2023-07-21 12:36:57 +08:00
|
|
|
/*
|
2025-01-03 14:27:19 +08:00
|
|
|
* SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
|
2023-07-21 12:36:57 +08:00
|
|
|
*
|
|
|
|
|
* SPDX-License-Identifier: Apache-2.0
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include "sdkconfig.h"
|
2024-07-04 23:57:11 +07:00
|
|
|
#include "esp_macros.h"
|
2023-07-21 12:36:57 +08:00
|
|
|
#include "esp_system.h"
|
|
|
|
|
#include "esp_private/system_internal.h"
|
|
|
|
|
#include "esp_attr.h"
|
|
|
|
|
#include "esp_log.h"
|
|
|
|
|
#include "esp_rom_sys.h"
|
|
|
|
|
#include "riscv/rv_utils.h"
|
|
|
|
|
#include "esp_rom_uart.h"
|
|
|
|
|
#include "soc/gpio_reg.h"
|
|
|
|
|
#include "esp_cpu.h"
|
|
|
|
|
#include "soc/rtc.h"
|
|
|
|
|
#include "esp_private/rtc_clk.h"
|
|
|
|
|
#include "soc/rtc_periph.h"
|
|
|
|
|
#include "soc/uart_reg.h"
|
|
|
|
|
#include "hal/wdt_hal.h"
|
|
|
|
|
#include "esp_private/cache_err_int.h"
|
|
|
|
|
|
|
|
|
|
#include "esp32p4/rom/cache.h"
|
|
|
|
|
#include "esp32p4/rom/rtc.h"
|
|
|
|
|
#include "soc/hp_sys_clkrst_reg.h"
|
|
|
|
|
#include "soc/lp_clkrst_reg.h"
|
|
|
|
|
#include "soc/hp_system_reg.h"
|
2025-01-03 14:27:19 +08:00
|
|
|
#include "hal/gdma_ll.h"
|
|
|
|
|
#include "hal/axi_dma_ll.h"
|
|
|
|
|
#include "hal/dw_gdma_ll.h"
|
|
|
|
|
#include "hal/dma2d_ll.h"
|
2023-07-21 12:36:57 +08:00
|
|
|
|
|
|
|
|
void IRAM_ATTR esp_system_reset_modules_on_exit(void)
|
|
|
|
|
{
|
|
|
|
|
// Flush any data left in UART FIFOs
|
2023-11-27 12:06:07 +08:00
|
|
|
for (int i = 0; i < SOC_UART_HP_NUM; ++i) {
|
|
|
|
|
if (uart_ll_is_enabled(i)) {
|
2024-01-17 17:19:49 +08:00
|
|
|
esp_rom_output_tx_wait_idle(i);
|
2023-11-27 12:06:07 +08:00
|
|
|
}
|
|
|
|
|
}
|
2023-07-21 12:36:57 +08:00
|
|
|
|
2025-01-03 14:27:19 +08:00
|
|
|
// Note: AXI bus doesn't allow an undergoing transaction to be interrupted in the middle
|
|
|
|
|
// If you want to reset a AXI master, you should make sure that the master is in IDLE first
|
|
|
|
|
if (gdma_ll_is_bus_clock_enabled(1)) {
|
|
|
|
|
for (int i = 0; i < GDMA_LL_AXI_PAIRS_PER_GROUP; i++) {
|
|
|
|
|
axi_dma_ll_tx_abort(AXI_DMA_LL_GET_HW(0), i, true);
|
|
|
|
|
axi_dma_ll_rx_abort(AXI_DMA_LL_GET_HW(0), i, true);
|
|
|
|
|
while (!axi_dma_ll_tx_is_reset_avail(AXI_DMA_LL_GET_HW(0), i));
|
|
|
|
|
while (!axi_dma_ll_rx_is_reset_avail(AXI_DMA_LL_GET_HW(0), i));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (dma2d_ll_is_bus_clock_enabled(0)) {
|
|
|
|
|
for (int i = 0; i < SOC_DMA2D_RX_CHANNELS_PER_GROUP; i++) {
|
|
|
|
|
dma2d_ll_rx_abort(DMA2D_LL_GET_HW(0), i, true);
|
|
|
|
|
while (!dma2d_ll_rx_is_reset_avail(DMA2D_LL_GET_HW(0), i));
|
|
|
|
|
}
|
|
|
|
|
for (int i = 0; i < SOC_DMA2D_TX_CHANNELS_PER_GROUP; i++) {
|
|
|
|
|
dma2d_ll_tx_abort(DMA2D_LL_GET_HW(0), i, true);
|
|
|
|
|
while (!dma2d_ll_tx_is_reset_avail(DMA2D_LL_GET_HW(0), i));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
if (dw_gdma_ll_is_bus_clock_enabled(0)) {
|
|
|
|
|
for (int i = 0; i < DW_GDMA_LL_CHANNELS_PER_GROUP; i++) {
|
|
|
|
|
dw_gdma_ll_channel_abort(DW_GDMA_LL_GET_HW(0), i);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2023-07-21 12:36:57 +08:00
|
|
|
// Set Peripheral clk rst
