Merge branch 'bugfix/doc_package_versions_v3.3' into 'release/v3.3'

doc: Limit sphinxcontrib versions to <2.0.0 as we use Sphinx 1.8.5 (v3.3)

See merge request espressif/esp-idf!6975

.flake8

@@ -0,0 +1,165 @@
+[flake8]
+
+select =
+    # Full lists are given in order to suppress all errors from other plugins
+    # Full list of pyflakes error codes:
+    F401,           # module imported but unused
+    F402,           # import module from line N shadowed by loop variable
+    F403,           # 'from module import *' used; unable to detect undefined names
+    F404,           # future import(s) name after other statements
+    F405,           # name may be undefined, or defined from star imports: module
+    F406,           # 'from module import *' only allowed at module level
+    F407,           # an undefined __future__ feature name was imported
+    F601,           # dictionary key name repeated with different values
+    F602,           # dictionary key variable name repeated with different values
+    F621,           # too many expressions in an assignment with star-unpacking
+    F622,           # two or more starred expressions in an assignment (a, *b, *c = d)
+    F631,           # assertion test is a tuple, which are always True
+    F701,           # a break statement outside of a while or for loop
+    F702,           # a continue statement outside of a while or for loop
+    F703,           # a continue statement in a finally block in a loop
+    F704,           # a yield or yield from statement outside of a function
+    F705,           # a return statement with arguments inside a generator
+    F706,           # a return statement outside of a function/method
+    F707,           # an except: block as not the last exception handler
+    F721, F722,     #    doctest syntax error syntax error in forward type annotation
+    F811,           # redefinition of unused name from line N
+    F812,           # list comprehension redefines name from line N
+    F821,           # undefined name name
+    F822,           # undefined name name in __all__
+    F823,           # local variable name referenced before assignment
+    F831,           # duplicate argument name in function definition
+    F841,           # local variable name is assigned to but never used
+    F901,           # raise NotImplemented should be raise NotImplementedError
+
+    # Full list of pycodestyle violations:
+    E101,           # indentation contains mixed spaces and tabs
+    E111,           # indentation is not a multiple of four
+    E112,           # expected an indented block
+    E113,           # unexpected indentation
+    E114,           # indentation is not a multiple of four (comment)
+    E115,           # expected an indented block (comment)
+    E116,           # unexpected indentation (comment)
+    E121,           # continuation line under-indented for hanging indent
+    E122,           # continuation line missing indentation or outdented
+    E123,           # closing bracket does not match indentation of opening bracket's line
+    E124,           # closing bracket does not match visual indentation
+    E125,           # continuation line with same indent as next logical line
+    E126,           # continuation line over-indented for hanging indent
+    E127,           # continuation line over-indented for visual indent
+    E128,           # continuation line under-indented for visual indent
+    E129,           # visually indented line with same indent as next logical line
+    E131,           # continuation line unaligned for hanging indent
+    E133,           # closing bracket is missing indentation
+    E201,           # whitespace after '('
+    E202,           # whitespace before ')'
+    E203,           # whitespace before ':'
+    E211,           # whitespace before '('
+    E221,           # multiple spaces before operator
+    E222,           # multiple spaces after operator
+    E223,           # tab before operator
+    E224,           # tab after operator
+    E225,           # missing whitespace around operator
+    E226,           # missing whitespace around arithmetic operator
+    E227,           # missing whitespace around bitwise or shift operator
+    E228,           # missing whitespace around modulo operator
+    E231,           # missing whitespace after ',', ';', or ':'
+    E241,           # multiple spaces after ','
+    E242,           # tab after ','
+    E251,           # unexpected spaces around keyword / parameter equals
+    E261,           # at least two spaces before inline comment
+    E262,           # inline comment should start with '# '
+    E265,           # block comment should start with '# '
+    E266,           # too many leading '#' for block comment
+    E271,           # multiple spaces after keyword
+    E272,           # multiple spaces before keyword
+    E273,           # tab after keyword
+    E274,           # tab before keyword
+    E275,           # missing whitespace after keyword
+    E301,           # expected 1 blank line, found 0
+    E302,           # expected 2 blank lines, found 0
+    E303,           # too many blank lines
+    E304,           # blank lines found after function decorator
+    E305,           # expected 2 blank lines after end of function or class
+    E306,           # expected 1 blank line before a nested definition
+    E401,           # multiple imports on one line
+    E402,           # module level import not at top of file
+    E501,           # line too long (82 > 79 characters)
+    E502,           # the backslash is redundant between brackets
+    E701,           # multiple statements on one line (colon)
+    E702,           # multiple statements on one line (semicolon)
+    E703,           # statement ends with a semicolon
+    E704,           # multiple statements on one line (def)
+    E711,           # comparison to None should be 'if cond is None:'
+    E712,           # comparison to True should be 'if cond is True:' or 'if cond:'
+    E713,           # test for membership should be 'not in'
+    E714,           # test for object identity should be 'is not'
+    E721,           # do not compare types, use 'isinstance()'
+    E722,           # do not use bare except, specify exception instead
+    E731,           # do not assign a lambda expression, use a def
+    E741,           # do not use variables named 'l', 'O', or 'I'
+    E742,           # do not define classes named 'l', 'O', or 'I'
+    E743,           # do not define functions named 'l', 'O', or 'I'
+    E901,           # SyntaxError or IndentationError
+    E902,           # IOError
+    W191,           # indentation contains tabs
+    W291,           # trailing whitespace
+    W292,           # no newline at end of file
+    W293,           # blank line contains whitespace
+    W391,           # blank line at end of file
+    W503,           # line break before binary operator
+    W504,           # line break after binary operator
+    W505,           # doc line too long (82 > 79 characters)
+    W601,           # .has_key() is deprecated, use 'in'
+    W602,           # deprecated form of raising exception
+    W603,           # '<>' is deprecated, use '!='
+    W604,           # backticks are deprecated, use 'repr()'
+    W605,           # invalid escape sequence 'x'
+    W606,           # 'async' and 'await' are reserved keywords starting with Python 3.7
+
+    # Full list of flake8 violations
+    E999,           # failed to compile a file into an Abstract Syntax Tree for the plugins that require it
+
+    # Full list of mccabe violations
+    C901            # complexity value provided by the user
+
+ignore =
+    E221,           # multiple spaces before operator
+    E231,           # missing whitespace after ',', ';', or ':'
+    E241,           # multiple spaces after ','
+    W503,           # line break before binary operator
+    W504            # line break after binary operator
+
+max-line-length = 160
+
+show_source = True
+
+statistics = True
+
+exclude =
+    .git,
+    __pycache__,
+    # submodules
+        components/esptool_py/esptool,
+        components/micro-ecc/micro-ecc,
+        components/nghttp/nghttp2,
+        components/libsodium/libsodium,
+        components/json/cJSON,
+        components/mbedtls/mbedtls,
+        components/expat/expat,
+        components/unity/unity,
+        examples/build_system/cmake/import_lib/main/lib/tinyxml2
+    # other third-party libraries
+        tools/kconfig_new/kconfiglib.py,
+    # autogenerated scripts
+        components/protocomm/python/constants_pb2.py,
+        components/protocomm/python/sec0_pb2.py,
+        components/protocomm/python/sec1_pb2.py,
+        components/protocomm/python/session_pb2.py,
+        components/wifi_provisioning/python/wifi_scan_pb2.py,
+        components/wifi_provisioning/python/wifi_config_pb2.py,
+        components/wifi_provisioning/python/wifi_constants_pb2.py,
+        examples/provisioning/custom_config/components/custom_provisioning/python/custom_config_pb2.py,
+    # temporary list (should be empty)
+        tools/esp_app_trace/pylibelf,
+        tools/mass_mfg/mfg_gen.py,

