diff --git a/components/bootloader_support/src/esp32s3/flash_encryption_secure_features.c b/components/bootloader_support/src/esp32s3/flash_encryption_secure_features.c index 60e0c868e2..837d0e36c9 100644 --- a/components/bootloader_support/src/esp32s3/flash_encryption_secure_features.c +++ b/components/bootloader_support/src/esp32s3/flash_encryption_secure_features.c @@ -34,6 +34,7 @@ esp_err_t esp_flash_encryption_enable_secure_features(void) #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG ESP_LOGI(TAG, "Disable JTAG..."); esp_efuse_write_field_bit(ESP_EFUSE_HARD_DIS_JTAG); + esp_efuse_write_field_bit(ESP_EFUSE_DIS_USB_JTAG); #else ESP_LOGW(TAG, "Not disabling JTAG - SECURITY COMPROMISED"); #endif diff --git a/components/bootloader_support/src/flash_encrypt.c b/components/bootloader_support/src/flash_encrypt.c index 45f40ba2d4..9b1b1287de 100644 --- a/components/bootloader_support/src/flash_encrypt.c +++ b/components/bootloader_support/src/flash_encrypt.c @@ -82,7 +82,7 @@ esp_flash_enc_mode_t esp_get_flash_encryption_mode(void) bool flash_crypt_cnt_wr_dis = false; #if CONFIG_IDF_TARGET_ESP32 uint8_t dis_dl_enc = 0, dis_dl_dec = 0, dis_dl_cache = 0; -#elif CONFIG_IDF_TARGET_ESP32S2 +#elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3 uint8_t dis_dl_enc = 0; uint8_t dis_dl_icache = 0; uint8_t dis_dl_dcache = 0; @@ -115,7 +115,7 @@ esp_flash_enc_mode_t esp_get_flash_encryption_mode(void) if ( dis_dl_cache && dis_dl_enc && dis_dl_dec ) { mode = ESP_FLASH_ENC_MODE_RELEASE; } -#elif CONFIG_IDF_TARGET_ESP32S2 +#elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3 dis_dl_enc = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT); dis_dl_icache = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE); dis_dl_dcache = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE); @@ -163,11 +163,11 @@ void esp_flash_encryption_set_release_mode(void) esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_CACHE); esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT); esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT); -#elif CONFIG_IDF_TARGET_ESP32S2 +#elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT); esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE); esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE); -#elif CONFIG_IDF_TARGET_ESP32C3 +#elif CONFIG_IDF_TARGET_ESP32C3 || CONFIG_IDF_TARGET_ESP32H2 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT); esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE); #else diff --git a/components/soc/esp32s3/include/soc/hwcrypto_reg.h b/components/soc/esp32s3/include/soc/hwcrypto_reg.h index 064100149a..9e16b742e7 100644 --- a/components/soc/esp32s3/include/soc/hwcrypto_reg.h +++ b/components/soc/esp32s3/include/soc/hwcrypto_reg.h @@ -116,15 +116,16 @@ #define HMAC_ONE_BLOCK_REG ((DR_REG_HMAC_BASE) + 0xF4) /* AES-XTS registers */ -#define AES_XTS_PLAIN_BASE ((DR_REG_AES_BASE) + 0x100) -#define AES_XTS_SIZE_REG ((DR_REG_AES_BASE) + 0x140) -#define AES_XTS_DESTINATION_REG ((DR_REG_AES_BASE) + 0x144) -#define AES_XTS_PHYSICAL_ADDR_REG ((DR_REG_AES_BASE) + 0x148) +#define AES_XTS_PLAIN_BASE ((DR_REG_EXT_MEM_ENC) + 0x00) +#define AES_XTS_SIZE_REG ((DR_REG_EXT_MEM_ENC) + 0x40) +#define AES_XTS_DESTINATION_REG ((DR_REG_EXT_MEM_ENC) + 0x44) +#define AES_XTS_PHYSICAL_ADDR_REG ((DR_REG_EXT_MEM_ENC) + 0x48) -#define AES_XTS_TRIGGER_REG ((DR_REG_AES_BASE) + 0x14C) -#define AES_XTS_RELEASE_REG ((DR_REG_AES_BASE) + 0x150) -#define