Merge branch 'master' into feature/esp32s2beta_update

2025-11-10 12:02:05 +01:00 · 2019-08-08 13:44:24 +10:00
parent 1877a9fcd8 16b300bd7a
commit 24d26fccde
2414 changed files with 160787 additions and 45783 deletions
--- a/components/bootloader_support/src/esp32/bootloader_flash_config_esp32.c
+++ b/components/bootloader_support/src/esp32/bootloader_flash_config_esp32.c
@@ -0,0 +1,165 @@
+// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <stdbool.h>
+#include <assert.h>
+#include "string.h"
+#include "sdkconfig.h"
+#include "esp_err.h"
+#include "esp_log.h"
+#include "esp32/rom/gpio.h"
+#include "esp32/rom/spi_flash.h"
+#include "esp32/rom/efuse.h"
+#include "soc/gpio_periph.h"
+#include "soc/efuse_reg.h"
+#include "soc/spi_reg.h"
+#include "soc/spi_caps.h"
+#include "flash_qio_mode.h"
+#include "bootloader_flash_config.h"
+
+void bootloader_flash_update_id()
+{
+    g_rom_flashchip.device_id = bootloader_read_flash_id();
+}
+
+void IRAM_ATTR bootloader_flash_cs_timing_config()
+{
+    SET_PERI_REG_MASK(SPI_USER_REG(0), SPI_CS_HOLD_M | SPI_CS_SETUP_M);
+    SET_PERI_REG_BITS(SPI_CTRL2_REG(0), SPI_HOLD_TIME_V, 1, SPI_HOLD_TIME_S);
+    SET_PERI_REG_BITS(SPI_CTRL2_REG(0), SPI_SETUP_TIME_V, 0, SPI_SETUP_TIME_S);
+    SET_PERI_REG_MASK(SPI_USER_REG(1), SPI_CS_HOLD_M | SPI_CS_SETUP_M);
+    SET_PERI_REG_BITS(SPI_CTRL2_REG(1), SPI_HOLD_TIME_V, 1, SPI_HOLD_TIME_S);
+    SET_PERI_REG_BITS(SPI_CTRL2_REG(1), SPI_SETUP_TIME_V, 0, SPI_SETUP_TIME_S);
+}
+
+void IRAM_ATTR bootloader_flash_clock_config(const esp_image_header_t* pfhdr)
+{
+    uint32_t spi_clk_div = 0;
+    switch (pfhdr->spi_speed) {
+        case ESP_IMAGE_SPI_SPEED_80M:
+            spi_clk_div = 1;
+            break;
+        case ESP_IMAGE_SPI_SPEED_40M:
+            spi_clk_div = 2;
+            break;
+        case ESP_IMAGE_SPI_SPEED_26M:
+            spi_clk_div = 3;
+            break;
+        case ESP_IMAGE_SPI_SPEED_20M:
+            spi_clk_div = 4;
+            break;
+        default:
+            break;
+    }
+    esp_rom_spiflash_config_clk(spi_clk_div, 0);
+}
+
+void IRAM_ATTR bootloader_flash_gpio_config(const esp_image_header_t* pfhdr)
+{
+    uint32_t drv = 2;
+    if (pfhdr->spi_speed == ESP_IMAGE_SPI_SPEED_80M) {
+        drv = 3;
+    }
+
+    uint32_t chip_ver = REG_GET_FIELD(EFUSE_BLK0_RDATA3_REG, EFUSE_RD_CHIP_VER_PKG);
+    uint32_t pkg_ver = chip_ver & 0x7;
+
+    if (pkg_ver == EFUSE_RD_CHIP_VER_PKG_ESP32D2WDQ5) {
+        // For ESP32D2WD the SPI pins are already configured
+        // flash clock signal should come from IO MUX.
+        PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CLK_U, FUNC_SD_CLK_SPICLK);
+        SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, drv, FUN_DRV_S);
+    } else if (pkg_ver == EFUSE_RD_CHIP_VER_PKG_ESP32PICOD2) {
+        // For ESP32PICOD2 the SPI pins are already configured
+        // flash clock signal should come from IO MUX.
+        PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CLK_U, FUNC_SD_CLK_SPICLK);
+        SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, drv, FUN_DRV_S);
+    } else if (pkg_ver == EFUSE_RD_CHIP_VER_PKG_ESP32PICOD4) {
+        // For ESP32PICOD4 the SPI pins are already configured
+        // flash clock signal should come from IO MUX.
+        PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CLK_U, FUNC_SD_CLK_SPICLK);
+        SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, drv, FUN_DRV_S);
+    } else {
+        const uint32_t spiconfig = ets_efuse_get_spiconfig();
+        if (spiconfig == EFUSE_SPICONFIG_SPI_DEFAULTS) {
+            gpio_matrix_out(SPI_IOMUX_PIN_NUM_CS, SPICS0_OUT_IDX, 0, 0);
+            gpio_matrix_out(SPI_IOMUX_PIN_NUM_MISO, SPIQ_OUT_IDX, 0, 0);
+            gpio_matrix_in(SPI_IOMUX_PIN_NUM_MISO, SPIQ_IN_IDX, 0);
+            gpio_matrix_out(SPI_IOMUX_PIN_NUM_MOSI, SPID_OUT_IDX, 0, 0);
+            gpio_matrix_in(SPI_IOMUX_PIN_NUM_MOSI, SPID_IN_IDX, 0);