.github/main.workflow

@@ -0,0 +1,17 @@
+workflow "Sync issues to JIRA" {
+  on = "issues"
+  resolves = ["Sync to JIRA"]
+}
+
+workflow "Sync issue comments to JIRA" {
+  on = "issue_comment"
+  resolves = ["Sync to JIRA"]
+}
+
+action "Sync to JIRA" {
+  uses = "espressif/github-actions/sync_issues_to_jira@master"
+  secrets = ["GITHUB_TOKEN", "JIRA_URL", "JIRA_USER", "JIRA_PASS"]
+  env = {
+    JIRA_PROJECT = "IDFGH"
+  }
+}

.gitignore

@@ -68,3 +68,9 @@ test_multi_heap_host
 
 # VS Code Settings
 .vscode/
+
+# Results for the checking of the Python coding style
+flake8_output.txt
+
+# ESP-IDF library 
+build

.gitmodules

@@ -61,3 +61,15 @@
 [submodule "components/protobuf-c/protobuf-c"]
 	path = components/protobuf-c/protobuf-c
 	url = https://github.com/protobuf-c/protobuf-c
+
+[submodule "components/unity/unity"]
+	path = components/unity/unity
+	url = https://github.com/ThrowTheSwitch/Unity
+
+[submodule "examples/build_system/cmake/import_lib/main/lib/tinyxml2"]
+	path = examples/build_system/cmake/import_lib/main/lib/tinyxml2
+	url = https://github.com/leethomason/tinyxml2
+
+[submodule "components/nimble/nimble"]
+	path = components/nimble/nimble
+	url = https://github.com/espressif/esp-nimble.git

.readthedocs.yml

@@ -0,0 +1,21 @@
+# .readthedocs.yml
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+# Optionally build your docs in additional formats such as PDF and ePub
+formats:
+  - pdf
+
+# Optionally set the version of Python and requirements required to build your docs
+python:
+  version: 2.7
+  install:
+    - requirements: docs/requirements.txt
+
+# We need to list all the submodules included in documentation build by Doxygen
+submodules: 
+  include:
+    - components/mqtt/esp-mqtt

.travis.yml

@@ -0,0 +1,7 @@
+language: python
+sudo: false
+python:
+  - "3.4"
+script:
+  - pip install flake8
+  - travis_wait 20 python -m flake8 --config=.flake8 .

CMakeLists.txt

@@ -0,0 +1,45 @@
+cmake_minimum_required(VERSION 3.5)
+project(esp-idf C CXX ASM)
+
+#
+# Add each component to the build as a library
+#
+foreach(COMPONENT_PATH ${BUILD_COMPONENT_PATHS})
+    get_filename_component(COMPONENT_NAME ${COMPONENT_PATH} NAME)
+
+    list(FIND BUILD_TEST_COMPONENT_PATHS ${COMPONENT_PATH} idx)
+
+    if(NOT idx EQUAL -1)
+        list(GET BUILD_TEST_COMPONENTS ${idx} test_component)
+        set(COMPONENT_NAME ${test_component})
+    endif()
+
+    component_get_target(COMPONENT_TARGET ${COMPONENT_NAME})
+
+    add_subdirectory(${COMPONENT_PATH} ${COMPONENT_NAME})
+endforeach()
+unset(COMPONENT_NAME)
+unset(COMPONENT_PATH)
+
+# each component should see the include directories of its requirements
+#
+# (we can't do this until all components are registered and targets exist in cmake, as we have
+# a circular requirements graph...)
+foreach(component ${BUILD_COMPONENTS})
+    component_get_target(component_target ${component})
+    if(TARGET ${component_target})
+        get_component_requirements(${component} deps priv_deps)
+
+        list(APPEND priv_deps ${IDF_COMPONENT_REQUIRES_COMMON})
+
+        foreach(dep ${deps})
+            component_get_target(dep_target ${dep})
+            add_component_dependencies(${component_target} ${dep_target} PUBLIC)
+        endforeach()
+
+        foreach(dep ${priv_deps})
+            component_get_target(dep_target ${dep})
+            add_component_dependencies(${component_target} ${dep_target} PRIVATE)
+        endforeach()
+    endif()
+endforeach()