AES_XTS_DESTROY_REG ((DR_REG_AES_BASE) + 0x154) -#define AES_XTS_STATE_REG ((DR_REG_AES_BASE) + 0x158) +#define AES_XTS_TRIGGER_REG ((DR_REG_EXT_MEM_ENC) + 0x4C) +#define AES_XTS_RELEASE_REG ((DR_REG_EXT_MEM_ENC) + 0x50) +#define AES_XTS_DESTROY_REG ((DR_REG_EXT_MEM_ENC) + 0x54) +#define AES_XTS_STATE_REG ((DR_REG_EXT_MEM_ENC) + 0x58) +#define AES_XTS_DATE_REG ((DR_REG_EXT_MEM_ENC) + 0x5C) /* Digital Signature registers*/ #define DS_C_BASE ((DR_REG_DIGITAL_SIGNATURE_BASE) + 0x000 ) diff --git a/docs/en/security/esp32s3_log.inc b/docs/en/security/esp32s3_log.inc index b72707a27b..5dce4d5b33 100644 --- a/docs/en/security/esp32s3_log.inc +++ b/docs/en/security/esp32s3_log.inc @@ -3,8 +3,63 @@ .. code-block:: none - TODO - + ESP-ROM:esp32s3-20210327 + Build:Mar 27 2021 + rst:0x1 (POWERON),boot:0x8 (SPI_FAST_FLASH_BOOT) + SPIWP:0xee + mode:DIO, clock div:1 + load:0x3fcd0270,len:0x2598 + load:0x403b6000,len:0x878 + load:0x403ba000,len:0x3dd4 + entry 0x403b61c0 + I (27) boot: ESP-IDF v4.4-dev-2003-g72fdecc1b7-dirty 2nd stage bootloader + I (28) boot: compile time 14:15:37 + I (28) boot: chip revision: 0 + I (32) boot.esp32s3: SPI Speed : 80MHz + I (36) boot.esp32s3: SPI Mode : DIO + I (41) boot.esp32s3: SPI Flash Size : 2MB + I (46) boot: Enabling RNG early entropy source... + I (58) boot: Partition Table: + I (62) boot: ## Label Usage Type ST Offset Length + I (69) boot: 0 nvs WiFi data 01 02 0000a000 00006000 + I (76) boot: 1 storage Unknown data 01 ff 00010000 00001000 + I (84) boot: 2 factory factory app 00 00 00020000 00100000 + I (91) boot: 3 nvs_key NVS keys 01 04 00120000 00001000 + I (99) boot: End of partition table + I (103) esp_image: segment 0: paddr=00020020 vaddr=3c020020 size=08118h ( 33048) map + I (117) esp_image: segment 1: paddr=00028140 vaddr=3fc8fa30 size=023f4h ( 9204) load + I (122) esp_image: segment 2: paddr=0002a53c vaddr=40374000 size=05adch ( 23260) load + I (134) esp_image: segment 3: paddr=00030020 vaddr=42000020 size=1a710h (108304) map + I (156) esp_image: segment 4: paddr=0004a738 vaddr=40379adc size=05f48h ( 24392) load + I (162) esp_image: segment 5: paddr=00050688 vaddr=600fe000 size=00010h ( 16) load + I (167) boot: Loaded app from partition at offset 0x20000 + I (168) boot: Checking flash encryption... + I (173) efuse: Batch mode of writing fields is enabled + I (179) flash_encrypt: Generating new flash encryption key... + I (188) efuse: Writing EFUSE_BLK_KEY0 with purpose 4 + W (194) flash_encrypt: Not disabling UART bootloader encryption + I (197) flash_encrypt: Disable UART bootloader cache... + I (203) flash_encrypt: Disable JTAG... + I (212) efuse: Batch mode. Prepared fields are committed + I (214) esp_image: segment 0: paddr=00000020 vaddr=3fcd0270 size=02598h ( 9624) + I (223) esp_image: segment 1: paddr=000025c0 vaddr=403b6000 size=00878h ( 2168) + I (230) esp_image: segment 2: paddr=00002e40 vaddr=403ba000 size=03dd4h ( 15828) + I (534) flash_encrypt: bootloader encrypted successfully + I (578) flash_encrypt: partition table encrypted and loaded successfully + I (578) flash_encrypt: Encrypting partition 1 at offset 0x10000 (length 0x1000)... + I (628) flash_encrypt: Done encrypting + I (629) esp_image: segment 0: paddr=00020020 vaddr=3c020020 size=08118h ( 33048) map + I (636) esp_image: segment 1: paddr=00028140 vaddr=3fc8fa30 size=023f4h ( 9204) + I (640) esp_image: segment 2: paddr=0002a53c vaddr=40374000 size=05adch ( 23260) + I (651) esp_image: segment 3: paddr=00030020 