+            gpio_matrix_out(SPI_IOMUX_PIN_NUM_WP, SPIWP_OUT_IDX, 0, 0);
+            gpio_matrix_in(SPI_IOMUX_PIN_NUM_WP, SPIWP_IN_IDX, 0);
+            gpio_matrix_out(SPI_IOMUX_PIN_NUM_HD, SPIHD_OUT_IDX, 0, 0);
+            gpio_matrix_in(SPI_IOMUX_PIN_NUM_HD, SPIHD_IN_IDX, 0);
+            //select pin function gpio
+            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_DATA0_U, PIN_FUNC_GPIO);
+            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_DATA1_U, PIN_FUNC_GPIO);
+            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_DATA2_U, PIN_FUNC_GPIO);
+            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_DATA3_U, PIN_FUNC_GPIO);
+            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CMD_U, PIN_FUNC_GPIO);
+            // flash clock signal should come from IO MUX.
+            // set drive ability for clock
+            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CLK_U, FUNC_SD_CLK_SPICLK);
+            SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, drv, FUN_DRV_S);
+
+            uint32_t flash_id = g_rom_flashchip.device_id;
+            if (flash_id == FLASH_ID_GD25LQ32C) {
+                // Set drive ability for 1.8v flash in 80Mhz.
+                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_DATA0_U, FUN_DRV, 3, FUN_DRV_S);
+                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_DATA1_U, FUN_DRV, 3, FUN_DRV_S);
+                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_DATA2_U, FUN_DRV, 3, FUN_DRV_S);
+                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_DATA3_U, FUN_DRV, 3, FUN_DRV_S);
+                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CMD_U,   FUN_DRV, 3, FUN_DRV_S);
+                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U,   FUN_DRV, 3, FUN_DRV_S);
+            }
+        }
+    }
+}
+
+void IRAM_ATTR bootloader_flash_dummy_config(const esp_image_header_t* pfhdr)
+{
+    int spi_cache_dummy = 0;
+    uint32_t modebit = READ_PERI_REG(SPI_CTRL_REG(0));
+    if (modebit & SPI_FASTRD_MODE) {
+        if (modebit & SPI_FREAD_QIO) {    //SPI mode is QIO
+            spi_cache_dummy = SPI0_R_QIO_DUMMY_CYCLELEN;
+        } else if (modebit & SPI_FREAD_DIO) {    //SPI mode is DIO
+            spi_cache_dummy = SPI0_R_DIO_DUMMY_CYCLELEN;
+            SET_PERI_REG_BITS(SPI_USER1_REG(0), SPI_USR_ADDR_BITLEN_V, SPI0_R_DIO_ADDR_BITSLEN, SPI_USR_ADDR_BITLEN_S);
+        } else if(modebit & (SPI_FREAD_QUAD | SPI_FREAD_DUAL))  {    //SPI mode is QOUT or DIO
+            spi_cache_dummy = SPI0_R_FAST_DUMMY_CYCLELEN;
+        }
+    }
+
+    extern uint8_t g_rom_spiflash_dummy_len_plus[];
+    switch (pfhdr->spi_speed) {
+        case ESP_IMAGE_SPI_SPEED_80M:
+            g_rom_spiflash_dummy_len_plus[0] = ESP_ROM_SPIFLASH_DUMMY_LEN_PLUS_80M;
+            g_rom_spiflash_dummy_len_plus[1] = ESP_ROM_SPIFLASH_DUMMY_LEN_PLUS_80M;
+            break;
+        case ESP_IMAGE_SPI_SPEED_40M:
+            g_rom_spiflash_dummy_len_plus[0] = ESP_ROM_SPIFLASH_DUMMY_LEN_PLUS_40M;
+            g_rom_spiflash_dummy_len_plus[1] = ESP_ROM_SPIFLASH_DUMMY_LEN_PLUS_40M;
+            break;
+        case ESP_IMAGE_SPI_SPEED_26M:
+        case ESP_IMAGE_SPI_SPEED_20M:
+            g_rom_spiflash_dummy_len_plus[0] = ESP_ROM_SPIFLASH_DUMMY_LEN_PLUS_20M;
+            g_rom_spiflash_dummy_len_plus[1] = ESP_ROM_SPIFLASH_DUMMY_LEN_PLUS_20M;
+            break;
+        default:
+            break;
+    }
+
+    SET_PERI_REG_BITS(SPI_USER1_REG(0), SPI_USR_DUMMY_CYCLELEN_V, spi_cache_dummy + g_rom_spiflash_dummy_len_plus[0],
+            SPI_USR_DUMMY_CYCLELEN_S);
+}
--- a/components/bootloader_support/src/esp32/flash_encrypt.c
+++ b/components/bootloader_support/src/esp32/flash_encrypt.c
@@ -27,6 +27,12 @@
 #include "esp32/rom/cache.h"
 #include "esp32/rom/spi_flash.h"   /* TODO: Remove this */