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_TIMERGRP1);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_STIMER);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN0_REG, HP_SYS_CLKRST_REG_RST_EN_DUAL_MSPI_AXI);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN0_REG, HP_SYS_CLKRST_REG_RST_EN_MSPI_AXI);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_UART0_CORE);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_UART1_CORE);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_UART2_CORE);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_UART3_CORE);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_UART4_CORE);
|
2024-07-03 18:03:06 +08:00
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_ADC);
|
2023-07-21 12:36:57 +08:00
|
|
|
|
|
|
|
|
// Clear Peripheral clk rst
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_TIMERGRP1);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_STIMER);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN0_REG, HP_SYS_CLKRST_REG_RST_EN_DUAL_MSPI_AXI);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN0_REG, HP_SYS_CLKRST_REG_RST_EN_MSPI_AXI);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_UART0_CORE);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_UART1_CORE);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_UART2_CORE);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_UART3_CORE);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN1_REG, HP_SYS_CLKRST_REG_RST_EN_UART4_CORE);
|
2024-07-03 18:03:06 +08:00
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_ADC);
|
2024-04-08 22:44:30 +05:30
|
|
|
|
fix(esp_system): reset crypto peripherals before device restart
This change addresses a rare but critical issue observed on certain
ESP32-C3 and ESP32-S3 devices, where secure boot verification
intermittently fails due to improper cleanup of crypto peripherals
during a restart.
Background – Restart Behavior in IDF
------------------------------------
In ESP-IDF, when the device restarts (via `esp_restart()` or due to a
panic/exception), a partial peripheral reset is performed followed by a
CPU reset. However, until now, crypto-related peripherals were not
included in this selective reset sequence.
Problem Scenario
----------------
If a restart occurs while the application is in the middle of a bignum
operation (i.e., using the MPI/Bignum peripheral), the ROM code may
encounter an inconsistent peripheral state during the subsequent boot.
This leads to transient RSA-PSS secure boot verification failures.
Following such a failure, the ROM typically triggers a full-chip reset
via the watchdog timer (WDT). This full reset clears the crypto
peripheral state, allowing secure boot verification to succeed on the
next boot.
Risk with Aggressive Revocation
-------------------------------
If secure boot aggressive revocation is enabled (disabled by default in
IDF), this transient verification failure could mistakenly lead to
revocation of the secure boot digest.
If your product configuration has aggressive revocation enabled,
applying this fix is strongly recommended.
Frequency of Occurrence
-----------------------
The issue is rare and only occurs in corner cases involving
simultaneous use of the MPI peripheral and an immediate CPU reset.
Fix
---
This fix ensures that all crypto peripherals are explicitly reset prior
to any software-triggered restart (including panic scenarios),
guaranteeing a clean peripheral state for the next boot and preventing
incorrect secure boot behavior.
2025-04-14 15:13:40 +05:30
|
|
|
// Reset crypto peripherals. This ensures a clean state for the crypto peripherals after a CPU restart
|
|
|
|
|
// and hence avoiding any possibility with crypto failure in ROM security workflows.
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_CRYPTO);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_AES);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_DS);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_ECC);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_ECDSA);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_HMAC);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_KM);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_RSA);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_SHA);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_CRYPTO);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_AES);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_DS);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_ECC);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_ECDSA);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_HMAC);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_KM);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_RSA);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_SHA);
|
|
|
|
|
|
2024-04-08 22:44:30 +05:30
|
|
|
#if CONFIG_ESP32P4_REV_MIN_FULL <= 100
|
|
|
|
|
// enable soc clk and reset parent crypto
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_SOC_CLK_CTRL1_REG, HP_SYS_CLKRST_REG_CRYPTO_SYS_CLK_EN);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_CRYPTO);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_CRYPTO);
|
|
|
|
|
|
|
|
|
|
// enable soc clk for key manager
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_SOC_CLK_CTRL1_REG, HP_SYS_CLKRST_REG_KEY_MANAGER_SYS_CLK_EN);
|
|
|
|
|
|
|
|
|
|
// enable key manager peripheral clock and reset
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_PERI_CLK_CTRL25_REG, HP_SYS_CLKRST_REG_CRYPTO_KM_CLK_EN);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_KM);
|
|
|
|
|
CLEAR_PERI_REG_MASK(HP_SYS_CLKRST_HP_RST_EN2_REG, HP_SYS_CLKRST_REG_RST_EN_KM);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if CONFIG_ESP32P4_REV_MIN_FULL == 0
|
|
|
|
|
// enable MPI, SHA and ECDSA peripheral clocks
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_PERI_CLK_CTRL25_REG, HP_SYS_CLKRST_REG_CRYPTO_RSA_CLK_EN);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_PERI_CLK_CTRL25_REG, HP_SYS_CLKRST_REG_CRYPTO_SHA_CLK_EN);
|
|
|
|
|
SET_PERI_REG_MASK(HP_SYS_CLKRST_PERI_CLK_CTRL25_REG, HP_SYS_CLKRST_REG_CRYPTO_ECDSA_CLK_EN);
|
|
|
|
|
#endif
|
2023-07-21 12:36:57 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* "inner" restart function for after RTOS, interrupts & anything else on this
|
|
|
|
|
* core are already stopped. Stalls other core, resets hardware,
|
|
|
|
|
* triggers restart.
|
|
|
|
|
*/
|
|
|
|
|
void IRAM_ATTR esp_restart_noos(void)
|
|
|
|
|
{
|
|
|
|
|
// Disable interrupts
|
|
|
|
|
rv_utils_intr_global_disable();
|
|
|
|
|
// Enable RTC watchdog for 1 second
|
|
|
|
|
wdt_hal_context_t rtc_wdt_ctx;
|
|
|
|
|
wdt_hal_init(&rtc_wdt_ctx, WDT_RWDT, 0, false);
|
|
|
|
|
uint32_t stage_timeout_ticks = (uint32_t)(1000ULL * rtc_clk_slow_freq_get_hz() / 1000ULL);
|
|
|
|
|
wdt_hal_write_protect_disable(&rtc_wdt_ctx);
|
|
|
|
|
wdt_hal_config_stage(&rtc_wdt_ctx, WDT_STAGE0, stage_timeout_ticks, WDT_STAGE_ACTION_RESET_SYSTEM);
|
|
|
|
|
wdt_hal_config_stage(&rtc_wdt_ctx, WDT_STAGE1, stage_timeout_ticks, WDT_STAGE_ACTION_RESET_RTC);
|
|
|
|
|
//Enable flash boot mode so that flash booting after restart is protected by the RTC WDT.
