mirror of
				https://github.com/0xFEEDC0DE64/arduino-esp32.git
				synced 2025-10-24 19:51:42 +02:00 
			
		
		
		
	v2.0.0 Add support for ESP32S2 and update ESP-IDF to 4.4 (#4996)
This is very much still work in progress and much more will change before the final 2.0.0 Some APIs have changed. New libraries have been added. LittleFS included. Co-authored-by: Seon Rozenblum <seonr@3sprockets.com> Co-authored-by: Me No Dev <me-no-dev@users.noreply.github.com> Co-authored-by: geeksville <kevinh@geeksville.com> Co-authored-by: Mike Dunston <m_dunston@comcast.net> Co-authored-by: Unexpected Maker <seon@unexpectedmaker.com> Co-authored-by: Seon Rozenblum <seonr@3sprockets.com> Co-authored-by: microDev <70126934+microDev1@users.noreply.github.com> Co-authored-by: tobozo <tobozo@users.noreply.github.com> Co-authored-by: bobobo1618 <bobobo1618@users.noreply.github.com> Co-authored-by: lorol <lorolouis@gmail.com> Co-authored-by: geeksville <kevinh@geeksville.com> Co-authored-by: Limor "Ladyada" Fried <limor@ladyada.net> Co-authored-by: Sweety <switi.mhaiske@espressif.com> Co-authored-by: Loick MAHIEUX <loick111@gmail.com> Co-authored-by: Larry Bernstone <lbernstone@gmail.com> Co-authored-by: Valerii Koval <valeros@users.noreply.github.com> Co-authored-by: 快乐的我531 <2302004040@qq.com> Co-authored-by: chegewara <imperiaonline4@gmail.com> Co-authored-by: Clemens Kirchgatterer <clemens@1541.org> Co-authored-by: Aron Rubin <aronrubin@gmail.com> Co-authored-by: Pete Lewis <601236+lewispg228@users.noreply.github.com>
This commit is contained in:
		| @@ -0,0 +1,33 @@ | ||||
| // Copyright 2017 Espressif Systems (Shanghai) PTE LTD | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
| // | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
|  | ||||
| #pragma once | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
|  | ||||
| /** @brief Configure clocks for early boot | ||||
|  * | ||||
|  * Called by bootloader, or by the app if the bootloader version is old (pre v2.1). | ||||
|  */ | ||||
| void bootloader_clock_configure(void); | ||||
|  | ||||
| /** @brief Return the rated maximum frequency of this chip | ||||
|  */ | ||||
| int bootloader_clock_get_rated_freq_mhz(void); | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| @@ -0,0 +1,269 @@ | ||||
| // Copyright 2018 Espressif Systems (Shanghai) PTE LTD | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
| // | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
|  | ||||
| #pragma once | ||||
| #include "esp_flash_partitions.h" | ||||
| #include "esp_image_format.h" | ||||
| #include "esp_app_format.h" | ||||
| // RESET_REASON is declared in rom/rtc.h | ||||
| #if CONFIG_IDF_TARGET_ESP32 | ||||
| #include "esp32/rom/rtc.h" | ||||
| #elif CONFIG_IDF_TARGET_ESP32S2 | ||||
| #include "esp32s2/rom/rtc.h" | ||||
| #elif CONFIG_IDF_TARGET_ESP32S3 | ||||
| #include "esp32s3/rom/rtc.h" | ||||
| #elif CONFIG_IDF_TARGET_ESP32C3 | ||||
| #include "esp32c3/rom/rtc.h" | ||||
| #endif | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
|  | ||||
| /// Type of hold a GPIO in low state | ||||
| typedef enum { | ||||
|     GPIO_LONG_HOLD  = 1,    /*!< The long hold GPIO */ | ||||
|     GPIO_SHORT_HOLD = -1,   /*!< The short hold GPIO */ | ||||
|     GPIO_NOT_HOLD   = 0     /*!< If the GPIO input is not low */ | ||||
| } esp_comm_gpio_hold_t; | ||||
|  | ||||
| typedef enum { | ||||
|     ESP_IMAGE_BOOTLOADER, | ||||
|     ESP_IMAGE_APPLICATION | ||||
| } esp_image_type; | ||||
|  | ||||
| /** | ||||
|  * @brief Calculate crc for the OTA data select. | ||||
|  * | ||||
|  * @param[in] s The OTA data select. | ||||
|  * @return    Returns crc value. | ||||
|  */ | ||||
| uint32_t bootloader_common_ota_select_crc(const esp_ota_select_entry_t *s); | ||||
|  | ||||
| /** | ||||
|  * @brief Verifies the validity of the OTA data select | ||||
|  * | ||||
|  * @param[in] s The OTA data select. | ||||
|  * @return    Returns true on valid, false otherwise. | ||||
|  */ | ||||
| bool bootloader_common_ota_select_valid(const esp_ota_select_entry_t *s); | ||||
|  | ||||
| /** | ||||
|  * @brief Returns true if OTADATA is not marked as bootable partition. | ||||
|  * | ||||
|  * @param[in] s The OTA data select. | ||||
|  * @return    Returns true if OTADATA invalid, false otherwise. | ||||
|  */ | ||||
| bool bootloader_common_ota_select_invalid(const esp_ota_select_entry_t *s); | ||||
|  | ||||
| /** | ||||
|  * @brief Check if the GPIO input is a long hold or a short hold. | ||||
|  * | ||||
|  * Number of the GPIO input will be configured as an input with internal pull-up enabled. | ||||
|  * If the GPIO input is held low continuously for delay_sec period then it is a long hold. | ||||
|  * If the GPIO input is held low for less period then it is a short hold. | ||||
|  * | ||||
|  * @param[in] num_pin Number of the GPIO input. | ||||
|  * @param[in] delay_sec Input must be driven low for at least this long, continuously. | ||||
|  * @return esp_comm_gpio_hold_t Defines type of hold a GPIO in low state. | ||||
|  */ | ||||
| esp_comm_gpio_hold_t bootloader_common_check_long_hold_gpio(uint32_t num_pin, uint32_t delay_sec); | ||||
|  | ||||
| /** | ||||
|  * @brief Erase the partition data that is specified in the transferred list. | ||||
|  * | ||||
|  * @param[in] list_erase String containing a list of cleared partitions. Like this "nvs, phy". The string must be null-terminal. | ||||
|  * @param[in] ota_data_erase If true then the OTA data partition will be cleared (if there is it in partition table). | ||||
|  * @return    Returns true on success, false otherwise. | ||||
|  */ | ||||
| bool bootloader_common_erase_part_type_data(const char *list_erase, bool ota_data_erase); | ||||
|  | ||||
| /** | ||||
|  * @brief Determines if the list contains the label | ||||
|  * | ||||
|  * @param[in] list  A string of names delimited by commas or spaces. Like this "nvs, phy, data". The string must be null-terminated. | ||||
|  * @param[in] label The substring that will be searched in the list. | ||||
|  * @return    Returns true if the list contains the label, false otherwise. | ||||
|  */ | ||||
| bool bootloader_common_label_search(const char *list, char *label); | ||||
|  | ||||
| /** | ||||
|  * @brief Configure default SPI pin modes and drive strengths | ||||
|  * | ||||
|  * @param drv GPIO drive level (determined by clock frequency) | ||||
|  */ | ||||
| void bootloader_configure_spi_pins(int drv); | ||||
|  | ||||
| /** | ||||
|  * @brief Calculates a sha-256 for a given partition or returns a appended digest. | ||||
|  * | ||||
|  * This function can be used to return the SHA-256 digest of application, bootloader and data partitions. | ||||
|  * For apps with SHA-256 appended to the app image, the result is the appended SHA-256 value for the app image content. | ||||
|  * The hash is verified before returning, if app content is invalid then the function returns ESP_ERR_IMAGE_INVALID. | ||||
|  * For apps without SHA-256 appended to the image, the result is the SHA-256 of all bytes in the app image. | ||||
|  * For other partition types, the result is the SHA-256 of the entire partition. | ||||
|  * | ||||
|  * @param[in]  address      Address of partition. | ||||
|  * @param[in]  size         Size of partition. | ||||
|  * @param[in]  type         Type of partition. For applications the type is 0, otherwise type is data. | ||||
|  * @param[out] out_sha_256  Returned SHA-256 digest for a given partition. | ||||
|  * | ||||
|  * @return | ||||
|  *          - ESP_OK: In case of successful operation. | ||||
|  *          - ESP_ERR_INVALID_ARG: The size was 0 or the sha_256 was NULL. | ||||
|  *          - ESP_ERR_NO_MEM: Cannot allocate memory for sha256 operation. | ||||
|  *          - ESP_ERR_IMAGE_INVALID: App partition doesn't contain a valid app image. | ||||