vaddr=42000020 size=1a710h (108304) map + I (675) esp_image: segment 4: paddr=0004a738 vaddr=40379adc size=05f48h ( 24392) + I (679) esp_image: segment 5: paddr=00050688 vaddr=600fe000 size=00010h ( 16) + I (680) flash_encrypt: Encrypting partition 2 at offset 0x20000 (length 0x100000)... + I (11571) flash_encrypt: Done encrypting + I (11571) flash_encrypt: Encrypting partition 3 at offset 0x120000 (length 0x1000)... + I (11617) flash_encrypt: Done encrypting + I (11618) flash_encrypt: Flash encryption completed + I (11623) boot: Resetting with flash encryption enabled... ------ @@ -12,6 +67,67 @@ .. code-block:: none - TODO + ESP-ROM:esp32s3-20210327 + Build:Mar 27 2021 + rst:0x3 (RTC_SW_SYS_RST),boot:0x8 (SPI_FAST_FLASH_BOOT) + Saved PC:0x403bb1d6 + SPIWP:0xee + mode:DIO, clock div:1 + load:0x3fcd0270,len:0x2598 + load:0x403b6000,len:0x878 + load:0x403ba000,len:0x3dd4 + entry 0x403b61c0 + I (35) boot: ESP-IDF v4.4-dev-2003-g72fdecc1b7-dirty 2nd stage bootloader + I (35) boot: compile time 14:15:37 + I (35) boot: chip revision: 0 + I (39) boot.esp32s3: SPI Speed : 80MHz + I (44) boot.esp32s3: SPI Mode : DIO + I (48) boot.esp32s3: SPI Flash Size : 2MB + I (53) boot: Enabling RNG early entropy source... + I (65) boot: Partition Table: + I (69) boot: ## Label Usage Type ST Offset Length + I (76) boot: 0 nvs WiFi data 01 02 0000a000 00006000 + I (84) boot: 1 storage Unknown data 01 ff 00010000 00001000 + I (91) boot: 2 factory factory app 00 00 00020000 00100000 + I (99) boot: 3 nvs_key NVS keys 01 04 00120000 00001000 + I (106) boot: End of partition table + I (110) esp_image: segment 0: paddr=00020020 vaddr=3c020020 size=08118h ( 33048) map + I (126) esp_image: segment 1: paddr=00028140 vaddr=3fc8fa30 size=023f4h ( 9204) load + I (129) esp_image: segment 2: paddr=0002a53c vaddr=40374000 size=05adch ( 23260) load + I (141) esp_image: segment 3: paddr=00030020 vaddr=42000020 size=1a710h (108304) map + I (166) esp_image: segment 4: paddr=0004a738 vaddr=40379adc size=05f48h ( 24392) load + I (172) esp_image: segment 5: paddr=00050688 vaddr=600fe000 size=00010h ( 16) load + I (177) boot: Loaded app from partition at offset 0x20000 + I (178) boot: Checking flash encryption... + I (183) flash_encrypt: flash encryption is enabled (1 plaintext flashes left) + I (190) boot: Disabling RNG early entropy source... + I (214) cpu_start: Pro cpu up. + I (214) cpu_start: Starting app cpu, entry point is 0x40374fa8 + 0x40374fa8: call_start_cpu1 at /home/marius/esp-idf_3/components/esp_system/port/cpu_start.c:160 + + I (0) cpu_start: App cpu up. + I (228) cpu_start: Pro cpu start user code + I (228) cpu_start: cpu freq: 160000000 + I (228) cpu_start: Application information: + I (231) cpu_start: Project name: flash_encryption + I (237) cpu_start: App version: v4.4-dev-2003-g72fdecc1b7-dirty + I (244) cpu_start: Compile time: Jul 12 2021 14:15:34 + I (250) cpu_start: ELF file SHA256: a7e6343c6a1c2215... + I (256) cpu_start: ESP-IDF: v4.4-dev-2003-g72fdecc1b7-dirty + I (263) heap_init: Initializing. RAM available for dynamic allocation: + I (270) heap_init: At 3FC92810 len 0004D7F0 (309 KiB): D/IRAM + I (277) heap_init: At 3FCE0000 len 0000EE34 (59 KiB): STACK/DRAM + I (283) heap_init: At 3FCF0000 len 00008000 (32 KiB): DRAM + I (290) spi_flash: detected chip: generic + I (294) spi_flash: flash io: dio + W (298) spi_flash: Detected size(8192k) larger than the size in the binary image header(2048k). Using the size in the