|
|
|
|
|
wdt_hal_set_flashboot_en(&rtc_wdt_ctx, true);
|
|
|
|
|
wdt_hal_write_protect_enable(&rtc_wdt_ctx);
|
|
|
|
|
|
|
|
|
|
const uint32_t core_id = esp_cpu_get_core_id();
|
2023-10-30 01:23:23 -05:00
|
|
|
#if !CONFIG_ESP_SYSTEM_SINGLE_CORE_MODE
|
2023-07-21 12:36:57 +08:00
|
|
|
const uint32_t other_core_id = (core_id == 0) ? 1 : 0;
|
|
|
|
|
esp_cpu_reset(other_core_id);
|
|
|
|
|
esp_cpu_stall(other_core_id);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
// Disable TG0/TG1 watchdogs
|
|
|
|
|
wdt_hal_context_t wdt0_context = {.inst = WDT_MWDT0, .mwdt_dev = &TIMERG0};
|
|
|
|
|
wdt_hal_write_protect_disable(&wdt0_context);
|
|
|
|
|
wdt_hal_disable(&wdt0_context);
|
|
|
|
|
wdt_hal_write_protect_enable(&wdt0_context);
|
|
|
|
|
|
|
|
|
|
wdt_hal_context_t wdt1_context = {.inst = WDT_MWDT1, .mwdt_dev = &TIMERG1};
|
|
|
|
|
wdt_hal_write_protect_disable(&wdt1_context);
|
|
|
|
|
wdt_hal_disable(&wdt1_context);
|
|
|
|
|
wdt_hal_write_protect_enable(&wdt1_context);
|
|
|
|
|
|
|
|
|
|
// Disable cache
|
2024-11-08 18:44:14 +08:00
|
|
|
#if CONFIG_SPIRAM
|
|
|
|
|
Cache_WriteBack_All(CACHE_MAP_L1_DCACHE);
|
|
|
|
|
#endif
|
2023-07-21 12:36:57 +08:00
|
|
|
Cache_Disable_L2_Cache();
|
|
|
|
|
|
|
|
|
|
esp_system_reset_modules_on_exit();
|
|
|
|
|
|
2023-12-15 16:19:44 +08:00
|
|
|
// Set CPU back to XTAL source (and MEM_CLK, APB_CLK back to power-on reset frequencies), same as hard reset, keep CPLL on.
|
2023-07-21 12:36:57 +08:00
|
|
|
#if !CONFIG_IDF_ENV_FPGA
|
2023-12-15 16:19:44 +08:00
|
|
|
rtc_clk_cpu_set_to_default_config();
|
2023-07-21 12:36:57 +08:00
|
|
|
#endif
|
|
|
|
|
|
2023-10-30 01:23:23 -05:00
|
|
|
#if !CONFIG_ESP_SYSTEM_SINGLE_CORE_MODE
|
2023-07-21 12:36:57 +08:00
|
|
|
// clear entry point for APP CPU
|
|
|
|
|
ets_set_appcpu_boot_addr(0);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#if CONFIG_SPIRAM_INSTRUCTIONS_RODATA
|
|
|
|
|
//TODO: IDF-7556
|
|
|
|
|
// disable remap if enabled in menuconfig
|
|
|
|
|
REG_CLR_BIT(HP_SYS_HP_PSRAM_FLASH_ADDR_INTERCHANGE_REG, HP_SYS_HP_PSRAM_FLASH_ADDR_INTERCHANGE_DMA | HP_SYS_HP_PSRAM_FLASH_ADDR_INTERCHANGE_CPU);
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
// Reset CPUs
|
|
|
|
|
if (core_id == 0) {
|
|
|
|
|
// Running on PRO CPU: APP CPU is stalled. Can reset both CPUs.
|
2023-10-30 01:23:23 -05:00
|
|
|
#if !CONFIG_ESP_SYSTEM_SINGLE_CORE_MODE
|
2023-07-21 12:36:57 +08:00
|
|
|
esp_cpu_reset(1);
|
|
|
|
|
#endif
|
|
|
|
|
esp_cpu_reset(0);
|
|
|
|
|
}
|
2023-10-30 01:23:23 -05:00
|
|
|
#if !CONFIG_ESP_SYSTEM_SINGLE_CORE_MODE
|
2023-07-21 12:36:57 +08:00
|
|
|
else {
|
|
|
|
|
// Running on APP CPU: need to reset PRO CPU and unstall it,
|
|
|
|
|
// then reset APP CPU
|
|
|
|
|
esp_cpu_reset(0);
|
|
|
|
|
esp_cpu_unstall(0);
|
|
|
|
|
esp_cpu_reset(1);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2024-07-04 23:57:11 +07:00
|
|
|
ESP_INFINITE_LOOP();
|
2023-07-21 12:36:57 +08:00
|
|
|
}
|