CONTRIBUTING.rst

@@ -53,6 +53,7 @@ Related Documents
 
     style-guide
     documenting-code
+    add-ons-reference
     creating-examples
     ../api-reference/template
     contributor-agreement

Kconfig

@@ -4,187 +4,208 @@
 #
 mainmenu "Espressif IoT Development Framework Configuration"
 
-config IDF_CMAKE
-    bool
-    option env="IDF_CMAKE"
-
-menu "SDK tool configuration"
-config TOOLPREFIX
-    string "Compiler toolchain path/prefix"
-    default "xtensa-esp32-elf-"
-    help
-        The prefix/path that is used to call the toolchain. The default setting assumes
-        a crosstool-ng gcc setup that is in your PATH.
-
-config PYTHON
-    string "Python 2 interpreter"
-    depends on !IDF_CMAKE
-    default "python"
-    help
-        The executable name/path that is used to run python. On some systems Python 2.x
-        may need to be invoked as python2.
-
-        (Note: This option is used with the GNU Make build system only, not idf.py
-        or CMake-based builds.)
-
-config MAKE_WARN_UNDEFINED_VARIABLES
-    bool "'make' warns on undefined variables"
-    default "y"
-    help
-        Adds --warn-undefined-variables to MAKEFLAGS. This causes make to
-        print a warning any time an undefined variable is referenced.
-
-        This option helps find places where a variable reference is misspelled
-        or otherwise missing, but it can be unwanted if you have Makefiles which
-        depend on undefined variables expanding to an empty string.
-
-endmenu  # SDK tool configuration
-
-source "$COMPONENT_KCONFIGS_PROJBUILD"
-
-menu "Compiler options"
-
-choice OPTIMIZATION_COMPILER
-    prompt "Optimization Level"
-    default OPTIMIZATION_LEVEL_DEBUG
-    help
-        This option sets compiler optimization level (gcc -O argument).
-
-        - for "Release" setting, -Os flag is added to CFLAGS.
-        - for "Debug" setting, -Og flag is added to CFLAGS.
-
-        "Release" with -Os produces smaller & faster compiled code but it
-        may be harder to correlated code addresses to source files when debugging.
-
-        To add custom optimization settings, set CFLAGS and/or CPPFLAGS
-        in project makefile, before including $(IDF_PATH)/make/project.mk. Note that
-        custom optimization levels may be unsupported.
-
-config OPTIMIZATION_LEVEL_DEBUG
-    bool "Debug (-Og)"
-config OPTIMIZATION_LEVEL_RELEASE
-    bool "Release (-Os)"
-endchoice
-
-choice OPTIMIZATION_ASSERTION_LEVEL
-    prompt "Assertion level"
-    default OPTIMIZATION_ASSERTIONS_ENABLED
-    help
-        Assertions can be:
-
-        - Enabled. Failure will print verbose assertion details. This is the default.
-
-        - Set to "silent" to save code size (failed assertions will abort() but user
-          needs to use the aborting address to find the line number with the failed assertion.)
-
-        - Disabled entirely (not recommended for most configurations.) -DNDEBUG is added
-          to CPPFLAGS in this case.
-
-config OPTIMIZATION_ASSERTIONS_ENABLED
-    prompt "Enabled"
-    bool
-    help
-        Enable assertions. Assertion content and line number will be printed on failure.
-
-config OPTIMIZATION_ASSERTIONS_SILENT
-    prompt "Silent (saves code size)"
-    bool
-    help
-        Enable silent assertions. Failed assertions will abort(), user needs to
-        use the aborting address to find the line number with the failed assertion.
-
-config OPTIMIZATION_ASSERTIONS_DISABLED
-    prompt "Disabled (sets -DNDEBUG)"
-    bool
-    help
-        If assertions are disabled, -DNDEBUG is added to CPPFLAGS.
-
-endchoice # assertions
-
-menuconfig CXX_EXCEPTIONS
-   bool "Enable C++ exceptions"
-   default n
-   help
-       Enabling this option compiles all IDF C++ files with exception support enabled.
-
-       Disabling this option disables C++ exception support in all compiled files, and any libstdc++ code which throws
-       an exception will abort instead.
-
-       Enabling this option currently adds an additional ~500 bytes of heap overhead
-       when an exception is thrown in user code for the first time.
-
-config CXX_EXCEPTIONS_EMG_POOL_SIZE
-    int "Emergency Pool Size"
-    default 0
-    depends on CXX_EXCEPTIONS
-    help
-       Size (in bytes) of the emergency memory pool for C++ exceptions. This pool will be used to allocate
-       memory for thrown exceptions when there is not enough memory on the heap.
-
-choice STACK_CHECK_MODE
-    prompt "Stack smashing protection mode"
-    default STACK_CHECK_NONE
-    help
-        Stack smashing protection mode. Emit extra code to check for buffer overflows, such as stack
-        smashing attacks. This is done by adding a guard variable to functions with vulnerable objects.
-        The guards are initialized when a function is entered and then checked when the function exits.
-        If a guard check fails, program is halted. Protection has the following modes:
-
-        - In NORMAL mode (GCC flag: -fstack-protector) only functions that call alloca,
-          and functions with buffers larger than 8 bytes are protected.
-        
-        - STRONG mode (GCC flag: -fstack-protector-strong) is like NORMAL, but includes
-          additional functions to be protected -- those that have local array definitions,
-          or have references to local frame addresses.
-        
-        - In OVERALL mode (GCC flag: -fstack-protector-all) all functions are protected.
-
-        Modes have the following impact on code performance and coverage:
-
-        - performance: NORMAL > STRONG > OVERALL
-        
-        - coverage: NORMAL < STRONG < OVERALL
+    config IDF_CMAKE
+        bool
+        option env="IDF_CMAKE"
 
