Update IDF libs to 9314bf0

2025-07-01 04:50:58 +02:00 · 2017-08-01 08:51:04 +03:00
parent b34d18f576
commit ca7f6cc516
171 changed files with 3099 additions and 10267 deletions
--- a/tools/sdk/include/bootloader_support/esp_image_format.h
+++ b/tools/sdk/include/bootloader_support/esp_image_format.h
@ -11,11 +11,11 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-#ifndef __ESP32_IMAGE_FORMAT_H
-#define __ESP32_IMAGE_FORMAT_H
+#pragma once

 #include <stdbool.h>
 #include <esp_err.h>
+#include "esp_flash_partitions.h"

 #define ESP_ERR_IMAGE_BASE       0x2000
 #define ESP_ERR_IMAGE_FLASH_FAIL (ESP_ERR_IMAGE_BASE + 1)
@ -59,13 +59,27 @@ typedef enum {
 typedef struct {
    uint8_t magic;
    uint8_t segment_count;
-    uint8_t spi_mode;      /* flash read mode (esp_image_spi_mode_t as uint8_t) */
-    uint8_t spi_speed: 4;  /* flash frequency (esp_image_spi_freq_t as uint8_t) */
-    uint8_t spi_size: 4;   /* flash chip size (esp_image_flash_size_t as uint8_t) */
+    /* flash read mode (esp_image_spi_mode_t as uint8_t) */
+    uint8_t spi_mode;
+    /* flash frequency (esp_image_spi_freq_t as uint8_t) */
+    uint8_t spi_speed: 4;
+    /* flash chip size (esp_image_flash_size_t as uint8_t) */
+    uint8_t spi_size: 4;
    uint32_t entry_addr;
-    uint8_t encrypt_flag;    /* encrypt flag */
-    uint8_t extra_header[15]; /* ESP32 additional header, unused by second bootloader */
-}  esp_image_header_t;
+    /* WP pin when SPI pins set via efuse (read by ROM bootloader, the IDF bootloader uses software to configure the WP
+     * pin and sets this field to 0xEE=disabled) */
+    uint8_t wp_pin;
+    /* Drive settings for the SPI flash pins (read by ROM bootloader) */
+    uint8_t spi_pin_drv[3];
+    /* Reserved bytes in ESP32 additional header space, currently unused */
+    uint8_t reserved[11];
+    /* If 1, a SHA256 digest "simple hash" (of the entire image) is appended after the checksum. Included in image length. This digest
+     * is separate to secure boot and only used for detecting corruption. For secure boot signed images, the signature
+     * is appended after this (and the simple hash is included in the signed data). */
+    uint8_t hash_appended;
+} __attribute__((packed))  esp_image_header_t;
+
+_Static_assert(sizeof(esp_image_header_t) == 24, "binary image header should be 24 bytes");

 /* Header of binary image segment */
 typedef struct {
@ -73,62 +87,60 @@ typedef struct {
    uint32_t data_len;
 } esp_image_segment_header_t;

+#define ESP_IMAGE_MAX_SEGMENTS 16
+
+/* Structure to hold on-flash image metadata */
+typedef struct {
+  uint32_t start_addr;   /* Start address of image */
+  esp_image_header_t image; /* Header for entire image */
+  esp_image_segment_header_t segments[ESP_IMAGE_MAX_SEGMENTS]; /* Per-segment header data */
+  uint32_t segment_data[ESP_IMAGE_MAX_SEGMENTS]; /* Data offsets for each segment */
+  uint32_t image_len; /* Length of image on flash, in bytes */
+} esp_image_metadata_t;
+
+/* Mode selection for esp_image_load() */
+typedef enum {
+    ESP_IMAGE_VERIFY,        /* Verify image contents, load metadata. Print errorsors. */
+    ESP_IMAGE_VERIFY_SILENT, /* Verify image contents, load metadata. Don't print errors. */
+#ifdef BOOTLOADER_BUILD
+    ESP_IMAGE_LOAD,          /* Verify image contents, load to memory. Print errors. */
+#endif
+} esp_image_load_mode_t;

 /**
- * @brief Read an ESP image header from flash.
+ * @brief Verify and (optionally, in bootloader mode) load an app image.
 *
 * If encryption is enabled, data will be transparently decrypted.
 *
- * @param src_addr Address in flash to load image header. Must be 4 byte aligned.
- * @param log_errors Log error output if image header appears invalid.
- * @param[out] image_header Pointer to an esp_image_header_t struture to be filled with data. If the function fails, contents are undefined.
- *
- * @return ESP_OK if image header was loaded, ESP_ERR_IMAGE_FLASH_FAIL
- * if a SPI flash error occurs, ESP_ERR_IMAGE_INVALID if the image header
- * appears invalid.
- */
-esp_err_t esp_image_load_header(uint32_t src_addr, bool log_errors, esp_image_header_t *image_header);
-
-/**
- * @brief Read the segment header and data offset of a segment in the image.
- *
- * If encryption is enabled, data will be transparently decrypted.
- *
- * @param index Index of the segment to load information for.
- * @param src_addr Base address in flash of the image.
- * @param[in] image_header Pointer to the flash image header, already loaded by @ref esp_image_load_header().
- * @param log_errors Log errors reading the segment header.
- * @param[out] segment_header Pointer to a segment header structure to be filled with data. If the function fails, contents are undefined.
- * @param[out] segment_data_offset Pointer to the data offset of the segment.
- *
- * @return ESP_OK if segment_header & segment_data_offset were loaded successfully, ESP_ERR_IMAGE_FLASH_FAIL if a SPI flash error occurs, ESP_ERR_IMAGE_INVALID if the image header appears invalid, ESP_ERR_INVALID_ARG if the index is invalid.
- */
-esp_err_t esp_image_load_segment_header(uint8_t index, uint32_t src_addr, const esp_image_header_t *image_header, bool log_errors, esp_image_segment_header_t *segment_header, uint32_t *segment_data_offset);
-
-
-/**
- * @brief Non-cryptographically validate app image integrity. On success, length of image is provided to caller.
- *
- * If the image has a secure boot signature appended, the signature is not checked and this length is not included in the
- * output value.
+ * @param mode Mode of operation (verify, silent verify, or load).
+ * @param part Partition to load the app from.
+ * @param[inout] data Pointer to the image metadata structure which is be filled in by this function. 'start_addr' member should be set (to the start address of the image.) Other fields will all be initialised by this function.
 *
 * Image validation checks:
- * - Magic byte
- * - No single segment longer than 16MB
- * - Total image no longer than 16MB
- * - 8 bit image checksum is valid
- *
- * If flash encryption is enabled, the image will be tranpsarently decrypted.
- *
- * @param src_addr Offset of the start of the image in flash. Must be 4 byte aligned.
- * @param allow_decrypt If true and flash encryption is enabled, the image will be transparently decrypted.
- * @param log_errors Log errors verifying the image.
- * @param[out] length Length of the image, set to a value if the image is valid. Can be null.
- *
- * @return ESP_OK if image is valid, ESP_FAIL or ESP_ERR_IMAGE_INVALID on errors.
+ * - Magic byte.
+ * - Partition smaller than 16MB.
+ * - All segments & image fit in partition.
+ * - 8 bit image checksum is valid.
+ * - SHA-256 of image is valid (if image has this appended).
+ * - (Signature) if signature verification is enabled.
 *
+ * @return
+ * - ESP_OK if verify or load was successful
+ * - ESP_ERR_IMAGE_FLASH_FAIL if a SPI flash error occurs
+ * - ESP_ERR_IMAGE_INVALID if the image appears invalid.
+ * - ESP_ERR_INVALID_ARG if the partition or data pointers are invalid.
 */
-esp_err_t esp_image_basic_verify(uint32_t src_addr, bool log_errors, uint32_t *length);
+esp_err_t esp_image_load(esp_image_load_mode_t mode, const esp_partition_pos_t *part, esp_image_metadata_t *data);
+
+/**
+ * @brief Verify the bootloader image.
+ *
+ * @param[out] If result is ESP_OK and this pointer is non-NULL, it
+ * will be set to the length of the bootloader image.
+ *
+ * @return As per esp_image_load_metadata().
+ */
+esp_err_t esp_image_verify_bootloader(uint32_t *length);


 typedef struct {
@ -139,5 +151,3 @@ typedef struct {
    uint32_t irom_load_addr;
    uint32_t irom_size;
 } esp_image_flash_mapping_t;
-
-#endif
--- a/tools/sdk/include/bootloader_support/esp_secure_boot.h
+++ b/tools/sdk/include/bootloader_support/esp_secure_boot.h
@ -11,13 +11,16 @@
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.
-#ifndef __ESP32_SECUREBOOT_H
-#define __ESP32_SECUREBOOT_H
+#pragma once

 #include <stdbool.h>
 #include <esp_err.h>
 #include "soc/efuse_reg.h"

+#ifdef __cplusplus
+extern "C" {
+#endif
+
 /* Support functions for secure boot features.

   Can be compiled as part of app or bootloader code.
@ -74,12 +77,22 @@ esp_err_t esp_secure_boot_permanently_enable(void);
 */
 esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length);

+/** @brief Verify the secure boot signature block (deterministic ECDSA w/ SHA256) based on the SHA256 hash of some data.
+ *
+ * Similar to esp_secure_boot_verify_signature(), but can be used when the digest is precalculated.
+ * @param sig_block Pointer to signature block data
+ * @param image_digest Pointer to 32 byte buffer holding SHA-256 hash.
+ *
+ */
+
 /** @brief Secure boot verification block, on-flash data format. */
 typedef struct {
    uint32_t version;
    uint8_t signature[64];
 } esp_secure_boot_sig_block_t;

+esp_err_t esp_secure_boot_verify_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest);
+
 #define FLASH_OFFS_SECURE_BOOT_IV_DIGEST 0

 /** @brief Secure boot IV+digest header */
@ -88,4 +101,7 @@ typedef struct {
    uint8_t digest[64];
 } esp_secure_boot_iv_digest_t;

+
+#ifdef __cplusplus
+}
 #endif