|  *          - ESP_FAIL: An allocation error occurred. | ||||
|  */ | ||||
| esp_err_t bootloader_common_get_sha256_of_partition(uint32_t address, uint32_t size, int type, uint8_t *out_sha_256); | ||||
|  | ||||
| /** | ||||
|  * @brief Returns the number of active otadata. | ||||
|  * | ||||
|  * @param[in] two_otadata Pointer on array from two otadata structures. | ||||
|  * | ||||
|  * @return The number of active otadata (0 or 1). | ||||
|  *        - -1: If it does not have active otadata. | ||||
|  */ | ||||
| int bootloader_common_get_active_otadata(esp_ota_select_entry_t *two_otadata); | ||||
|  | ||||
| /** | ||||
|  * @brief Returns the number of active otadata. | ||||
|  * | ||||
|  * @param[in] two_otadata       Pointer on array from two otadata structures. | ||||
|  * @param[in] valid_two_otadata Pointer on array from two bools. True means select. | ||||
|  * @param[in] max               True - will select the maximum ota_seq number, otherwise the minimum. | ||||
|  * | ||||
|  * @return The number of active otadata (0 or 1). | ||||
|  *        - -1: If it does not have active otadata. | ||||
|  */ | ||||
| int bootloader_common_select_otadata(const esp_ota_select_entry_t *two_otadata, bool *valid_two_otadata, bool max); | ||||
|  | ||||
| /** | ||||
|  * @brief Returns esp_app_desc structure for app partition. This structure includes app version. | ||||
|  * | ||||
|  * Returns a description for the requested app partition. | ||||
|  * @param[in] partition      App partition description. | ||||
|  * @param[out] app_desc      Structure of info about app. | ||||
|  * @return | ||||
|  *  - ESP_OK:                Successful. | ||||
|  *  - ESP_ERR_INVALID_ARG:   The arguments passed are not valid. | ||||
|  *  - ESP_ERR_NOT_FOUND:     app_desc structure is not found. Magic word is incorrect. | ||||
|  *  - ESP_FAIL:              mapping is fail. | ||||
|  */ | ||||
| esp_err_t bootloader_common_get_partition_description(const esp_partition_pos_t *partition, esp_app_desc_t *app_desc); | ||||
|  | ||||
| /** | ||||
|  * @brief Get chip revision | ||||
|  * | ||||
|  * @return Chip revision number | ||||
|  */ | ||||
| uint8_t bootloader_common_get_chip_revision(void); | ||||
|  | ||||
| /** | ||||
|  * @brief Get chip package | ||||
|  * | ||||
|  * @return Chip package number | ||||
|  */ | ||||
| uint32_t bootloader_common_get_chip_ver_pkg(void); | ||||
|  | ||||
| /** | ||||
|  * @brief Query reset reason | ||||
|  * | ||||
|  * @param cpu_no CPU number | ||||
|  * @return reset reason enumeration | ||||
|  */ | ||||
| RESET_REASON bootloader_common_get_reset_reason(int cpu_no); | ||||
|  | ||||
| /** | ||||
|  * @brief Check if the image (bootloader and application) has valid chip ID and revision | ||||
|  * | ||||
|  * @param[in] img_hdr: image header | ||||
|  * @param[in] type: image type, bootloader or application | ||||
|  * @return | ||||
|  *      - ESP_OK: image and chip are matched well | ||||
|  *      - ESP_FAIL: image doesn't match to the chip | ||||
|  */ | ||||
| esp_err_t bootloader_common_check_chip_validity(const esp_image_header_t* img_hdr, esp_image_type type); | ||||
|  | ||||
| /** | ||||
|  * @brief Configure VDDSDIO, call this API to rise VDDSDIO to 1.9V when VDDSDIO regulator is enabled as 1.8V mode. | ||||
|  */ | ||||
| void bootloader_common_vddsdio_configure(void); | ||||
|  | ||||
| #if defined( CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP ) || defined( CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC ) | ||||
| /** | ||||
|  * @brief Returns partition from rtc_retain_mem | ||||
|  * | ||||
|  * Uses to get the partition of application which was worked before to go to the deep sleep. | ||||
|  * This partition was stored in rtc_retain_mem. | ||||
|  * Note: This function operates the RTC FAST memory which available only for PRO_CPU. | ||||
|  *       Make sure that this function is used only PRO_CPU. | ||||
|  * | ||||
|  * @return partition: If rtc_retain_mem is valid. | ||||
|  *        - NULL: If it is not valid. | ||||
|  */ | ||||
| esp_partition_pos_t* bootloader_common_get_rtc_retain_mem_partition(void); | ||||
|  | ||||
| /** | ||||
|  * @brief Update the partition and reboot_counter in rtc_retain_mem. | ||||
|  * | ||||
|  * This function saves the partition of application for fast booting from the deep sleep. | ||||
|  * An algorithm uses this partition to avoid reading the otadata and does not validate an image. | ||||
|  * Note: This function operates the RTC FAST memory which available only for PRO_CPU. | ||||
|  *       Make sure that this function is used only PRO_CPU. | ||||
|  * | ||||
|  * @param[in] partition      App partition description. Can be NULL, in this case rtc_retain_mem.partition is not updated. | ||||
|  * @param[in] reboot_counter If true then update reboot_counter. | ||||
|  * | ||||
|  */ | ||||
| void bootloader_common_update_rtc_retain_mem(esp_partition_pos_t* partition, bool reboot_counter); | ||||
|  | ||||
| /** | ||||
|  * @brief Reset entire rtc_retain_mem. | ||||
|  * | ||||
|  * Note: This function operates the RTC FAST memory which available only for PRO_CPU. | ||||
|  *       Make sure that this function is used only PRO_CPU. | ||||
|  */ | ||||
| void bootloader_common_reset_rtc_retain_mem(void); | ||||
|  | ||||
| /** | ||||
|  * @brief Returns reboot_counter from rtc_retain_mem | ||||
|  * | ||||
|  * The reboot_counter counts the number of reboots. Reset only when power is off. | ||||
|  * The very first launch of the application will be from 1. | ||||
|  * Overflow is not possible, it will stop at the value UINT16_MAX. | ||||
|  * Note: This function operates the RTC FAST memory which available only for PRO_CPU. | ||||
|  *       Make sure that this function is used only PRO_CPU. | ||||
|  * | ||||
|  * @return reboot_counter: 1..65535 | ||||
|  *         - 0: If rtc_retain_mem is not valid. | ||||
|  */ | ||||
| uint16_t bootloader_common_get_rtc_retain_mem_reboot_counter(void); | ||||
|  | ||||
| /** | ||||
|  * @brief Returns rtc_retain_mem | ||||
|  * | ||||
|  * Note: This function operates the RTC FAST memory which available only for PRO_CPU. | ||||
|  *       Make sure that this function is used only PRO_CPU. | ||||
|  * | ||||
|  * @return rtc_retain_mem | ||||
|  */ | ||||
| rtc_retain_mem_t* bootloader_common_get_rtc_retain_mem(void); | ||||
|  | ||||
| #endif | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| @@ -0,0 +1,29 @@ | ||||
| // Copyright 2020 Espressif Systems (Shanghai) PTE LTD | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
|  | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
| #pragma once | ||||
|  | ||||
| #include <esp_err.h> | ||||
| #include <esp_spi_flash.h> /* including in bootloader for error values */ | ||||
| #include "sdkconfig.h" | ||||
| #include "soc/soc_caps.h" | ||||
|  | ||||
| #if SOC_CACHE_SUPPORT_WRAP | ||||
| /** | ||||
|  * @brief Set the burst mode setting command for specified wrap mode. | ||||
|  * | ||||
|  * @param mode The specified warp mode. | ||||
|  * @return always ESP_OK | ||||
|  */ | ||||
| esp_err_t bootloader_flash_wrap_set(spi_flash_wrap_mode_t mode); | ||||
| #endif | ||||
| @@ -0,0 +1,96 @@ | ||||
| // Copyright 2018 Espressif Systems (Shanghai) PTE LTD | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
| // | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
|  | ||||
| #pragma once | ||||
|  | ||||
| #include "sdkconfig.h" | ||||
| #include "esp_image_format.h" | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
|  | ||||
| /** | ||||
|  * @brief Update the flash id in g_rom_flashchip(global esp_rom_spiflash_chip_t structure). | ||||
|  * | ||||
|  * @return None | ||||
|  */ | ||||
| void bootloader_flash_update_id(void); | ||||