 
-config STACK_CHECK_NONE
-    bool "None"
-config STACK_CHECK_NORM
-    bool "Normal"
-config STACK_CHECK_STRONG
-    bool "Strong"
-config STACK_CHECK_ALL
-    bool "Overall"
-endchoice
+    config IDF_TARGET_ENV
+        # A proxy to get environment variable $IDF_TARGET
+        string
+        option env="IDF_TARGET"
 
-config STACK_CHECK
-    bool
-    default !STACK_CHECK_NONE
-    help
-        Stack smashing protection.
+    config IDF_TARGET
+        # This option records the IDF target when sdkconfig is generated the first time.
+        # It is not updated if environment variable $IDF_TARGET changes later, and
+        # the build system is responsible for detecting the mismatch between
+        # CONFIG_IDF_TARGET and $IDF_TARGET.
+        string
+        default "IDF_TARGET_NOT_SET" if IDF_TARGET_ENV=""
+        default IDF_TARGET_ENV
 
-config WARN_WRITE_STRINGS
-    bool "Enable -Wwrite-strings warning flag"
-    default "n"
-    help
-        Adds -Wwrite-strings flag for the C/C++ compilers.
+    config IDF_FIRMWARE_CHIP_ID
+        hex
+        default 0x0000 if IDF_TARGET="esp32"
+        default 0xFFFF
 
-        For C, this gives string constants the type ``const char[]`` so that
-        copying the address of one into a non-const ``char *`` pointer
-        produces a warning. This warning helps to find at compile time code
-        that tries to write into a string constant.
+    menu "SDK tool configuration"
+        config TOOLPREFIX
+            string "Compiler toolchain path/prefix"
+            default "xtensa-esp32-elf-"
+            help
+                The prefix/path that is used to call the toolchain. The default setting assumes
+                a crosstool-ng gcc setup that is in your PATH.
 
-        For C++, this warns about the deprecated conversion from string
-        literals to ``char *``.
+        config PYTHON
+            string "Python 2 interpreter"
+            depends on !IDF_CMAKE
+            default "python"
+            help
+                The executable name/path that is used to run python. On some systems Python 2.x
+                may need to be invoked as python2.
 
-config DISABLE_GCC8_WARNINGS
-    bool "Disable new warnings introduced in GCC 6 - 8"
-    default "n"
-    help
-        Enable this option if using GCC 6 or newer, and wanting to disable warnings which don't appear with GCC 5.
+                (Note: This option is used with the GNU Make build system only, not idf.py
+                or CMake-based builds.)
+
+        config MAKE_WARN_UNDEFINED_VARIABLES
+            bool "'make' warns on undefined variables"
+            default "y"
+            help
+                Adds --warn-undefined-variables to MAKEFLAGS. This causes make to
+                print a warning any time an undefined variable is referenced.
+
+                This option helps find places where a variable reference is misspelled
+                or otherwise missing, but it can be unwanted if you have Makefiles which
+                depend on undefined variables expanding to an empty string.
+
+    endmenu  # SDK tool configuration
+
+    source "$COMPONENT_KCONFIGS_PROJBUILD"
+
+    menu "Compiler options"
+
+        choice OPTIMIZATION_COMPILER
+            prompt "Optimization Level"
+            default OPTIMIZATION_LEVEL_DEBUG
+            help
+                This option sets compiler optimization level (gcc -O argument).
+
+                - for "Release" setting, -Os flag is added to CFLAGS.
+                - for "Debug" setting, -Og flag is added to CFLAGS.
+
+                "Release" with -Os produces smaller & faster compiled code but it
+                may be harder to correlated code addresses to source files when debugging.
+
+                To add custom optimization settings, set CFLAGS and/or CPPFLAGS
+                in project makefile, before including $(IDF_PATH)/make/project.mk. Note that
+                custom optimization levels may be unsupported.
+
+            config OPTIMIZATION_LEVEL_DEBUG
+                bool "Debug (-Og)"
+            config OPTIMIZATION_LEVEL_RELEASE
+                bool "Release (-Os)"
+        endchoice
+
+        choice OPTIMIZATION_ASSERTION_LEVEL
+            prompt "Assertion level"
+            default OPTIMIZATION_ASSERTIONS_ENABLED
+            help
+                Assertions can be:
+
+                - Enabled. Failure will print verbose assertion details. This is the default.
+
+                - Set to "silent" to save code size (failed assertions will abort() but user
+                  needs to use the aborting address to find the line number with the failed assertion.)
+
+                - Disabled entirely (not recommended for most configurations.) -DNDEBUG is added
+                  to CPPFLAGS in this case.
+
+            config OPTIMIZATION_ASSERTIONS_ENABLED
+                prompt "Enabled"
+                bool
+                help
+                    Enable assertions. Assertion content and line number will be printed on failure.
+
+            config OPTIMIZATION_ASSERTIONS_SILENT
+                prompt "Silent (saves code size)"
+                bool
+                help
+                    Enable silent assertions. Failed assertions will abort(), user needs to
+                    use the aborting address to find the line number with the failed assertion.
+
+            config OPTIMIZATION_ASSERTIONS_DISABLED
+                prompt "Disabled (sets -DNDEBUG)"
+                bool
+                help
+                    If assertions are disabled, -DNDEBUG is added to CPPFLAGS.
+
+        endchoice # assertions
+
+        menuconfig CXX_EXCEPTIONS
+            bool "Enable C++ exceptions"
+            default n
+            help
+                Enabling this option compiles all IDF C++ files with exception support enabled.
+
+                Disabling this option disables C++ exception support in all compiled files, and any libstdc++ code
+                which throws an exception will abort instead.
+
+                Enabling this option currently adds an additional ~500 bytes of heap overhead
+                when an exception is thrown in user code for the first time.
+
+        config CXX_EXCEPTIONS_EMG_POOL_SIZE
+            int "Emergency Pool Size"
+            default 0
+            depends on CXX_EXCEPTIONS
+            help
+                Size (in bytes) of the emergency memory pool for C++ exceptions. This pool will be used to allocate
+                memory for thrown exceptions when there is not enough memory on the heap.
+
+        choice STACK_CHECK_MODE
+            prompt "Stack smashing protection mode"
+            default STACK_CHECK_NONE
+            help
+                Stack smashing protection mode. Emit extra code to check for buffer overflows, such as stack
+                smashing attacks. This is done by adding a guard variable to functions with vulnerable objects.
+                The guards are initialized when a function is entered and then checked when the function exits.
+                If a guard check fails, program is halted. Protection has the following modes:
+
+                - In NORMAL mode (GCC flag: -fstack-protector) only functions that call alloca, and functions with
+                  buffers larger than 8 bytes are protected.
+
+                - STRONG mode (GCC flag: -fstack-protector-strong) is like NORMAL, but includes additional functions
+                  to be protected -- those that have local array definitions, or have references to local frame
+                  addresses.
+
+                - In OVERALL mode (GCC flag: -fstack-protector-all) all functions are protected.
+
+                Modes have the following impact on code performance and coverage:
+
+                - performance: NORMAL > STRONG > OVERALL
+
+                - coverage: NORMAL < STRONG < OVERALL
 
