From b8dd163149f6064a7d9d9495c40c529e991f564c Mon Sep 17 00:00:00 2001 From: KonstantinKondrashov Date: Thu, 15 Jul 2021 22:41:35 +0500 Subject: [PATCH 1/3] efuse: Fix len of SOFT_DIS_JTAG for esp32c3 and esp32h2 --- components/efuse/esp32c3/esp_efuse_table.c | 4 ++-- components/efuse/esp32c3/esp_efuse_table.csv | 2 +- components/efuse/esp32c3/include/esp_efuse_table.h | 2 +- components/efuse/esp32h2/esp_efuse_table.c | 4 ++-- components/efuse/esp32h2/esp_efuse_table.csv | 2 +- components/efuse/esp32h2/include/esp_efuse_table.h | 2 +- components/esptool_py/esptool | 2 +- .../en/api-reference/system/inc/espefuse_summary_ESP32-C3.rst | 2 +- .../en/api-reference/system/inc/espefuse_summary_ESP32-S3.rst | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/components/efuse/esp32c3/esp_efuse_table.c b/components/efuse/esp32c3/esp_efuse_table.c index 3688cdf724..7615e16047 100644 --- a/components/efuse/esp32c3/esp_efuse_table.c +++ b/components/efuse/esp32c3/esp_efuse_table.c @@ -9,7 +9,7 @@ #include #include "esp_efuse_table.h" -// md5_digest_table 9e42b2f9dd879191ca75ad0cf50841a1 +// md5_digest_table 7a50fdd084e3b80b143c5bd2a36f9c26 // This file was generated from the file esp_efuse_table.csv. DO NOT CHANGE THIS FILE MANUALLY. // If you want to change some fields, you need to change esp_efuse_table.csv file // then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. @@ -192,7 +192,7 @@ static const esp_efuse_desc_t JTAG_SEL_ENABLE[] = { }; static const esp_efuse_desc_t SOFT_DIS_JTAG[] = { - {EFUSE_BLK0, 48, 2}, // Set these bits to disable JTAG in the soft way (odd number 1 means disable). JTAG can be enabled in HMAC module., + {EFUSE_BLK0, 48, 3}, // Set these bits to disable JTAG in the soft way (odd number 1 means disable). JTAG can be enabled in HMAC module., }; static const esp_efuse_desc_t DIS_PAD_JTAG[] = { diff --git a/components/efuse/esp32c3/esp_efuse_table.csv b/components/efuse/esp32c3/esp_efuse_table.csv index 8e4c63708a..f9c4cb8e12 100644 --- a/components/efuse/esp32c3/esp_efuse_table.csv +++ b/components/efuse/esp32c3/esp_efuse_table.csv @@ -59,7 +59,7 @@ DIS_USB, EFUSE_BLK0, 45, 1, Disable USB function DIS_CAN, EFUSE_BLK0, 46, 1, Disable CAN function JTAG_SEL_ENABLE, EFUSE_BLK0, 47, 1, Set this bit to enable selection between usb_to_jtag and pad_to_jtag through strapping gpio10 when both reg_dis_usb_jtag and reg_dis_pad_jtag are equal to 0. - SOFT_DIS_JTAG, EFUSE_BLK0, 48, 2, Set these bits to disable JTAG in the soft way (odd number 1 means disable). JTAG can be enabled in HMAC module. + SOFT_DIS_JTAG, EFUSE_BLK0, 48, 3, Set these bits to disable JTAG in the soft way (odd number 1 means disable). JTAG can be enabled in HMAC module. DIS_PAD_JTAG, EFUSE_BLK0, 51, 1, Disable JTAG in the hard way. JTAG is disabled permanently. DIS_DOWNLOAD_MANUAL_ENCRYPT, EFUSE_BLK0, 52, 1, Disable flash encryption when in download boot modes. USB_DREFH, EFUSE_BLK0, 53, 2, Controls single-end input threshold vrefh 1.76 V to 2 V with step of 80 mV stored in eFuse. diff --git