|  | ||||
| /** | ||||
|  * @brief Update the flash size in g_rom_flashchip (global esp_rom_spiflash_chip_t structure). | ||||
|  * | ||||
|  * @param size The size to store, in bytes. | ||||
|  * @return None | ||||
|  */ | ||||
| void bootloader_flash_update_size(uint32_t size); | ||||
|  | ||||
| /** | ||||
|  * @brief Set the flash CS setup and hold time. | ||||
|  * | ||||
|  * @note CS setup time is recomemded to be 1.5T, and CS hold time is recommended to be 2.5T. | ||||
|  *       cs_setup = 1, cs_setup_time = 0; cs_hold = 1, cs_hold_time = 1. | ||||
|  * | ||||
|  * @return None | ||||
|  */ | ||||
| void bootloader_flash_cs_timing_config(void); | ||||
|  | ||||
| /** | ||||
|  * @brief Configure SPI flash clock. | ||||
|  * | ||||
|  * @note This function only set clock frequency for SPI0. | ||||
|  * | ||||
|  * @param pfhdr Pointer to App image header, from where to fetch flash settings. | ||||
|  * | ||||
|  * @return None | ||||
|  */ | ||||
| void bootloader_flash_clock_config(const esp_image_header_t* pfhdr); | ||||
|  | ||||
| /** | ||||
|  * @brief Configure SPI flash gpio, include the IO matrix and drive strength configuration. | ||||
|  * | ||||
|  * @param pfhdr Pointer to App image header, from where to fetch flash settings. | ||||
|  * | ||||
|  * @return None | ||||
|  */ | ||||
| void bootloader_flash_gpio_config(const esp_image_header_t* pfhdr); | ||||
|  | ||||
| /** | ||||
|  * @brief Configure SPI flash read dummy based on different mode and frequency. | ||||
|  * | ||||
|  * @param pfhdr Pointer to App image header, from where to fetch flash settings. | ||||
|  * | ||||
|  * @return None | ||||
|  */ | ||||
| void bootloader_flash_dummy_config(const esp_image_header_t* pfhdr); | ||||
|  | ||||
| #ifdef CONFIG_IDF_TARGET_ESP32 | ||||
| /** | ||||
|  * @brief Return the pin number used for custom SPI flash and/or SPIRAM WP pin | ||||
|  * | ||||
|  * Can be determined by eFuse values in most cases, or overriden in configuration | ||||
|  * | ||||
|  * This value is only meaningful if the other SPI flash pins are overriden via eFuse. | ||||
|  * | ||||
|  * This value is only meaningful if flash is set to QIO or QOUT mode, or if | ||||
|  * SPIRAM is enabled. | ||||
|  * | ||||
|  * @return Pin number to use, or -1 if the default should be kept | ||||
|  */ | ||||
| int bootloader_flash_get_wp_pin(void); | ||||
| #endif | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| @@ -0,0 +1,24 @@ | ||||
| // Copyright 2020 Espressif Systems (Shanghai) PTE LTD | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
| // | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
| #pragma once | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
|  | ||||
| void bootloader_init_mem(void); | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| @@ -0,0 +1,57 @@ | ||||
| // Copyright 2010-2016 Espressif Systems (Shanghai) PTE LTD | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
| // | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
|  | ||||
| #pragma once | ||||
|  | ||||
| #include <stddef.h> | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
|  | ||||
| /** | ||||
|  * @brief Enable early entropy source for RNG | ||||
|  * | ||||
|  * Uses the SAR ADC to feed entropy into the HWRNG. The ADC is put | ||||
|  * into a test mode that reads the 1.1V internal reference source and | ||||
|  * feeds the LSB of data into the HWRNG. | ||||
|  * | ||||
|  * Can also be used from app code early during operation, if entropy | ||||
|  * is required before WiFi stack is initialised. Call this function | ||||
|  * from app code only if WiFi/BT are not yet enabled and I2S and SAR | ||||
|  * ADC are not in use. | ||||
|  * | ||||
|  * Call bootloader_random_disable() when done. | ||||
|  */ | ||||
| void bootloader_random_enable(void); | ||||
|  | ||||
| /** | ||||
|  * @brief Disable early entropy source for RNG | ||||
|  * | ||||
|  * Disables SAR ADC source and resets the I2S hardware. | ||||
|  * | ||||
|  */ | ||||
| void bootloader_random_disable(void); | ||||
|  | ||||
| /** | ||||
|  * @brief Fill buffer with 'length' random bytes | ||||
|  * | ||||
|  * @param buffer Pointer to buffer | ||||
|  * @param length This many bytes of random data will be copied to buffer | ||||
|  */ | ||||
| void bootloader_fill_random(void *buffer, size_t length); | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| @@ -0,0 +1,43 @@ | ||||
| // Copyright 2018 Espressif Systems (Shanghai) PTE LTD | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
| // | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
|  | ||||
| #pragma once | ||||
|  | ||||
| #include <stddef.h> | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
|  | ||||
| /** | ||||
|  * @brief Check if half-open intervals overlap | ||||
|  * | ||||
|  * @param start1  interval 1 start | ||||
|  * @param end1    interval 1 end | ||||
|  * @param start2  interval 2 start | ||||
|  * @param end2    interval 2 end | ||||
|  * @return true iff [start1; end1) overlaps [start2; end2) | ||||
|  */ | ||||
| static inline bool bootloader_util_regions_overlap( | ||||
|         const intptr_t start1, const intptr_t end1, | ||||
|         const intptr_t start2, const intptr_t end2) | ||||
| { | ||||
|     assert(end1>start1); | ||||
|     assert(end2>start2); | ||||
|     return (end1 > start2 && end2 > start1); | ||||
| } | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| @@ -0,0 +1,129 @@ | ||||
| // Copyright 2015-2019 Espressif Systems (Shanghai) PTE LTD | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
|  | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
| #pragma once | ||||
|  | ||||
| #include <inttypes.h> | ||||
|  | ||||
| /** | ||||
|  * @brief ESP chip ID | ||||
|  * | ||||
|  */ | ||||
| typedef enum { | ||||
|     ESP_CHIP_ID_ESP32 = 0x0000,  /*!< chip ID: ESP32 */ | ||||
|     ESP_CHIP_ID_ESP32S2 = 0x0002,  /*!< chip ID: ESP32-S2 */ | ||||
|     ESP_CHIP_ID_ESP32C3 = 0x0005, /*!< chip ID: ESP32-C3 */ | ||||
|     ESP_CHIP_ID_ESP32S3 = 0x0006, /*!< chip ID: ESP32-S3 */ | ||||
|     ESP_CHIP_ID_INVALID = 0xFFFF /*!< Invalid chip ID (we defined it to make sure the esp_chip_id_t is 2 bytes size) */ | ||||
| } __attribute__((packed)) esp_chip_id_t; | ||||
|  | ||||
| /** @cond */ | ||||
| _Static_assert(sizeof(esp_chip_id_t) == 2, "esp_chip_id_t should be 16 bit"); | ||||
| /** @endcond */ | ||||
|  | ||||
| /** | ||||
|  * @brief SPI flash mode, used in esp_image_header_t | ||||
|  */ | ||||
| typedef enum { | ||||
|     ESP_IMAGE_SPI_MODE_QIO,         /*!< SPI mode QIO */ | ||||
|     ESP_IMAGE_SPI_MODE_QOUT,        /*!< SPI mode QOUT */ | ||||
|     ESP_IMAGE_SPI_MODE_DIO,         /*!< SPI mode DIO */ | ||||
|     ESP_IMAGE_SPI_MODE_DOUT,        /*!< SPI mode DOUT */ | ||||
|     ESP_IMAGE_SPI_MODE_FAST_READ,   /*!< SPI mode FAST_READ */ | ||||
|     ESP_IMAGE_SPI_MODE_SLOW_READ    /*!< SPI mode SLOW_READ */ | ||||
| } esp_image_spi_mode_t; | ||||
|  | ||||
| /** | ||||
|  * @brief SPI flash clock frequency | ||||
|  */ | ||||
| typedef enum { | ||||
|     ESP_IMAGE_SPI_SPEED_40M,        /*!< SPI clock frequency 40 MHz */ | ||||
|     ESP_IMAGE_SPI_SPEED_26M,        /*!< SPI clock frequency 26 MHz */ | ||||
|     ESP_IMAGE_SPI_SPEED_20M,        /*!< SPI clock frequency 20 MHz */ | ||||
|     ESP_IMAGE_SPI_SPEED_80M = 0xF   /*!< SPI clock frequency 80 MHz */ | ||||
| } esp_image_spi_freq_t; | ||||
|  | ||||
| /** | ||||
|  * @brief Supported SPI flash sizes | ||||
|  */ | ||||
| typedef enum { | ||||
|     ESP_IMAGE_FLASH_SIZE_1MB = 0,   /*!< SPI flash size 1 MB */ | ||||
|     ESP_IMAGE_FLASH_SIZE_2MB,       /*!< SPI flash size 2 MB */ | ||||
|     ESP_IMAGE_FLASH_SIZE_4MB,       /*!< SPI flash size 4 MB */ | ||||
|     ESP_IMAGE_FLASH_SIZE_8MB,       /*!< SPI flash size 8 MB */ | ||||