 
-endmenu # Compiler Options
+            config STACK_CHECK_NONE
+                bool "None"
+            config STACK_CHECK_NORM
+                bool "Normal"
+            config STACK_CHECK_STRONG
+                bool "Strong"
+            config STACK_CHECK_ALL
+                bool "Overall"
+        endchoice
 
-menu "Component config"
-source "$COMPONENT_KCONFIGS"
-endmenu
+        config STACK_CHECK
+            bool
+            default !STACK_CHECK_NONE
+            help
+                Stack smashing protection.
+
+        config WARN_WRITE_STRINGS
+            bool "Enable -Wwrite-strings warning flag"
+            default "n"
+            help
+                Adds -Wwrite-strings flag for the C/C++ compilers.
+
+                For C, this gives string constants the type ``const char[]`` so that
+                copying the address of one into a non-const ``char *`` pointer
+                produces a warning. This warning helps to find at compile time code
+                that tries to write into a string constant.
+
+                For C++, this warns about the deprecated conversion from string
+                literals to ``char *``.
+
+        config DISABLE_GCC8_WARNINGS
+            bool "Disable new warnings introduced in GCC 6 - 8"
+            default "n"
+            help
+                Enable this option if using GCC 6 or newer, and wanting to disable warnings which don't appear with
+                GCC 5.
+
+
+    endmenu # Compiler Options
+
+    menu "Component config"
+        source "$COMPONENT_KCONFIGS"
+    endmenu

SUPPORT_POLICY.md

@@ -0,0 +1,66 @@
+The latest support policy for ESP-IDF can be found at [https://github.com/espressif/esp-idf/blob/master/SUPPORT_POLICY.md](https://github.com/espressif/esp-idf/blob/master/SUPPORT_POLICY.md)
+
+Support Period Policy
+=====================
+
+Each ESP-IDF major and minor release (V4.0, V4.1, etc) is supported for
+18 months after the initial stable release date.
+
+Supported means that the ESP-IDF team will continue to apply bug fixes,
+security fixes, etc to the release branch on GitHub, and periodically
+make new bugfix releases as needed.
+
+Users are encouraged to upgrade to a newer ESP-IDF release before the
+support period finishes and the release becomes End of Life (EOL). It is
+our policy to not continue fixing bugs in End of Life releases.
+
+Pre-release versions (betas, previews, `-rc` and `-dev` versions, etc)
+are not covered by any support period. Sometimes a particular feature is
+marked as \"Preview\" in a release, which means it is also not covered
+by the support period.
+
+The ESP-IDF Programming Guide has information about the
+[different versions of ESP-IDF](https://docs.espressif.com/projects/esp-idf/en/latest/versions.html)
+(major, minor, bugfix, etc).
+
+Long Term Support releases
+--------------------------
+
+Some releases (starting with ESP-IDF V3.3) are designated Long Term
+Support (LTS). LTS releases are supported for 30 months (2.5 years)
+after the initial stable release date.
+
+A new LTS release will be made at least every 18 months. This means
+there will always be a period of at least 12 months to upgrade from the
+previous LTS release to the following LTS release.
+
+Example
+-------
+
+ESP-IDF V3.3 was released in September 2019 and is a Long Term Support
+(LTS) release, meaning it will be supported for 30 months until February
+2022.
+
+- The first V3.3 release was `v3.3` in September 2019.
+- The ESP-IDF team continues to backport bug fixes, security fixes,
+  etc to the release branch `release/v3.3`.
+- Periodically stable bugfix releases are created from the release
+  branch. For example `v3.3.1`, `v3.3.2`, etc. Users are encouraged to
+  always update to the latest bugfix release.
+- V3.3 bugfix releases continue until February 2022, when all V3.3.x
+  releases become End of Life.
+
+Existing Releases
+-----------------
+
+ESP-IDF release V3.3 and all newer releases will follow this support
+period policy.  The support period for each release will be announced
+when the release is made.
+
+For releases made before the support period policy was announced,
+the following support periods apply:
+
+- ESP-IDF V3.1.x and V3.2.x will both be supported until October 2020.
+- ESP-IDF V3.0.9 (planned for October 2019) will be the last V3.0
+  bugfix release. ESP-IDF V3.0.x is End of Life from October 2019.
+- ESP-IDF versions before V3.0 are already End of Life.