binary image header. + I (311) flash_encrypt: Flash encryption mode is DEVELOPMENT (not secure) + I (318) cpu_start: Starting scheduler on PRO CPU. + I (0) cpu_start: Starting scheduler on APP CPU. + + Example to check Flash Encryption status + This is esp32s3 chip with 2 CPU core(s), WiFi/BLE, silicon revision 0, 2MB external flash + FLASH_CRYPT_CNT eFuse value is 1 + Flash encryption feature is enabled in DEVELOPMENT mode ------ diff --git a/docs/en/security/flash-encryption.rst b/docs/en/security/flash-encryption.rst index fb934d1836..7068aefbe1 100644 --- a/docs/en/security/flash-encryption.rst +++ b/docs/en/security/flash-encryption.rst @@ -232,7 +232,7 @@ To test flash encryption process, take the following steps: - :ref:`Select encryption mode ` (**Development mode** by default) :esp32: - :ref: `Select UART ROM download mode ` (**enabled** by default. Note that for the esp32 target, the choice is only available when :ref:`CONFIG_ESP32_REV_MIN` level is set to 3 (ESP32 V3)). :not esp32: - :ref: `Select UART ROM download mode ` (**enabled** by default.) - :esp32s2: - Set :ref:`Size of generated AES-XTS key ` + :esp32s2 or esp32s3: - Set :ref:`Size of generated AES-XTS key ` - :ref:`Select the appropriate bootloader log verbosity ` - Save the configuration and exit. @@ -706,7 +706,7 @@ Key Points About Flash Encryption :esp32: - The flash encryption algorithm is AES-256, where the key is "tweaked" with the offset address of each 32 byte block of flash. This means that every 32-byte block (two consecutive 16 byte AES blocks) is encrypted with a unique key derived from the flash encryption key. - :esp32s2: - Flash memory contents is encrypted using XTS-AES-128 or XTS-AES-256. The flash encryption key is 256 bits and 512 bits respectively and stored one or two ``BLOCK_KEYN`` eFuses internal to the chip and, by default, is protected from software access. + :esp32s2 or esp32s3: - Flash memory contents is encrypted using XTS-AES-128 or XTS-AES-256. The flash encryption key is 256 bits and 512 bits respectively and stored one or two ``BLOCK_KEYN`` eFuses internal to the chip and, by default, is protected from software access. :esp32c3: - Flash memory contents is encrypted using XTS-AES-128. The flash encryption key is 256 bits and stored one``BLOCK_KEYN`` eFuse internal to the chip and, by default, is protected from software access. @@ -805,10 +805,11 @@ On the first boot, the flash encryption process burns by default the following e .. list:: - ``DIS_DOWNLOAD_MANUAL_ENCRYPT`` which disables flash encryption operation when running in UART bootloader boot mode. - :esp32s2: - ``DIS_DOWNLOAD_ICACHE`` and ``DIS_DOWNLOAD_DCACHE`` which disables the entire MMU flash cache when running in UART bootloader mode. + :esp32s2 or esp32s3: - ``DIS_DOWNLOAD_ICACHE`` and ``DIS_DOWNLOAD_DCACHE`` which disables the entire MMU flash cache when running in UART bootloader mode. :esp32c3: - ``DIS_DOWNLOAD_ICACHE`` which disables the entire MMU flash cache when running in UART bootloader mode. :esp32s2: - ``HARD_DIS_JTAG`` which disables JTAG. :esp32c3: - ``DIS_PAD_JTAG`` and ``DIS_USB_JTAG`` which disables JTAG. + :esp32s3: - ``HARD_DIS_JTAG`` and ``DIS_USB_JTAG`` which disables JTAG. - ``DIS_LEGACY_SPI_BOOT`` which disables Legacy SPI boot mode However, before the first boot you can choose to keep any of these features enabled by burning only selected eFuses and write-protect the rest of eFuses with unset value 0. For example: