ESP_LOGE(TAG, "error generating image digest, %d", ret);
return ret;
}
ESP_LOGD(TAG, "reading signature(s)");
const ets_secure_boot_signature_t *signatures = bootloader_mmap(sig_block_addr, sizeof(ets_secure_boot_signature_t));
if (signatures == NULL) {
ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", sig_block_addr, sizeof(ets_secure_boot_signature_t));
return ESP_FAIL;
}
/* Validating Signature block */
for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
const ets_secure_boot_sig_block_t *block = &signatures->block[i];
ret = validate_signature_block(block, i, image_digest);
if (ret != ESP_OK) {
ret = ESP_OK; // past the last valid signature block
break;
}
/* Generating the SHA of the public key components in the signature block */
bootloader_sha256_handle_t sig_block_sha;
sig_block_sha = bootloader_sha256_start();
#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME
bootloader_sha256_data(sig_block_sha, &block->key, sizeof(block->key));
#elif CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME
bootloader_sha256_data(sig_block_sha, &block->ecdsa.key, sizeof(block->ecdsa.key));
#endif
bootloader_sha256_finish(sig_block_sha, key_digest);
// Check we can verify the image using this signature and this key
uint8_t temp_verified_digest[ESP_SECURE_BOOT_DIGEST_LEN];
#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME
bool verified = ets_rsa_pss_verify(&block->key, block->signature, image_digest, temp_verified_digest);
#elif CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME
bool verified = ets_ecdsa_verify(&block->ecdsa.key.point[0], block->ecdsa.signature, block->ecdsa.key.curve_id, image_digest, temp_verified_digest);
#endif
if (!verified) {
/* We don't expect this: the signature blocks before we enable secure boot should all be verifiable or invalid,
so this is a fatal error
*/
ret = ESP_FAIL;
ESP_LOGE(TAG, "Secure boot key (%d) verification failed.", i);
break;
}
ESP_LOGD(TAG, "Signature block (%d) is verified", i);
/* Copy the key digest to the buffer provided by the caller */
memcpy((void *)public_key_digests->key_digests[i], key_digest, ESP_SECURE_BOOT_DIGEST_LEN);
public_key_digests->num_digests++;
}
if (ret == ESP_OK && public_key_digests->num_digests > 0) {
ESP_LOGI(TAG, "Digests successfully calculated, %d valid signatures (image offset 0x%x)",
public_key_digests->num_digests, flash_offset);
}
bootloader_munmap(signatures);
return ret;
}
esp_err_t check_and_generate_secure_boot_keys(void)
{
esp_err_t ret;
#ifdef CONFIG_IDF_TARGET_ESP32
esp_efuse_coding_scheme_t coding_scheme = esp_efuse_get_coding_scheme(EFUSE_BLK_SECURE_BOOT);
if (coding_scheme != EFUSE_CODING_SCHEME_NONE) {
ESP_LOGE(TAG, "No coding schemes are supported in secure boot v2.(Detected scheme: 0x%x)", coding_scheme);
return ESP_ERR_NOT_SUPPORTED;
}
#endif // CONFIG_IDF_TARGET_ESP32
esp_efuse_purpose_t secure_boot_key_purpose[SECURE_BOOT_NUM_BLOCKS] = {
#if SECURE_BOOT_NUM_BLOCKS == 1
ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2,
#else
ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST0,
ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST1,
ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST2,
#endif
};
/* Verify the bootloader */
esp_image_metadata_t bootloader_data = { 0 };
ret = esp_image_verify_bootloader_data(&bootloader_data);
if (ret != ESP_OK) {
ESP_LOGE(TAG, "bootloader image appears invalid! error %d", ret);
return ret;
}
/* Initialize all efuse block entries to invalid (max) value */
esp_efuse_block_t blocks[SECURE_BOOT_NUM_BLOCKS] = {[0 ... SECURE_BOOT_NUM_BLOCKS-1] = EFUSE_BLK_KEY_MAX};
/* Check if secure boot digests are present */
bool has_secure_boot_digest = false;
for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
bool tmp_has_key = esp_efuse_find_purpose(secure_boot_key_purpose[i], &blocks[i]);
if (tmp_has_key) { // For ESP32: esp_efuse_find_purpose() always returns True, need to check whether the key block is used or not.