|     ESP_IMAGE_FLASH_SIZE_16MB,      /*!< SPI flash size 16 MB */ | ||||
|     ESP_IMAGE_FLASH_SIZE_MAX        /*!< SPI flash size MAX */ | ||||
| } esp_image_flash_size_t; | ||||
|  | ||||
| #define ESP_IMAGE_HEADER_MAGIC 0xE9 /*!< The magic word for the esp_image_header_t structure. */ | ||||
|  | ||||
| /** | ||||
|  * @brief Main header of binary image | ||||
|  */ | ||||
| typedef struct { | ||||
|     uint8_t magic;              /*!< Magic word ESP_IMAGE_HEADER_MAGIC */ | ||||
|     uint8_t segment_count;      /*!< Count of memory segments */ | ||||
|     uint8_t spi_mode;           /*!< flash read mode (esp_image_spi_mode_t as uint8_t) */ | ||||
|     uint8_t spi_speed: 4;       /*!< flash frequency (esp_image_spi_freq_t as uint8_t) */ | ||||
|     uint8_t spi_size: 4;        /*!< flash chip size (esp_image_flash_size_t as uint8_t) */ | ||||
|     uint32_t entry_addr;        /*!< Entry address */ | ||||
|     uint8_t wp_pin;            /*!< WP pin when SPI pins set via efuse (read by ROM bootloader, | ||||
|                                 * the IDF bootloader uses software to configure the WP | ||||
|                                 * pin and sets this field to 0xEE=disabled) */ | ||||
|     uint8_t spi_pin_drv[3];     /*!< Drive settings for the SPI flash pins (read by ROM bootloader) */ | ||||
|     esp_chip_id_t chip_id;      /*!< Chip identification number */ | ||||
|     uint8_t min_chip_rev;       /*!< Minimum chip revision supported by image */ | ||||
|     uint8_t reserved[8];       /*!< Reserved bytes in additional header space, currently unused */ | ||||
|     uint8_t hash_appended;      /*!< If 1, a SHA256 digest "simple hash" (of the entire image) is appended after the checksum. | ||||
|                                  * Included in image length. This digest | ||||
|                                  * is separate to secure boot and only used for detecting corruption. | ||||
|                                  * For secure boot signed images, the signature | ||||
|                                  * is appended after this (and the simple hash is included in the signed data). */ | ||||
| } __attribute__((packed))  esp_image_header_t; | ||||
|  | ||||
| /** @cond */ | ||||
| _Static_assert(sizeof(esp_image_header_t) == 24, "binary image header should be 24 bytes"); | ||||
| /** @endcond */ | ||||
|  | ||||
|  | ||||
| /** | ||||
|  * @brief Header of binary image segment | ||||
|  */ | ||||
| typedef struct { | ||||
|     uint32_t load_addr;     /*!< Address of segment */ | ||||
|     uint32_t data_len;      /*!< Length of data */ | ||||
| } esp_image_segment_header_t; | ||||
|  | ||||
| #define ESP_IMAGE_MAX_SEGMENTS 16           /*!< Max count of segments in the image. */ | ||||
|  | ||||
| #define ESP_APP_DESC_MAGIC_WORD 0xABCD5432  /*!< The magic word for the esp_app_desc structure that is in DROM. */ | ||||
|  | ||||
| /** | ||||
|  * @brief Description about application. | ||||
|  */ | ||||
| typedef struct { | ||||
|     uint32_t magic_word;        /*!< Magic word ESP_APP_DESC_MAGIC_WORD */ | ||||
|     uint32_t secure_version;    /*!< Secure version */ | ||||
|     uint32_t reserv1[2];        /*!< reserv1 */ | ||||
|     char version[32];           /*!< Application version */ | ||||
|     char project_name[32];      /*!< Project name */ | ||||
|     char time[16];              /*!< Compile time */ | ||||
|     char date[16];              /*!< Compile date*/ | ||||
|     char idf_ver[32];           /*!< Version IDF */ | ||||
|     uint8_t app_elf_sha256[32]; /*!< sha256 of elf file */ | ||||
|     uint32_t reserv2[20];       /*!< reserv2 */ | ||||
| } esp_app_desc_t; | ||||
|  | ||||
| /** @cond */ | ||||
| _Static_assert(sizeof(esp_app_desc_t) == 256, "esp_app_desc_t should be 256 bytes"); | ||||
| /** @endcond */ | ||||
| @@ -0,0 +1,2 @@ | ||||
| #warning esp_flash_data_types.h has been merged into esp_flash_partitions.h, please include esp_flash_partitions.h instead | ||||
| #include "esp_flash_partitions.h" | ||||
| @@ -0,0 +1,164 @@ | ||||
| // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
|  | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
| #pragma once | ||||
|  | ||||
| #include <stdbool.h> | ||||
| #include "esp_attr.h" | ||||
| #include "esp_err.h" | ||||
| #ifndef BOOTLOADER_BUILD | ||||
| #include "esp_spi_flash.h" | ||||
| #endif | ||||
| #include "soc/efuse_periph.h" | ||||
| #include "sdkconfig.h" | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
|  | ||||
| /* @brief Flash encryption mode based on efuse values | ||||
| */ | ||||
| typedef enum { | ||||
|     ESP_FLASH_ENC_MODE_DISABLED,          // flash encryption is not enabled (flash crypt cnt=0) | ||||
|     ESP_FLASH_ENC_MODE_DEVELOPMENT,       // flash encryption is enabled but for Development (reflash over UART allowed) | ||||
|     ESP_FLASH_ENC_MODE_RELEASE            // flash encryption is enabled for Release (reflash over UART disabled) | ||||
| } esp_flash_enc_mode_t; | ||||
|  | ||||
| /** | ||||
|  * @file esp_partition.h | ||||
|  * @brief Support functions for flash encryption features | ||||
|  * | ||||
|  * Can be compiled as part of app or bootloader code. | ||||
|  */ | ||||
|  | ||||
| /** @brief Is flash encryption currently enabled in hardware? | ||||
|  * | ||||
|  * Flash encryption is enabled if the FLASH_CRYPT_CNT efuse has an odd number of bits set. | ||||
|  * | ||||
|  * @return true if flash encryption is enabled. | ||||
|  */ | ||||
| static inline /** @cond */ IRAM_ATTR /** @endcond */ bool esp_flash_encryption_enabled(void) | ||||
| { | ||||
|     uint32_t flash_crypt_cnt = 0; | ||||
| #if CONFIG_IDF_TARGET_ESP32 | ||||
|     flash_crypt_cnt = REG_GET_FIELD(EFUSE_BLK0_RDATA0_REG, EFUSE_RD_FLASH_CRYPT_CNT); | ||||
| #else | ||||
|     flash_crypt_cnt = REG_GET_FIELD(EFUSE_RD_REPEAT_DATA1_REG, EFUSE_SPI_BOOT_CRYPT_CNT); | ||||
| #endif | ||||
|     /* __builtin_parity is in flash, so we calculate parity inline */ | ||||
|     bool enabled = false; | ||||
|     while (flash_crypt_cnt) { | ||||
|         if (flash_crypt_cnt & 1) { | ||||
|             enabled = !enabled; | ||||
|         } | ||||
|         flash_crypt_cnt >>= 1; | ||||
|     } | ||||
|     return enabled; | ||||
| } | ||||
|  | ||||
| /* @brief Update on-device flash encryption | ||||
|  * | ||||
|  * Intended to be called as part of the bootloader process if flash | ||||
|  * encryption is enabled in device menuconfig. | ||||
|  * | ||||
|  * If FLASH_CRYPT_CNT efuse parity is 1 (ie odd number of bits set), | ||||
|  * then return ESP_OK immediately (indicating flash encryption is enabled | ||||
|  * and functional). | ||||
|  * | ||||
|  * If FLASH_CRYPT_CNT efuse parity is 0 (ie even number of bits set), | ||||
|  * assume the flash has just been written with plaintext that needs encrypting. | ||||
|  * | ||||
|  * The following regions of flash are encrypted in place: | ||||
|  * | ||||
|  * - The bootloader image, if a valid plaintext image is found.[*] | ||||
|  * - The partition table, if a valid plaintext table is found. | ||||
|  * - Any app partition that contains a valid plaintext app image. | ||||
|  * - Any other partitions with the "encrypt" flag set. [**] | ||||
|  * | ||||
|  * After the re-encryption process completes, a '1' bit is added to the | ||||
|  * FLASH_CRYPT_CNT value (setting the parity to 1) and the EFUSE is re-burned. | ||||
|  * | ||||
|  * [*] If reflashing bootloader with secure boot enabled, pre-encrypt | ||||
|  * the bootloader before writing it to flash or secure boot will fail. | ||||
|  * | ||||
|  * [**] For this reason, if serial re-flashing a previous flashed | ||||
|  * device with secure boot enabled and using FLASH_CRYPT_CNT to | ||||
|  * trigger re-encryption, you must simultaneously re-flash plaintext | ||||
|  * content to all partitions with the "encrypt" flag set or this | ||||
|  * data will be corrupted (encrypted twice). | ||||
|  * | ||||
|  * @note The post-condition of this function is that all | ||||
|  * partitions that should be encrypted are encrypted. | ||||
|  * | ||||
|  * @note Take care not to power off the device while this function | ||||
|  * is running, or the partition currently being encrypted will be lost. | ||||
|  * | ||||
|  * @note RTC_WDT will reset while encryption operations will be performed (if RTC_WDT is configured). | ||||
|  * | ||||
|  * @return ESP_OK if all operations succeeded, ESP_ERR_INVALID_STATE | ||||
|  * if a fatal error occured during encryption of all partitions. | ||||
|  */ | ||||
| esp_err_t esp_flash_encrypt_check_and_update(void); | ||||
|  | ||||
|  | ||||
| /** @brief Encrypt-in-place a block of flash sectors | ||||
|  * | ||||
|  * @note This function resets RTC_WDT between operations with sectors. | ||||
|  * @param src_addr Source offset in flash. Should be multiple of 4096 bytes. | ||||
|  * @param data_length Length of data to encrypt in bytes. Will be rounded up to next multiple of 4096 bytes. | ||||
|  * | ||||
|  * @return ESP_OK if all operations succeeded, ESP_ERR_FLASH_OP_FAIL | ||||
|  * if SPI flash fails, ESP_ERR_FLASH_OP_TIMEOUT if flash times out. | ||||
|  */ | ||||
| esp_err_t esp_flash_encrypt_region(uint32_t src_addr, size_t data_length); | ||||
|  | ||||
| /** @brief Write protect FLASH_CRYPT_CNT | ||||
|  * | ||||
|  * Intended to be called as a part of boot process if flash encryption | ||||
|  * is enabled but secure boot is not used. This should protect against | ||||
|  * serial re-flashing of an unauthorised code in absence of secure boot. | ||||
|  * | ||||
|  * @note On ESP32 V3 only, write protecting FLASH_CRYPT_CNT will also prevent | ||||
|  * disabling UART Download Mode. If both are wanted, call | ||||
|  * esp_efuse_disable_rom_download_mode() before calling this function. | ||||
|  * | ||||
|  */ | ||||
| void esp_flash_write_protect_crypt_cnt(void); | ||||
|  | ||||
| /** @brief Return the flash encryption mode | ||||
|  * | ||||
|  * The API is called during boot process but can also be called by | ||||
|  * application to check the current flash encryption mode of ESP32 | ||||
|  * | ||||
|  * @return | ||||
|  */ | ||||
| esp_flash_enc_mode_t esp_get_flash_encryption_mode(void); | ||||
|  | ||||
|  | ||||
| /** @brief Check the flash encryption mode during startup | ||||
|  * | ||||
|  * @note This function is called automatically during app startup, | ||||
|  * it doesn't need to be called from the app. | ||||
|  * | ||||
|  * Verifies the flash encryption config during startup: | ||||
|  * | ||||
|  * - Correct any insecure flash encryption settings if hardware | ||||
|  *   Secure Boot is enabled. | ||||
|  * - Log warnings if the efuse config doesn't match the project | ||||
|  *  config in any way | ||||
|  */ | ||||
| void esp_flash_encryption_init_checks(void); | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| @@ -0,0 +1,113 @@ | ||||
| // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
|  | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
| #pragma once | ||||
|  | ||||
| #include "esp_err.h" | ||||
| #include "esp_types.h" | ||||
| #include "sdkconfig.h" | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
|  | ||||
| #define ESP_PARTITION_MAGIC 0x50AA | ||||
| #define ESP_PARTITION_MAGIC_MD5 0xEBEB | ||||
|  | ||||
| #define PART_TYPE_APP 0x00 | ||||
| #define PART_SUBTYPE_FACTORY  0x00 | ||||
| #define PART_SUBTYPE_OTA_FLAG 0x10 | ||||
| #define PART_SUBTYPE_OTA_MASK 0x0f | ||||
| #define PART_SUBTYPE_TEST     0x20 | ||||
|  | ||||
| #define PART_TYPE_DATA 0x01 | ||||
| #define PART_SUBTYPE_DATA_OTA 0x00 | ||||
| #define PART_SUBTYPE_DATA_RF  0x01 | ||||
| #define PART_SUBTYPE_DATA_WIFI 0x02 | ||||
| #define PART_SUBTYPE_DATA_NVS_KEYS 0x04 | ||||
| #define PART_SUBTYPE_DATA_EFUSE_EM 0x05 | ||||
|  | ||||
| #define PART_TYPE_END 0xff | ||||
| #define PART_SUBTYPE_END 0xff | ||||
|  | ||||
| #define PART_FLAG_ENCRYPTED (1<<0) | ||||
|  | ||||
| /* Pre-partition table fixed flash offsets */ | ||||
| #define ESP_BOOTLOADER_DIGEST_OFFSET 0x0 | ||||
| #define ESP_BOOTLOADER_OFFSET CONFIG_BOOTLOADER_OFFSET_IN_FLASH  /* Offset of bootloader image. Has matching value in bootloader KConfig.projbuild file. */ | ||||
| #define ESP_PARTITION_TABLE_OFFSET CONFIG_PARTITION_TABLE_OFFSET /* Offset of partition table. Backwards-compatible name.*/ | ||||
|  | ||||
| #define ESP_PARTITION_TABLE_MAX_LEN 0xC00 /* Maximum length of partition table data */ | ||||
| #define ESP_PARTITION_TABLE_MAX_ENTRIES (ESP_PARTITION_TABLE_MAX_LEN / sizeof(esp_partition_info_t)) /* Maximum length of partition table data, including terminating entry */ | ||||
|  | ||||
| /// OTA_DATA states for checking operability of the app. | ||||
| typedef enum { | ||||
|     ESP_OTA_IMG_NEW             = 0x0U,         /*!< Monitor the first boot. In bootloader this state is changed to ESP_OTA_IMG_PENDING_VERIFY. */ | ||||
|     ESP_OTA_IMG_PENDING_VERIFY  = 0x1U,         /*!< First boot for this app was. If while the second boot this state is then it will be changed to ABORTED. */ | ||||
|     ESP_OTA_IMG_VALID           = 0x2U,         /*!< App was confirmed as workable. App can boot and work without limits. */ | ||||
|     ESP_OTA_IMG_INVALID         = 0x3U,         /*!< App was confirmed as non-workable. This app will not selected to boot at all. */ | ||||
|     ESP_OTA_IMG_ABORTED         = 0x4U,         /*!< App could not confirm the workable or non-workable. In bootloader IMG_PENDING_VERIFY state will be changed to IMG_ABORTED. This app will not selected to boot at all. */ | ||||
|     ESP_OTA_IMG_UNDEFINED       = 0xFFFFFFFFU,  /*!< Undefined. App can boot and work without limits. */ | ||||
| } esp_ota_img_states_t; | ||||
|  | ||||
| /* OTA selection structure (two copies in the OTA data partition.) | ||||
|    Size of 32 bytes is friendly to flash encryption */ | ||||
| typedef struct { | ||||
|     uint32_t ota_seq; | ||||
|     uint8_t  seq_label[20]; | ||||
|     uint32_t ota_state; | ||||
|     uint32_t crc; /* CRC32 of ota_seq field only */ | ||||
| } esp_ota_select_entry_t; | ||||
|  | ||||
|  | ||||
| typedef struct { | ||||
|     uint32_t offset; | ||||
|     uint32_t size; | ||||
| } esp_partition_pos_t; | ||||
|  | ||||
| /* Structure which describes the layout of partition table entry. | ||||
|  * See docs/partition_tables.rst for more information about individual fields. | ||||
|  */ | ||||
| typedef struct { | ||||
|     uint16_t magic; | ||||
|     uint8_t  type; | ||||
|     uint8_t  subtype; | ||||
|     esp_partition_pos_t pos; | ||||
|     uint8_t  label[16]; | ||||
|     uint32_t flags; | ||||
| } esp_partition_info_t; | ||||
|  | ||||
| /* @brief Verify the partition table | ||||
|  * | ||||
|  * @param partition_table Pointer to at least ESP_PARTITION_TABLE_MAX_ENTRIES of potential partition table data. (ESP_PARTITION_TABLE_MAX_LEN bytes.) | ||||
|  * @param log_errors Log errors if the partition table is invalid. | ||||
|  * @param num_partitions If result is ESP_OK, num_partitions is updated with total number of partitions (not including terminating entry). | ||||
|  * | ||||
|  * @return ESP_OK on success, ESP_ERR_INVALID_STATE if partition table is not valid. | ||||
|  */ | ||||
| esp_err_t esp_partition_table_verify(const esp_partition_info_t *partition_table, bool log_errors, int *num_partitions); | ||||
|  | ||||
|  | ||||
| /** | ||||
|  * Check whether the region on the main flash is safe to write. | ||||
|  * | ||||
|  * @param addr Start address of the region | ||||
|  * @param size Size of the region | ||||
|  * | ||||
|  * @return true if the region is safe to write, otherwise false. | ||||
|  */ | ||||
| bool esp_partition_main_flash_region_safe(size_t addr, size_t size); | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| @@ -0,0 +1,206 @@ | ||||
| // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
|  | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
| #pragma once | ||||
|  | ||||
| #include <stdbool.h> | ||||
| #include <esp_err.h> | ||||
| #include "esp_flash_partitions.h" | ||||
| #include "esp_app_format.h" | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
|  | ||||
| #define ESP_ERR_IMAGE_BASE       0x2000 | ||||
| #define ESP_ERR_IMAGE_FLASH_FAIL (ESP_ERR_IMAGE_BASE + 1) | ||||
| #define ESP_ERR_IMAGE_INVALID    (ESP_ERR_IMAGE_BASE + 2) | ||||
|  | ||||
| /* Support for app/bootloader image parsing | ||||
|    Can be compiled as part of app or bootloader code. | ||||
| */ | ||||
|  | ||||
| #define ESP_IMAGE_HASH_LEN 32 /* Length of the appended SHA-256 digest */ | ||||
|  | ||||
| /* Structure to hold on-flash image metadata */ | ||||
| typedef struct { | ||||
|   uint32_t start_addr;   /* Start address of image */ | ||||
|   esp_image_header_t image; /* Header for entire image */ | ||||
|   esp_image_segment_header_t segments[ESP_IMAGE_MAX_SEGMENTS]; /* Per-segment header data */ | ||||
|   uint32_t segment_data[ESP_IMAGE_MAX_SEGMENTS]; /* Data offsets for each segment */ | ||||
|   uint32_t image_len; /* Length of image on flash, in bytes */ | ||||
|   uint8_t image_digest[32]; /* appended SHA-256 digest */ | ||||
| } esp_image_metadata_t; | ||||
|  | ||||
| typedef enum { | ||||
|     ESP_IMAGE_VERIFY,            /* Verify image contents, not load to memory, load metadata. Print errors. */ | ||||
|     ESP_IMAGE_VERIFY_SILENT,     /* Verify image contents, not load to memory, load metadata. Don't print errors. */ | ||||
| #ifdef BOOTLOADER_BUILD | ||||
|     ESP_IMAGE_LOAD,              /* Verify image contents, load to memory, load metadata. Print errors. */ | ||||
|     ESP_IMAGE_LOAD_NO_VALIDATE,  /* Not verify image contents, load to memory, load metadata. Print errors. */ | ||||
| #endif | ||||
| } esp_image_load_mode_t; | ||||
|  | ||||
| typedef struct { | ||||
|     esp_partition_pos_t partition;  /*!< Partition of application which worked before goes to the deep sleep. */ | ||||
|     uint16_t reboot_counter;        /*!< Reboot counter. Reset only when power is off. */ | ||||
|     uint16_t reserve;               /*!< Reserve */ | ||||
| #ifdef CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC | ||||
|     uint8_t custom[CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC_SIZE]; /*!< Reserve for custom propose */ | ||||
| #endif | ||||
|     uint32_t crc;                   /*!< Check sum crc32 */ | ||||
| } rtc_retain_mem_t; | ||||
|  | ||||
| #ifdef CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC | ||||
| _Static_assert(CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC_SIZE % 4 == 0, "CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC_SIZE must be a multiple of 4 bytes"); | ||||
| #endif | ||||
|  | ||||
| #if defined(CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP) || defined(CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC) | ||||
| _Static_assert(CONFIG_BOOTLOADER_RESERVE_RTC_SIZE % 4 == 0, "CONFIG_BOOTLOADER_RESERVE_RTC_SIZE must be a multiple of 4 bytes"); | ||||
| #endif | ||||
|  | ||||
| #ifdef CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC | ||||
| #define ESP_BOOTLOADER_RESERVE_RTC (CONFIG_BOOTLOADER_RESERVE_RTC_SIZE + CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC_SIZE) | ||||
| #elif defined(CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP) | ||||
| #define ESP_BOOTLOADER_RESERVE_RTC (CONFIG_BOOTLOADER_RESERVE_RTC_SIZE) | ||||
| #endif | ||||
|  | ||||
| #if defined(CONFIG_BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP) || defined(CONFIG_BOOTLOADER_CUSTOM_RESERVE_RTC) | ||||
| _Static_assert(sizeof(rtc_retain_mem_t) <= ESP_BOOTLOADER_RESERVE_RTC, "Reserved RTC area must exceed size of rtc_retain_mem_t"); | ||||
| #endif | ||||
|  | ||||
| /** | ||||
|  * @brief Verify an app image. | ||||
|  * | ||||
|  * If encryption is enabled, data will be transparently decrypted. | ||||
|  * | ||||
|  * @param mode Mode of operation (verify, silent verify, or load). | ||||
|  * @param part Partition to load the app from. | ||||
|  * @param[inout] data Pointer to the image metadata structure which is be filled in by this function. | ||||
|  *                    'start_addr' member should be set (to the start address of the image.) | ||||
|  *                    Other fields will all be initialised by this function. | ||||
|  * | ||||
|  * Image validation checks: | ||||
|  * - Magic byte. | ||||
|  * - Partition smaller than 16MB. | ||||
|  * - All segments & image fit in partition. | ||||
|  * - 8 bit image checksum is valid. | ||||
|  * - SHA-256 of image is valid (if image has this appended). | ||||
|  * - (Signature) if signature verification is enabled. | ||||
|  * | ||||
|  * @return | ||||
|  * - ESP_OK if verify or load was successful | ||||
|  * - ESP_ERR_IMAGE_FLASH_FAIL if a SPI flash error occurs | ||||
|  * - ESP_ERR_IMAGE_INVALID if the image appears invalid. | ||||
|  * - ESP_ERR_INVALID_ARG if the partition or data pointers are invalid. | ||||
|  */ | ||||
| esp_err_t esp_image_verify(esp_image_load_mode_t mode, const esp_partition_pos_t *part, esp_image_metadata_t *data); | ||||
|  | ||||
| /** | ||||
|  * @brief Get metadata of app | ||||
|  * | ||||
|  * If encryption is enabled, data will be transparently decrypted. | ||||
|  * | ||||
|  * @param part Partition to load the app from. | ||||
|  * @param[out] metadata Pointer to the image metadata structure which is be filled in by this function. | ||||
|  *                      Fields will all be initialised by this function. | ||||
|  * | ||||
|  * @return | ||||
|  * - ESP_OK if filling of metadata was successful | ||||
|  */ | ||||
| esp_err_t esp_image_get_metadata(const esp_partition_pos_t *part, esp_image_metadata_t *metadata); | ||||
|  | ||||
| /** | ||||
|  * @brief Verify and load an app image (available only in space of bootloader). | ||||
|  * | ||||
|  * If encryption is enabled, data will be transparently decrypted. | ||||
|  * | ||||
|  * @param part Partition to load the app from. | ||||
|  * @param[inout] data Pointer to the image metadata structure which is be filled in by this function. | ||||
|  *                    'start_addr' member should be set (to the start address of the image.) | ||||
|  *                    Other fields will all be initialised by this function. | ||||
|  * | ||||
|  * Image validation checks: | ||||
|  * - Magic byte. | ||||
|  * - Partition smaller than 16MB. | ||||
|  * - All segments & image fit in partition. | ||||
|  * - 8 bit image checksum is valid. | ||||
|  * - SHA-256 of image is valid (if image has this appended). | ||||
|  * - (Signature) if signature verification is enabled. | ||||
|  * | ||||
|  * @return | ||||
|  * - ESP_OK if verify or load was successful | ||||
|  * - ESP_ERR_IMAGE_FLASH_FAIL if a SPI flash error occurs | ||||
|  * - ESP_ERR_IMAGE_INVALID if the image appears invalid. | ||||
|  * - ESP_ERR_INVALID_ARG if the partition or data pointers are invalid. | ||||
|  */ | ||||
| esp_err_t bootloader_load_image(const esp_partition_pos_t *part, esp_image_metadata_t *data); | ||||
|  | ||||
| /** | ||||
|  * @brief Load an app image without verification (available only in space of bootloader). | ||||
|  * | ||||
|  * If encryption is enabled, data will be transparently decrypted. | ||||
|  * | ||||
|  * @param part Partition to load the app from. | ||||
|  * @param[inout] data Pointer to the image metadata structure which is be filled in by this function. | ||||
|  *                    'start_addr' member should be set (to the start address of the image.) | ||||
|  *                    Other fields will all be initialised by this function. | ||||
|  * | ||||
|  * @return | ||||
|  * - ESP_OK if verify or load was successful | ||||
|  * - ESP_ERR_IMAGE_FLASH_FAIL if a SPI flash error occurs | ||||
|  * - ESP_ERR_IMAGE_INVALID if the image appears invalid. | ||||
|  * - ESP_ERR_INVALID_ARG if the partition or data pointers are invalid. | ||||
|  */ | ||||
| esp_err_t bootloader_load_image_no_verify(const esp_partition_pos_t *part, esp_image_metadata_t *data); | ||||
|  | ||||
| /** | ||||
|  * @brief Verify the bootloader image. | ||||
|  * | ||||
|  * @param[out] If result is ESP_OK and this pointer is non-NULL, it | ||||
|  * will be set to the length of the bootloader image. | ||||
|  * | ||||
|  * @return As per esp_image_load_metadata(). | ||||
|  */ | ||||
| esp_err_t esp_image_verify_bootloader(uint32_t *length); | ||||
|  | ||||
| /** | ||||
|  * @brief Verify the bootloader image. | ||||
|  * | ||||
|  * @param[out] Metadata for the image. Only valid if result is ESP_OK. | ||||
|  * | ||||
|  * @return As per esp_image_load_metadata(). | ||||
|  */ | ||||
| esp_err_t esp_image_verify_bootloader_data(esp_image_metadata_t *data); | ||||
|  | ||||
| /** | ||||
|  * @brief Get the flash size of the image | ||||
|  * | ||||
|  * @param app_flash_size The value configured in the image header | ||||
|  * @return Actual size, in bytes. | ||||
|  */ | ||||
| int esp_image_get_flash_size(esp_image_flash_size_t app_flash_size); | ||||
|  | ||||
|  | ||||
| typedef struct { | ||||
|     uint32_t drom_addr; | ||||
|     uint32_t drom_load_addr; | ||||
|     uint32_t drom_size; | ||||
|     uint32_t irom_addr; | ||||
|     uint32_t irom_load_addr; | ||||
|     uint32_t irom_size; | ||||
| } esp_image_flash_mapping_t; | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
| @@ -0,0 +1,276 @@ | ||||
| // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD | ||||
| // | ||||
| // Licensed under the Apache License, Version 2.0 (the "License"); | ||||
| // you may not use this file except in compliance with the License. | ||||
| // You may obtain a copy of the License at | ||||
|  | ||||
| //     http://www.apache.org/licenses/LICENSE-2.0 | ||||
| // | ||||
| // Unless required by applicable law or agreed to in writing, software | ||||
| // distributed under the License is distributed on an "AS IS" BASIS, | ||||
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||||
| // See the License for the specific language governing permissions and | ||||
| // limitations under the License. | ||||
| #pragma once | ||||
|  | ||||
| #include <stdbool.h> | ||||
| #include <esp_err.h> | ||||
| #include "soc/efuse_periph.h" | ||||
| #include "esp_image_format.h" | ||||
| #include "esp_rom_efuse.h" | ||||
| #include "sdkconfig.h" | ||||
| #include "esp_rom_crc.h" | ||||
|  | ||||
| #if CONFIG_IDF_TARGET_ESP32 | ||||
| #include "esp32/rom/efuse.h" | ||||
| #include "esp32/rom/secure_boot.h" | ||||
| #elif CONFIG_IDF_TARGET_ESP32S2 | ||||
| #include "esp32s2/rom/efuse.h" | ||||
| #include "esp32s2/rom/secure_boot.h" | ||||
| #elif CONFIG_IDF_TARGET_ESP32C3 | ||||
| #include "esp32c3/rom/efuse.h" | ||||
| #include "esp32c3/rom/secure_boot.h" | ||||
| #elif CONFIG_IDF_TARGET_ESP32S3 | ||||
| #include "esp32s3/rom/efuse.h" | ||||
| #include "esp32s3/rom/secure_boot.h" | ||||
| #endif | ||||
|  | ||||
| #ifdef CONFIG_SECURE_BOOT_V1_ENABLED | ||||
| #if !defined(CONFIG_SECURE_SIGNED_ON_BOOT) || !defined(CONFIG_SECURE_SIGNED_ON_UPDATE) || !defined(CONFIG_SECURE_SIGNED_APPS) | ||||
| #error "internal sdkconfig error, secure boot should always enable all signature options" | ||||
| #endif | ||||
| #endif | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| extern "C" { | ||||
| #endif | ||||
|  | ||||
| /* Support functions for secure boot features. | ||||
|  | ||||
|    Can be compiled as part of app or bootloader code. | ||||
| */ | ||||
|  | ||||
| #define ESP_SECURE_BOOT_DIGEST_LEN 32 | ||||
|  | ||||
| /** @brief Is secure boot currently enabled in hardware? | ||||
|  * | ||||
|  * This means that the ROM bootloader code will only boot | ||||
|  * a verified secure bootloader from now on. | ||||
|  * | ||||
|  * @return true if secure boot is enabled. | ||||
|  */ | ||||
| static inline bool esp_secure_boot_enabled(void) | ||||
| { | ||||
| #if CONFIG_IDF_TARGET_ESP32 | ||||
|     #ifdef CONFIG_SECURE_BOOT_V1_ENABLED | ||||
|         return REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_RD_ABS_DONE_0; | ||||
|     #elif CONFIG_SECURE_BOOT_V2_ENABLED | ||||
|         return ets_use_secure_boot_v2(); | ||||
|     #endif | ||||
| #else | ||||
|     return esp_rom_efuse_is_secure_boot_enabled(); | ||||
| #endif | ||||
|     return false; /* Secure Boot not enabled in menuconfig */ | ||||
| } | ||||
|  | ||||
| /** @brief Generate secure digest from bootloader image | ||||
|  * | ||||
|  * @important This function is intended to be called from bootloader code only. | ||||
|  * | ||||
|  * This function is only used in the context of the Secure Boot V1 scheme. | ||||
|  * | ||||
|  * If secure boot is not yet enabled for bootloader, this will: | ||||
|  *     1) generate the secure boot key and burn it on EFUSE | ||||
|  *        (without enabling R/W protection) | ||||
|  *     2) generate the digest from bootloader and save it | ||||
|  *        to flash address 0x0 | ||||
|  * | ||||
|  * If first boot gets interrupted after calling this function | ||||
|  * but before esp_secure_boot_permanently_enable() is called, then | ||||
|  * the key burned on EFUSE will not be regenerated, unless manually | ||||
|  * done using espefuse.py tool | ||||
|  * | ||||
|  * @return ESP_OK if secure boot digest is generated | ||||
|  * successfully or found to be already present | ||||
|  */ | ||||
| esp_err_t esp_secure_boot_generate_digest(void); | ||||
|  | ||||
| /** @brief Enable secure boot V1 if it is not already enabled. | ||||
|  * | ||||
|  * @important If this function succeeds, secure boot V1 is permanently | ||||
|  * enabled on the chip via efuse. | ||||
|  * | ||||
|  * @important This function is intended to be called from bootloader code only. | ||||
|  * | ||||
|  * @important In case of Secure Boot V1, this will enable r/w protection | ||||
|  * of secure boot key on EFUSE, therefore it is to be ensured that | ||||
|  * esp_secure_boot_generate_digest() is called before this .If secure boot is not | ||||
|  * yet enabled for bootloader, this will | ||||
|  *     1) enable R/W protection of secure boot key on EFUSE | ||||
|  *     2) enable secure boot by blowing the EFUSE_RD_ABS_DONE_0 efuse. | ||||
|  * | ||||
|  * This function does not verify secure boot of the bootloader (the | ||||
|  * ROM bootloader does this.) | ||||
|  * | ||||
|  * Will fail if efuses have been part-burned in a way that indicates | ||||
|  * secure boot should not or could not be correctly enabled. | ||||
|  * | ||||
|  * @return ESP_ERR_INVALID_STATE if efuse state doesn't allow | ||||
|  * secure boot to be enabled cleanly. ESP_OK if secure boot | ||||
|  * is enabled on this chip from now on. | ||||
|  */ | ||||
| esp_err_t esp_secure_boot_permanently_enable(void); | ||||
|  | ||||
| /** @brief Enables secure boot V2 if it is not already enabled. | ||||
|  * | ||||
|  * @important If this function succeeds, secure boot V2 is permanently | ||||
|  * enabled on the chip via efuse. | ||||
|  * | ||||
|  * @important This function is intended to be called from bootloader code only. | ||||
|  * | ||||
|  * @important In case of Secure Boot V2, this will enable write protection | ||||
|  * of secure boot key on EFUSE in BLK2. .If secure boot is not | ||||