a/components/efuse/esp32c3/include/esp_efuse_table.h b/components/efuse/esp32c3/include/esp_efuse_table.h index 465d5c29f8..96fba50913 100644 --- a/components/efuse/esp32c3/include/esp_efuse_table.h +++ b/components/efuse/esp32c3/include/esp_efuse_table.h @@ -9,7 +9,7 @@ extern "C" { #endif -// md5_digest_table 9e42b2f9dd879191ca75ad0cf50841a1 +// md5_digest_table 7a50fdd084e3b80b143c5bd2a36f9c26 // This file was generated from the file esp_efuse_table.csv. DO NOT CHANGE THIS FILE MANUALLY. // If you want to change some fields, you need to change esp_efuse_table.csv file // then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. diff --git a/components/efuse/esp32h2/esp_efuse_table.c b/components/efuse/esp32h2/esp_efuse_table.c index 040e3d712e..06060ed9d4 100644 --- a/components/efuse/esp32h2/esp_efuse_table.c +++ b/components/efuse/esp32h2/esp_efuse_table.c @@ -9,7 +9,7 @@ #include #include "esp_efuse_table.h" -// md5_digest_table aa238a3a131bf64a9386d3d4ce86a237 +// md5_digest_table 54e3ee07e1f682ea20e8af0561df669c // This file was generated from the file esp_efuse_table.csv. DO NOT CHANGE THIS FILE MANUALLY. // If you want to change some fields, you need to change esp_efuse_table.csv file // then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. @@ -192,7 +192,7 @@ static const esp_efuse_desc_t JTAG_SEL_ENABLE[] = { }; static const esp_efuse_desc_t SOFT_DIS_JTAG[] = { - {EFUSE_BLK0, 48, 2}, // Set these bits to disable JTAG in the soft way (odd number 1 means disable). JTAG can be enabled in HMAC module., + {EFUSE_BLK0, 48, 3}, // Set these bits to disable JTAG in the soft way (odd number 1 means disable). JTAG can be enabled in HMAC module., }; static const esp_efuse_desc_t DIS_PAD_JTAG[] = { diff --git a/components/efuse/esp32h2/esp_efuse_table.csv b/components/efuse/esp32h2/esp_efuse_table.csv index 241e9ff1dd..873440b2c7 100644 --- a/components/efuse/esp32h2/esp_efuse_table.csv +++ b/components/efuse/esp32h2/esp_efuse_table.csv @@ -60,7 +60,7 @@ DIS_USB, EFUSE_BLK0, 45, 1, Disable USB function DIS_CAN, EFUSE_BLK0, 46, 1, Disable CAN function JTAG_SEL_ENABLE, EFUSE_BLK0, 47, 1, Set this bit to enable selection between usb_to_jtag and pad_to_jtag through strapping gpio10 when both reg_dis_usb_jtag and reg_dis_pad_jtag are equal to 0. - SOFT_DIS_JTAG, EFUSE_BLK0, 48, 2, Set these bits to disable JTAG in the soft way (odd number 1 means disable). JTAG can be enabled in HMAC module. + SOFT_DIS_JTAG, EFUSE_BLK0, 48, 3, Set these bits to disable JTAG in the soft way (odd number 1 means disable). JTAG can be enabled in HMAC module. DIS_PAD_JTAG, EFUSE_BLK0, 51, 1, Disable JTAG in the hard way. JTAG is disabled permanently. DIS_DOWNLOAD_MANUAL_ENCRYPT, EFUSE_BLK0, 52, 1, Disable flash encryption when in download boot modes. USB_DREFH, EFUSE_BLK0, 53, 2, Controls single-end input threshold vrefh 1.76 V to 2 V with step of 80 mV stored in eFuse. diff --git a/components/efuse/esp32h2/include/esp_efuse_table.h b/components/efuse/esp32h2/include/esp_efuse_table.h index f3ccc00241..84c808a15d 100644 --- a/components/efuse/esp32h2/include/esp_efuse_table.h +++ b/components/efuse/esp32h2/include/esp_efuse_table.h @@ -9,7 +9,7 @@ extern "C" { #endif -// md5_digest_table aa238a3a131bf64a9386d3d4ce86a237 +// md5_digest_table 54e3ee07e1f682ea20e8af0561df669c // This file was generated from the file esp_efuse_table.csv. DO NOT CHANGE THIS FILE MANUALLY. // If you want to change some fields, you need to change esp_efuse_table.csv file // then run `efuse_common_table` or `efuse_custom_table` command it will generate this file. diff --git a/components/esptool_py/esptool b/components/esptool_py/esptool index 00f4bc967c..837c690284 160000 --- a/components/esptool_py/esptool +++ b/components/esptool_py/esptool @@ -1 +1 @@ -Subproject commit 00f4bc967c94b25e3190ebc007a0bf132ae42f02 +Subproject commit 837c69028472f727574293fcee8d3f1cd5a8909e diff --git a/docs/en/api-reference/system/inc/espefuse_summary_ESP32-C3.rst b/docs/en/api-reference/system/inc/espefuse_summary_ESP32-C3.rst index b5b25c9155..89d1059feb 100644 --- a/docs/en/api-reference/system/inc/espefuse_summary_ESP32-C3.rst +++ b/docs/en/api-reference/system/inc/espefuse_summary_ESP32-C3.rst @@ -56,7 +56,7 @@ ag and pad_to_jtag through strapping gpio10 when b oth reg_dis_usb_jtag and reg_dis_pad_jtag are equa l to 0. - SOFT_DIS_JTAG (BLOCK0) Software disables JTAG. When software disabled, JT = 0 R/W (0b00) + SOFT_DIS_JTAG (BLOCK0) Software disables JTAG. When software disabled, JT = 0 R/W (0b000) AG can be activated temporarily by HMAC peripheral DIS_PAD_JTAG (BLOCK0) Permanently disable JTAG access via pads. USB JTAG = False R/W (0b0) is controlled separately. diff --git a/docs/en/api-reference/system/inc/espefuse_summary_ESP32-S3.rst b/docs/en/api-reference/system/inc/espefuse_summary_ESP32-S3.rst index 42ae257b72..041f8abedc 100644 --- a/docs/en/api-reference/system/inc/espefuse_summary_ESP32-S3.rst +++ b/docs/en/api-reference/system/inc/espefuse_summary_ESP32-S3.rst @@ -68,7 +68,7 @@ BLOCK2_VERSION (BLOCK2) Version of BLOCK2 = With calibration R/W (0b001) Security fuses: - SOFT_DIS_JTAG (BLOCK0) Software disables JTAG. When software disabled, JT = False R/W (0b0) + SOFT_DIS_JTAG (BLOCK0) Software disables JTAG. When software disabled, JT = False R/W (0b000) AG can be activated temporarily by HMAC peripheral HARD_DIS_JTAG (BLOCK0) Hardware disables JTAG permanently = False R/W (0b0) DIS_DOWNLOAD_MANUAL_ENCRYPT (BLOCK0) Disables flash encryption when in download boot mo = False R/W (0b0) From 59bbfe5e38b3d148a89f0e897ea08af457c75719 Mon Sep 17 00:00:00 2001 From: KonstantinKondrashov Date: Wed, 21 Jul 2021 09:43:26 +0500 Subject: [PATCH 2/3] ci: Adds eFuse host test for ESP32-H2 chip --- .gitlab/ci/host-test.yml | 74 +++++++++++++++++----------------------- 1 file changed, 31 insertions(+), 43 deletions(-) diff --git a/.gitlab/ci/host-test.yml b/.gitlab/ci/host-test.yml index bb1f061ff9..e38ad92480 100644 --- a/.gitlab/ci/host-test.yml +++ b/.gitlab/ci/host-test.yml @@ -196,61 +196,49 @@ test_idf_tools: - cd ${IDF_PATH}/tools - python3 ./idf_tools.py install-python-env -test_esp32_efuse_table_on_host: +.test_efuse_table_on_host_template: extends: .host_test_template + variables: + IDF_TARGET: "esp32" artifacts: when: on_failure paths: - - components/efuse/esp32/esp_efuse_table.c + - components/efuse/${IDF_TARGET}/esp_efuse_table.c expire_in: 1 week script: - cd ${IDF_PATH}/components/efuse/ - - ./efuse_table_gen.py ${IDF_PATH}/components/efuse/esp32/esp_efuse_table.csv - - git diff --exit-code -- esp32/esp_efuse_table.c || { echo 'Differences found for esp32 target. Please run make efuse_common_table or idf.py efuse_common_table and commit the changes.'; exit 1; } + - ./efuse_table_gen.py -t "${IDF_TARGET}" ${IDF_PATH}/components/efuse/${IDF_TARGET}/esp_efuse_table.csv + - git diff --exit-code -- ${IDF_TARGET}/esp_efuse_table.c || { echo 'Differences found for ${IDF_TARGET} target. Please run make efuse_common_table or idf.py efuse_common_table and commit the changes.'; exit 1; } - cd ${IDF_PATH}/components/efuse/test_efuse_host - ./efuse_tests.py -test_esp32s2_efuse_table_on_host: - extends: .host_test_template - artifacts: - when: on_failure - paths: - - components/efuse/esp32s2/esp_efuse_table.c - expire_in: 1 week - script: - - cd ${IDF_PATH}/components/efuse/ - - ./efuse_table_gen.py -t "esp32s2" ${IDF_PATH}/components/efuse/esp32s2/esp_efuse_table.csv - - git diff --exit-code -- esp32s2/esp_efuse_table.c || { echo 'Differences found for esp32s2 target. Please run make efuse_common_table or idf.py efuse_common_table and commit the changes.'; exit 1; } - - cd ${IDF_PATH}/components/efuse/test_efuse_host - - ./efuse_tests.py +test_efuse_table_on_host_esp32: + extends: .test_efuse_table_on_host_template -test_esp32s3_efuse_table_on_host: - extends: .host_test_template - artifacts: - when: on_failure - paths: - - components/efuse/esp32s3/esp_efuse_table.c - expire_in: 1 week - script: - - cd ${IDF_PATH}/components/efuse/ - - ./efuse_table_gen.py -t "esp32s3" ${IDF_PATH}/components/efuse/esp32s3/esp_efuse_table.csv - - git diff --exit-code -- esp32s3/esp_efuse_table.c || { echo 'Differences found for esp32s3 target. Please run make efuse_common_table or idf.py efuse_common_table and commit the changes.'; exit 1; } - - cd ${IDF_PATH}/components/efuse/test_efuse_host - - ./efuse_tests.py +test_efuse_table_on_host_esp32s2: + extends: .test_efuse_table_on_host_template + variables: + IDF_TARGET: esp32s2 -test_esp32c3_efuse_table_on_host: - extends: .host_test_template - artifacts: - when: on_failure - paths: - - components/efuse/esp32c3/esp_efuse_table.c - expire_in: 1 week - script: - - cd ${IDF_PATH}/components/efuse/ - - ./efuse_table_gen.py -t "esp32c3" ${IDF_PATH}/components/efuse/esp32c3/esp_efuse_table.csv - - git diff --exit-code -- esp32c3/esp_efuse_table.c || { echo 'Differences found for esp32c3 target. Please run make efuse_common_table or idf.py efuse_common_table and commit the changes.'; exit 1; } - - cd ${IDF_PATH}/components/efuse/test_efuse_host - - ./efuse_tests.py +test_efuse_table_on_host_esp32s2: + extends: .test_efuse_table_on_host_template + variables: + IDF_TARGET: esp32s2 + +test_efuse_table_on_host_esp32s3: + extends: .test_efuse_table_on_host_template + variables: + IDF_TARGET: esp32s3 + +test_efuse_table_on_host_esp32c3: + extends: .test_efuse_table_on_host_template + variables: + IDF_TARGET: esp32c3 + +test_efuse_table_on_host_esp32h2: + extends: .test_efuse_table_on_host_template + variables: + IDF_TARGET: esp32h2 test_espcoredump: extends: .host_test_template From 92448e7bd7b5b537327bfe81cd3dc33c8bd8ec69 Mon Sep 17 00:00:00 2001 From: KonstantinKondrashov Date: Wed, 21 Jul 2021 12:04:38 +0500 Subject: [PATCH 3/3] secure_boot: Whole 3 bits are set for SOFT_DIS_JTAG eFuse --- .../src/esp32c3/secure_boot_secure_features.c | 2 +- components/bootloader_support/src/esp32h2/secure_boot.c | 2 +- .../src/esp32s3/secure_boot_secure_features.c | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c b/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c index bc37fba1ce..647d2fd988 100644 --- a/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c +++ b/components/bootloader_support/src/esp32c3/secure_boot_secure_features.c @@ -29,7 +29,7 @@ esp_err_t esp_secure_boot_enable_secure_features(void) ESP_LOGI(TAG, "Disable hardware & software JTAG..."); esp_efuse_write_field_bit(ESP_EFUSE_DIS_PAD_JTAG); esp_efuse_write_field_bit(ESP_EFUSE_DIS_USB_JTAG); - esp_efuse_write_field_bit(ESP_EFUSE_SOFT_DIS_JTAG); + esp_efuse_write_field_cnt(ESP_EFUSE_SOFT_DIS_JTAG, ESP_EFUSE_SOFT_DIS_JTAG[0]->bit_count); #else ESP_LOGW(TAG, "Not disabling JTAG - SECURITY COMPROMISED"); #endif diff --git a/components/bootloader_support/src/esp32h2/secure_boot.c b/components/bootloader_support/src/esp32h2/secure_boot.c index 3fd6e04792..359d7f28c1 100644 --- a/components/bootloader_support/src/esp32h2/secure_boot.c +++ b/components/bootloader_support/src/esp32h2/secure_boot.c @@ -261,7 +261,7 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag ESP_LOGI(TAG, "Disable hardware & software JTAG..."); esp_efuse_write_field_bit(ESP_EFUSE_DIS_PAD_JTAG); esp_efuse_write_field_bit(ESP_EFUSE_DIS_USB_JTAG); - esp_efuse_write_field_bit(ESP_EFUSE_SOFT_DIS_JTAG); + esp_efuse_write_field_cnt(ESP_EFUSE_SOFT_DIS_JTAG, ESP_EFUSE_SOFT_DIS_JTAG[0]->bit_count); #else ESP_LOGW(TAG, "Not disabling JTAG - SECURITY COMPROMISED"); #endif diff --git a/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c b/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c index 02228b3654..7d0bf0512a 100644 --- a/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c +++ b/components/bootloader_support/src/esp32s3/secure_boot_secure_features.c @@ -28,7 +28,7 @@ esp_err_t esp_secure_boot_enable_secure_features(void) #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG ESP_LOGI(TAG, "Disable hardware & software JTAG..."); esp_efuse_write_field_bit(ESP_EFUSE_HARD_DIS_JTAG); - esp_efuse_write_field_bit(ESP_EFUSE_SOFT_DIS_JTAG); + esp_efuse_write_field_cnt(ESP_EFUSE_SOFT_DIS_JTAG, ESP_EFUSE_SOFT_DIS_JTAG[0]->bit_count); #else ESP_LOGW(TAG, "Not disabling JTAG - SECURITY COMPROMISED"); #endif