tmp_has_key &= !esp_efuse_key_block_unused(blocks[i]);
}
has_secure_boot_digest |= tmp_has_key;
}
esp_image_sig_public_key_digests_t boot_key_digests = {0};
ESP_LOGI(TAG, "Secure boot digests %s", has_secure_boot_digest ? "already present":"absent, generating..");
if (!has_secure_boot_digest) {
/* Generate the bootloader public key digests */
ret = s_calculate_image_public_key_digests(bootloader_data.start_addr, bootloader_data.image_len - SIG_BLOCK_PADDING, &boot_key_digests);
if (ret != ESP_OK) {
ESP_LOGE(TAG, "Bootloader signature block is invalid");
return ret;
}
if (boot_key_digests.num_digests == 0) {
ESP_LOGE(TAG, "No valid bootloader signature blocks found.");
return ESP_FAIL;
}
ESP_LOGI(TAG, "%d signature block(s) found appended to the bootloader.", boot_key_digests.num_digests);
ESP_LOGI(TAG, "Burning public key hash to eFuse");
ret = esp_efuse_write_keys(secure_boot_key_purpose, boot_key_digests.key_digests, boot_key_digests.num_digests);
if (ret != ESP_OK) {
if (ret == ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS) {
ESP_LOGE(TAG, "Bootloader signatures(%d) more than available key slots.", boot_key_digests.num_digests);
} else {
ESP_LOGE(TAG, "Failed to write efuse block with purpose (err=0x%x). Can't continue.", ret);
}
return ret;
}
} else {
for (unsigned i = 0; i < SECURE_BOOT_NUM_BLOCKS; i++) {
/* Check if corresponding digest slot is used or not */
if (blocks[i] == EFUSE_BLK_KEY_MAX) {
ESP_LOGD(TAG, "SECURE_BOOT_DIGEST%d slot is not used", i);
continue;
}
#if SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS
if (esp_efuse_get_digest_revoke(i)) {
continue;
}
#endif
#ifndef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
if (esp_efuse_get_key_dis_read(blocks[i])) {
ESP_LOGE(TAG, "Key digest (BLK%d) read protected, aborting...", blocks[i]);
return ESP_FAIL;
}
#endif
if (esp_efuse_block_is_empty(blocks[i])) {
ESP_LOGE(TAG, "%d eFuse block is empty, aborting...", blocks[i]);
return ESP_FAIL;
}
esp_efuse_set_key_dis_write(blocks[i]);
#ifdef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
size_t offset = 128;
#else
size_t offset = 0;
#endif
ret = esp_efuse_read_block(blocks[i], boot_key_digests.key_digests[boot_key_digests.num_digests], offset,
ESP_SECURE_BOOT_KEY_DIGEST_LEN * 8);
if (ret) {
ESP_LOGE(TAG, "Error during reading %d eFuse block (err=0x%x)", blocks[i], ret);
return ret;
}
boot_key_digests.num_digests++;
}
if (boot_key_digests.num_digests == 0) {
ESP_LOGE(TAG, "No valid pre-loaded public key digest in eFuse");
return ESP_FAIL;
}
ESP_LOGW(TAG, "Using pre-loaded public key digest in eFuse");
}
#if SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS
/* Revoke the empty signature blocks */
if (boot_key_digests.num_digests < SECURE_BOOT_NUM_BLOCKS) {
/* The revocation index can be 0, 1, 2. Bootloader count can be 1,2,3. */
for (unsigned i = boot_key_digests.num_digests; i < SECURE_BOOT_NUM_BLOCKS; i++) {
ESP_LOGI(TAG, "Revoking empty key digest slot (%d)...", i);
esp_efuse_set_digest_revoke(i);
}
}
#endif // SOC_EFUSE_REVOKE_BOOT_KEY_DIGESTS
return ESP_OK;
}
#endif // CONFIG_SECURE_BOOT_V2_ENABLED