+/* This file implements FLASH ENCRYPTION related APIs to perform
+ * various operations such as programming necessary flash encryption
+ * eFuses, detect whether flash encryption is enabled (by reading eFuse)
+ * and if required encrypt the partitions in flash memory
+ */
+
 static const char *TAG = "flash_encrypt";

 /* Static functions for stages of flash encryption */
@@ -203,7 +209,13 @@ static esp_err_t encrypt_flash_contents(uint32_t flash_crypt_cnt, bool flash_cry
    /* ffs_inv shouldn't be zero, as zero implies flash_crypt_cnt == EFUSE_RD_FLASH_CRYPT_CNT (0x7F) */
    uint32_t new_flash_crypt_cnt = flash_crypt_cnt + (1 << (ffs_inv - 1));
    ESP_LOGD(TAG, "FLASH_CRYPT_CNT 0x%x -> 0x%x", flash_crypt_cnt, new_flash_crypt_cnt);
-    REG_SET_FIELD(EFUSE_BLK0_WDATA0_REG, EFUSE_FLASH_CRYPT_CNT, new_flash_crypt_cnt);
+    uint32_t wdata0_reg = ((new_flash_crypt_cnt & EFUSE_FLASH_CRYPT_CNT) << EFUSE_FLASH_CRYPT_CNT_S);
+#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
+    ESP_LOGI(TAG, "Write protecting FLASH_CRYPT_CNT eFuse");
+    wdata0_reg |= EFUSE_WR_DIS_FLASH_CRYPT_CNT;
+#endif
+
+    REG_WRITE(EFUSE_BLK0_WDATA0_REG, wdata0_reg);
    esp_efuse_burn_new_values();