add_path.sh

@@ -9,6 +9,7 @@
 if [ -z ${IDF_PATH} ]; then
 	echo "IDF_PATH must be set before including this script."
 else
+	IDF_ADD_PATHS_EXTRAS=
 	IDF_ADD_PATHS_EXTRAS="${IDF_ADD_PATHS_EXTRAS}:${IDF_PATH}/components/esptool_py/esptool"
 	IDF_ADD_PATHS_EXTRAS="${IDF_ADD_PATHS_EXTRAS}:${IDF_PATH}/components/espcoredump"
 	IDF_ADD_PATHS_EXTRAS="${IDF_ADD_PATHS_EXTRAS}:${IDF_PATH}/components/partition_table/"

components/app_trace/CMakeLists.txt

@@ -18,6 +18,7 @@ endif()
 
 set(COMPONENT_REQUIRES)
 set(COMPONENT_PRIV_REQUIRES xtensa-debug-module)
+set(COMPONENT_ADD_LDFRAGMENTS linker.lf)
 
 register_component()
 
@@ -25,4 +26,4 @@ register_component()
 # for gcov
 component_compile_options("-fno-profile-arcs" "-fno-test-coverage")
 
-target_link_libraries(app_trace gcov)
+target_link_libraries(${COMPONENT_TARGET} gcov)

components/app_trace/Kconfig

@@ -1,202 +1,210 @@
 menu "Application Level Tracing"
 
-choice ESP32_APPTRACE_DESTINATION
-    prompt "Data Destination"
-    default ESP32_APPTRACE_DEST_NONE
-    help
-        Select destination for application trace: trace memory or none (to disable).
+    choice ESP32_APPTRACE_DESTINATION
+        prompt "Data Destination"
+        default ESP32_APPTRACE_DEST_NONE
+        help
+            Select destination for application trace: trace memory or none (to disable).
 
-config ESP32_APPTRACE_DEST_TRAX
-    bool "Trace memory"
-    select ESP32_APPTRACE_ENABLE
-config ESP32_APPTRACE_DEST_NONE
-    bool "None"
-endchoice
+        config ESP32_APPTRACE_DEST_TRAX
+            bool "Trace memory"
+            select ESP32_APPTRACE_ENABLE
+        config ESP32_APPTRACE_DEST_NONE
+            bool "None"
+    endchoice
 
-config ESP32_APPTRACE_ENABLE
-    bool
-    depends on !ESP32_TRAX
-    select MEMMAP_TRACEMEM
-    select MEMMAP_TRACEMEM_TWOBANKS
-    default n
-    help
-        Enables/disable application tracing module.
+    config ESP32_APPTRACE_ENABLE
+        bool
+        depends on !ESP32_TRAX
+        select MEMMAP_TRACEMEM
+        select MEMMAP_TRACEMEM_TWOBANKS
+        default n
+        help
+            Enables/disable application tracing module.
 
-config ESP32_APPTRACE_LOCK_ENABLE
-    bool
-    default !SYSVIEW_ENABLE
-    help
-        Enables/disable application tracing module internal sync lock.
+    config ESP32_APPTRACE_LOCK_ENABLE
+        bool
+        default !SYSVIEW_ENABLE
+        help
+            Enables/disable application tracing module internal sync lock.
 
-config ESP32_APPTRACE_ONPANIC_HOST_FLUSH_TMO
-    int "Timeout for flushing last trace data to host on panic"
-    depends on ESP32_APPTRACE_ENABLE
-    range -1 5000
-    default -1
-    help
-        Timeout for flushing last trace data to host in case of panic. In ms.
-        Use -1 to disable timeout and wait forever.
+    config ESP32_APPTRACE_ONPANIC_HOST_FLUSH_TMO
+        int "Timeout for flushing last trace data to host on panic"
+        depends on ESP32_APPTRACE_ENABLE
+        range -1 5000
+        default -1
+        help
+            Timeout for flushing last trace data to host in case of panic. In ms.
+            Use -1 to disable timeout and wait forever.
 
-config ESP32_APPTRACE_POSTMORTEM_FLUSH_TRAX_THRESH
-    int "Threshold for flushing last trace data to host on panic"
-    depends on ESP32_APPTRACE_DEST_TRAX
-    range 0 16384
-    default 0
-    help
-        Threshold for flushing last trace data to host on panic in post-mortem mode.
-        This is minimal amount of data needed to perform flush. In bytes.
+    config ESP32_APPTRACE_POSTMORTEM_FLUSH_TRAX_THRESH
+        int "Threshold for flushing last trace data to host on panic"
+        depends on ESP32_APPTRACE_DEST_TRAX
+        range 0 16384
+        default 0
+        help
+            Threshold for flushing last trace data to host on panic in post-mortem mode.
+            This is minimal amount of data needed to perform flush. In bytes.
 
-config ESP32_APPTRACE_PENDING_DATA_SIZE_MAX
-    int "Size of the pending data buffer"
-    depends on ESP32_APPTRACE_DEST_TRAX
-    default 0
-    help
-        Size of the buffer for events in bytes. It is useful for buffering events from
-        the time critical code (scheduler, ISRs etc). If this parameter is 0 then
-        events will be discarded when main HW buffer is full.
+    config ESP32_APPTRACE_PENDING_DATA_SIZE_MAX
+        int "Size of the pending data buffer"
+        depends on ESP32_APPTRACE_DEST_TRAX
+        default 0
+        help
+            Size of the buffer for events in bytes. It is useful for buffering events from
+            the time critical code (scheduler, ISRs etc). If this parameter is 0 then
+            events will be discarded when main HW buffer is full.
 
-menu "FreeRTOS SystemView Tracing"
-    depends on ESP32_APPTRACE_ENABLE
-config SYSVIEW_ENABLE
-    bool "SystemView Tracing Enable"
-    depends on ESP32_APPTRACE_ENABLE
-    default n
-    help
-        Enables supporrt for SEGGER SystemView tracing functionality.
+    menu "FreeRTOS SystemView Tracing"
+        depends on ESP32_APPTRACE_ENABLE
+        config SYSVIEW_ENABLE
+            bool "SystemView Tracing Enable"
+            depends on ESP32_APPTRACE_ENABLE
+            default n
+            help
+                Enables supporrt for SEGGER SystemView tracing functionality.
 
-choice SYSVIEW_TS_SOURCE
-    prompt "Timer to use as timestamp source"
-    depends on SYSVIEW_ENABLE
-    default SYSVIEW_TS_SOURCE_CCOUNT if FREERTOS_UNICORE && !PM_ENABLE
-    default SYSVIEW_TS_SOURCE_TIMER_00 if !FREERTOS_UNICORE && !PM_ENABLE
-    default SYSVIEW_TS_SOURCE_ESP_TIMER if PM_ENABLE
-    help
-        SystemView needs to use a hardware timer as the source of timestamps
-        when tracing. This option selects the timer for it.
+        choice SYSVIEW_TS_SOURCE
+            prompt "Timer to use as timestamp source"
+            depends on SYSVIEW_ENABLE
+            default SYSVIEW_TS_SOURCE_CCOUNT if FREERTOS_UNICORE && !PM_ENABLE
+            default SYSVIEW_TS_SOURCE_TIMER_00 if !FREERTOS_UNICORE && !PM_ENABLE
+            default SYSVIEW_TS_SOURCE_ESP_TIMER if PM_ENABLE
+            help
+                SystemView needs to use a hardware timer as the source of timestamps
+                when tracing. This option selects the timer for it.
 
-config SYSVIEW_TS_SOURCE_CCOUNT
-	bool "CPU cycle counter (CCOUNT)"
-	depends on FREERTOS_UNICORE && !PM_ENABLE
+            config SYSVIEW_TS_SOURCE_CCOUNT
+                bool "CPU cycle counter (CCOUNT)"
+                depends on FREERTOS_UNICORE && !PM_ENABLE
 
-config SYSVIEW_TS_SOURCE_TIMER_00
-    bool "Timer 0, Group 0"
-    depends on !PM_ENABLE
+            config SYSVIEW_TS_SOURCE_TIMER_00
+                bool "Timer 0, Group 0"
+                depends on !PM_ENABLE
 
-config SYSVIEW_TS_SOURCE_TIMER_01
-    bool "Timer 1, Group 0"
-    depends on !PM_ENABLE
+            config SYSVIEW_TS_SOURCE_TIMER_01
+                bool "Timer 1, Group 0"
+                depends on !PM_ENABLE
 
-config SYSVIEW_TS_SOURCE_TIMER_10
-    bool "Timer 0, Group 1"
-    depends on !PM_ENABLE
+            config SYSVIEW_TS_SOURCE_TIMER_10
+                bool "Timer 0, Group 1"
+                depends on !PM_ENABLE
 
-config SYSVIEW_TS_SOURCE_TIMER_11
-    bool "Timer 1, Group 1"
-    depends on !PM_ENABLE
+            config SYSVIEW_TS_SOURCE_TIMER_11
+                bool "Timer 1, Group 1"
+                depends on !PM_ENABLE
 
-config SYSVIEW_TS_SOURCE_ESP_TIMER
-	bool "esp_timer high resolution timer"
+            config SYSVIEW_TS_SOURCE_ESP_TIMER
+                bool "esp_timer high resolution timer"
 
-endchoice
+        endchoice
 
-config SYSVIEW_EVT_OVERFLOW_ENABLE
-    bool "Trace Buffer Overflow Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "Trace Buffer Overflow" event.
+        config SYSVIEW_MAX_TASKS
+            int "Maximum supported tasks"
+            depends on SYSVIEW_ENABLE
+            range 1 64
+            default 16
+            help
+                Configures maximum supported tasks in sysview debug
 
-config SYSVIEW_EVT_ISR_ENTER_ENABLE
-    bool "ISR Enter Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "ISR Enter" event.
+        config SYSVIEW_EVT_OVERFLOW_ENABLE
+            bool "Trace Buffer Overflow Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "Trace Buffer Overflow" event.
 