|  * yet enabled for bootloader, this will | ||||
|  *     1) enable W protection of secure boot key on EFUSE | ||||
|  *     2) enable secure boot by blowing the EFUSE_RD_ABS_DONE_1 efuse. | ||||
|  * | ||||
|  * This function does not verify secure boot of the bootloader (the | ||||
|  * ROM bootloader does this.) | ||||
|  * | ||||
|  * @param image_data Image metadata of the application to be loaded. | ||||
|  * | ||||
|  * Will fail if efuses have been part-burned in a way that indicates | ||||
|  * secure boot should not or could not be correctly enabled. | ||||
|  * | ||||
|  * @return ESP_ERR_INVALID_STATE if efuse state doesn't allow | ||||
|  * secure boot to be enabled cleanly. ESP_OK if secure boot | ||||
|  * is enabled on this chip from now on. | ||||
|  */ | ||||
| esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *image_data); | ||||
|  | ||||
| /** @brief Verify the secure boot signature appended to some binary data in flash. | ||||
|  * | ||||
|  * For ECDSA Scheme (Secure Boot V1) - deterministic ECDSA w/ SHA256 image | ||||
|  * For RSA Scheme (Secure Boot V2) - RSA-PSS Verification of the SHA-256 image | ||||
|  * | ||||
|  * Public key is compiled into the calling program in the ECDSA Scheme. | ||||
|  * See the apt docs/security/secure-boot-v1.rst or docs/security/secure-boot-v2.rst for details. | ||||
|  * | ||||
|  * @param src_addr Starting offset of the data in flash. | ||||
|  * @param length Length of data in bytes. Signature is appended -after- length bytes. | ||||
|  * | ||||
|  * If flash encryption is enabled, the image will be transparently decrypted while being verified. | ||||
|  * | ||||
|  * @note This function doesn't have any fault injection resistance so should not be called | ||||
|  * during a secure boot itself (but can be called when verifying an update, etc.) | ||||
|  * | ||||
|  * @return ESP_OK if signature is valid, ESP_ERR_INVALID_STATE if | ||||
|  * signature fails, ESP_FAIL for other failures (ie can't read flash). | ||||
|  */ | ||||
| esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length); | ||||
|  | ||||
| /** @brief Secure boot verification block, on-flash data format. */ | ||||
| typedef struct { | ||||
|     uint32_t version; | ||||
|     uint8_t signature[64]; | ||||
| } esp_secure_boot_sig_block_t; | ||||
|  | ||||
| /** @brief Verify the ECDSA secure boot signature block for Secure Boot V1. | ||||
|  * | ||||
|  *  Calculates Deterministic ECDSA w/ SHA256 based on the SHA256 hash of the image. ECDSA signature | ||||
|  *  verification must be enabled in project configuration to use this function. | ||||
|  * | ||||
|  * Similar to esp_secure_boot_verify_signature(), but can be used when the digest is precalculated. | ||||
|  * @param sig_block Pointer to ECDSA signature block data | ||||
|  * @param image_digest Pointer to 32 byte buffer holding SHA-256 hash. | ||||
|  * @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.) | ||||
|  * | ||||
|  */ | ||||
| esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest); | ||||
|  | ||||
| #if !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_3 | ||||
| /** | ||||
|  * @brief Structure to hold public key digests calculated from the signature blocks of a single image. | ||||
|  * | ||||
|  * Each image can have one or more signature blocks (up to SECURE_BOOT_NUM_BLOCKS). Each signature block includes a public key. | ||||
|  */ | ||||
| typedef struct { | ||||
|     uint8_t key_digests[SECURE_BOOT_NUM_BLOCKS][ESP_SECURE_BOOT_DIGEST_LEN];    /* SHA of the public key components in the signature block */ | ||||
|     unsigned num_digests;                                       /* Number of valid digests, starting at index 0 */ | ||||
| } esp_image_sig_public_key_digests_t; | ||||
|  | ||||
| /** @brief Verify the RSA secure boot signature block for Secure Boot V2. | ||||
|  * | ||||
|  *  Performs RSA-PSS Verification of the SHA-256 image based on the public key | ||||
|  *  in the signature block, compared against the public key digest stored in efuse. | ||||
|  * | ||||
|  * Similar to esp_secure_boot_verify_signature(), but can be used when the digest is precalculated. | ||||
|  * @param sig_block Pointer to RSA signature block data | ||||
|  * @param image_digest Pointer to 32 byte buffer holding SHA-256 hash. | ||||
|  * @param verified_digest Pointer to 32 byte buffer that will receive verified digest if verification completes. (Used during bootloader implementation only, result is invalid otherwise.) | ||||
|  * | ||||
|  */ | ||||
| esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest); | ||||
| #endif // !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_3 | ||||
|  | ||||
| /** @brief Legacy ECDSA verification function | ||||
|  * | ||||
|  * @note Deprecated, call either esp_secure_boot_verify_ecdsa_signature_block() or esp_secure_boot_verify_rsa_signature_block() instead. | ||||
|  * | ||||
|  * @param sig_block Pointer to ECDSA signature block data | ||||
|  * @param image_digest Pointer to 32 byte buffer holding SHA-256 hash. | ||||
|  */ | ||||
| esp_err_t esp_secure_boot_verify_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest) | ||||
|     __attribute__((deprecated("use esp_secure_boot_verify_ecdsa_signature_block instead"))); | ||||
|  | ||||
|  | ||||
| #define FLASH_OFFS_SECURE_BOOT_IV_DIGEST 0 | ||||
|  | ||||
| /** @brief Secure boot IV+digest header */ | ||||
| typedef struct { | ||||
|     uint8_t iv[128]; | ||||
|     uint8_t digest[64]; | ||||
| } esp_secure_boot_iv_digest_t; | ||||
|  | ||||
| /** @brief Check the secure boot V2 during startup | ||||
|  * | ||||
|  * @note This function is called automatically during app startup, | ||||
|  * it doesn't need to be called from the app. | ||||
|  * | ||||
|  * Verifies the secure boot config during startup: | ||||
|  * | ||||
|  * - Correct any insecure secure boot settings | ||||
|  */ | ||||
| void esp_secure_boot_init_checks(void); | ||||
|  | ||||
| #if !BOOTLOADER_BUILD && CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME | ||||
|  | ||||
| /** @brief Scan the current running app for signature blocks | ||||
|  * | ||||
|  * @note This function doesn't verify that the signatures are valid or the | ||||
|  * corresponding public keys are trusted, it only reads the number of signature | ||||
|  * blocks present and optionally calculates the digests of the public keys | ||||
|  * provided in the signature blocks. | ||||
|  * | ||||
|  * @param digest_public_keys If true, the key_digests fields in the | ||||
|  * public_key_digests structure will be filled with the digests of the public | ||||
|  * key provided in each signature block. Note that if Secure Boot V2 is enabled, | ||||
|  * each public key will only be trusted if the same digest is also present in | ||||
|  * eFuse (but this is not checked by this function). | ||||
|  * | ||||
|  * @param public_key_digests[out] Structure is initialized with the num_digests | ||||
|  * field set to the number of signatures found. If digest_public_keys is set, | ||||
|  * the public key digests are also calculated and stored here. | ||||
|  * | ||||
|  * @return | ||||
|  *  - ESP_OK - At least one signature was found | ||||
|  *  - ESP_ERR_NOT_FOUND - No signatures were found, num_digests value will be zero | ||||
|  *  - ESP_FAIL - An error occured trying to read the signature blocks from flash | ||||
|  */ | ||||
| esp_err_t esp_secure_boot_get_signature_blocks_for_running_app(bool digest_public_keys, esp_image_sig_public_key_digests_t *public_key_digests); | ||||
|  | ||||
| #endif // !BOOTLOADER_BUILD && CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME | ||||
|  | ||||
| #ifdef __cplusplus | ||||
| } | ||||
| #endif | ||||
		Reference in New Issue
	
	Block a user