    ESP_LOGI(TAG, "Flash encryption completed");
@@ -337,14 +349,4 @@ esp_err_t esp_flash_encrypt_region(uint32_t src_addr, size_t data_length)
 flash_failed:
    ESP_LOGE(TAG, "flash operation failed: 0x%x", err);
    return err;
-}
-
-void esp_flash_write_protect_crypt_cnt()
-{
-    uint32_t efuse_blk0 = REG_READ(EFUSE_BLK0_RDATA0_REG);
-    bool flash_crypt_wr_dis = efuse_blk0 & EFUSE_WR_DIS_FLASH_CRYPT_CNT;
-    if(!flash_crypt_wr_dis) {
-        REG_WRITE(EFUSE_BLK0_WDATA0_REG, EFUSE_WR_DIS_FLASH_CRYPT_CNT);
-        esp_efuse_burn_new_values();
-    }
-}
+}
--- a/components/bootloader_support/src/esp32/secure_boot_signatures.c
+++ b/components/bootloader_support/src/esp32/secure_boot_signatures.c
@@ -21,7 +21,7 @@
 #include "esp32/rom/sha.h"
 #include "uECC.h"

-typedef SHA_CTX sha_context;
+#include <sys/param.h>

 static const char *TAG = "secure_boot";

@@ -32,6 +32,9 @@ extern const uint8_t signature_verification_key_end[] asm("_binary_signature_ver

 #define DIGEST_LEN 32

+/* Mmap source address mask */
+#define MMAP_ALIGNED_MASK 0x0000FFFF
+
 esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
 {
    uint8_t digest[DIGEST_LEN];
@@ -40,21 +43,44 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)

    ESP_LOGD(TAG, "verifying signature src_addr 0x%x length 0x%x", src_addr, length);

-    data = bootloader_mmap(src_addr, length + sizeof(esp_secure_boot_sig_block_t));
-    if (data == NULL) {
-        ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", src_addr, length + sizeof(esp_secure_boot_sig_block_t));
-        return ESP_FAIL;
+    bootloader_sha256_handle_t handle = bootloader_sha256_start();
+
+    uint32_t free_page_count = bootloader_mmap_get_free_pages();
+    ESP_LOGD(TAG, "free data page_count 0x%08x", free_page_count);
+
+    int32_t data_len_remain = length;
+    uint32_t data_addr = src_addr;
+    while (data_len_remain > 0) {
+        uint32_t offset_page = ((data_addr & MMAP_ALIGNED_MASK) != 0) ? 1 : 0;
+        /* Data we could map in case we are not aligned to PAGE boundary is one page size lesser. */
+        uint32_t data_len = MIN(data_len_remain, ((free_page_count - offset_page) * SPI_FLASH_MMU_PAGE_SIZE));
+        data = (const uint8_t *) bootloader_mmap(data_addr, data_len);
+        if(!data) {
+            ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", data_addr, data_len);
+            bootloader_sha256_finish(handle, NULL);
+            return ESP_FAIL;
+        }
+        bootloader_sha256_data(handle, data, data_len);
+        bootloader_munmap(data);
+
+        data_addr += data_len;
+        data_len_remain -= data_len;
    }

-    // Calculate digest of main image
-    bootloader_sha256_handle_t handle = bootloader_sha256_start();
-    bootloader_sha256_data(handle, data, length);
+    /* Done! Get the digest */
    bootloader_sha256_finish(handle, digest);

-    // Map the signature block and verify the signature
-    sigblock = (const esp_secure_boot_sig_block_t *)(data + length);
+    // Map the signature block
+    sigblock = (const esp_secure_boot_sig_block_t *) bootloader_mmap(src_addr + length, sizeof(esp_secure_boot_sig_block_t));
+    if(!sigblock) {
+        ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", src_addr + length, sizeof(esp_secure_boot_sig_block_t));
+        return ESP_FAIL;
+    }
+    // Verify the signature
    esp_err_t err = esp_secure_boot_verify_signature_block(sigblock, digest);
-    bootloader_munmap(data);
+    // Unmap
+    bootloader_munmap(sigblock);
+
    return err;
 }