-config SYSVIEW_EVT_ISR_EXIT_ENABLE
-    bool "ISR Exit Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "ISR Exit" event.
+        config SYSVIEW_EVT_ISR_ENTER_ENABLE
+            bool "ISR Enter Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "ISR Enter" event.
 
-config SYSVIEW_EVT_ISR_TO_SCHEDULER_ENABLE
-    bool "ISR Exit to Scheduler Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "ISR to Scheduler" event.
+        config SYSVIEW_EVT_ISR_EXIT_ENABLE
+            bool "ISR Exit Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "ISR Exit" event.
 
-config SYSVIEW_EVT_TASK_START_EXEC_ENABLE
-    bool "Task Start Execution Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "Task Start Execution" event.
+        config SYSVIEW_EVT_ISR_TO_SCHEDULER_ENABLE
+            bool "ISR Exit to Scheduler Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "ISR to Scheduler" event.
 
-config SYSVIEW_EVT_TASK_STOP_EXEC_ENABLE
-    bool "Task Stop Execution Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "Task Stop Execution" event.
+        config SYSVIEW_EVT_TASK_START_EXEC_ENABLE
+            bool "Task Start Execution Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "Task Start Execution" event.
 
-config SYSVIEW_EVT_TASK_START_READY_ENABLE
-    bool "Task Start Ready State Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "Task Start Ready State" event.
+        config SYSVIEW_EVT_TASK_STOP_EXEC_ENABLE
+            bool "Task Stop Execution Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "Task Stop Execution" event.
 
-config SYSVIEW_EVT_TASK_STOP_READY_ENABLE
-    bool "Task Stop Ready State Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "Task Stop Ready State" event.
+        config SYSVIEW_EVT_TASK_START_READY_ENABLE
+            bool "Task Start Ready State Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "Task Start Ready State" event.
 
-config SYSVIEW_EVT_TASK_CREATE_ENABLE
-    bool "Task Create Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "Task Create" event.
+        config SYSVIEW_EVT_TASK_STOP_READY_ENABLE
+            bool "Task Stop Ready State Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "Task Stop Ready State" event.
 
-config SYSVIEW_EVT_TASK_TERMINATE_ENABLE
-    bool "Task Terminate Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "Task Terminate" event.
+        config SYSVIEW_EVT_TASK_CREATE_ENABLE
+            bool "Task Create Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "Task Create" event.
 
-config SYSVIEW_EVT_IDLE_ENABLE
-    bool "System Idle Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "System Idle" event.
+        config SYSVIEW_EVT_TASK_TERMINATE_ENABLE
+            bool "Task Terminate Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "Task Terminate" event.
 
-config SYSVIEW_EVT_TIMER_ENTER_ENABLE
-    bool "Timer Enter Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "Timer Enter" event.
+        config SYSVIEW_EVT_IDLE_ENABLE
+            bool "System Idle Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "System Idle" event.
 
-config SYSVIEW_EVT_TIMER_EXIT_ENABLE
-    bool "Timer Exit Event"
-    depends on SYSVIEW_ENABLE
-    default y
-    help
-        Enables "Timer Exit" event.
-
-endmenu
-
-config ESP32_GCOV_ENABLE
-    bool "GCOV to Host Enable"
-    depends on ESP32_DEBUG_STUBS_ENABLE && ESP32_APPTRACE_ENABLE && !SYSVIEW_ENABLE
-    default y
-    help
-        Enables support for GCOV data transfer to host.
+        config SYSVIEW_EVT_TIMER_ENTER_ENABLE
+            bool "Timer Enter Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "Timer Enter" event.
+
+        config SYSVIEW_EVT_TIMER_EXIT_ENABLE
+            bool "Timer Exit Event"
+            depends on SYSVIEW_ENABLE
+            default y
+            help
+                Enables "Timer Exit" event.
+
+    endmenu
+
+    config ESP32_GCOV_ENABLE
+        bool "GCOV to Host Enable"
+        depends on ESP32_DEBUG_STUBS_ENABLE && ESP32_APPTRACE_ENABLE && !SYSVIEW_ENABLE
+        default y
+        help
+            Enables support for GCOV data transfer to host.
 
 endmenu

components/app_trace/app_trace.c

@@ -38,7 +38,7 @@
 //                                 |<------------------------------------------->|TRAX_CTRL_REGS|<---->|
 //                                                                               ----------------
 
-// In general tracing goes in the following way. User aplication requests tracing module to send some data by calling esp_apptrace_buffer_get(),
+// In general tracing goes in the following way. User application requests tracing module to send some data by calling esp_apptrace_buffer_get(),
 // module allocates necessary buffer in current input trace block. Then user fills received buffer with data and calls esp_apptrace_buffer_put().
 // When current input trace block is filled with app data it is exposed to host and the second block becomes input one and buffer filling restarts.
 // While target application fills one TRAX block host reads another one via JTAG.
@@ -62,7 +62,7 @@
 //    21..15 bits - trace memory block transfer ID. Block counter. It can overflow. Updated by target, host should not modify it. Actually can be 2 bits;
 //    22     bit  - 'host data present' flag. If set to one there is data from host, otherwise - no host data;
 //    23     bit  - 'host connected' flag. If zero then host is not connected and tracing module works in post-mortem mode, otherwise in streaming mode;
-// - Status register uses TRAX_TRIGGERPC as storage. If this register is not zero then currentlly CPU is changing TRAX registers and
+// - Status register uses TRAX_TRIGGERPC as storage. If this register is not zero then current CPU is changing TRAX registers and
 //   this register holds address of the instruction which application will execute when it finishes with those registers modifications.
 //   See 'Targets Connection' setion for details.
 
@@ -87,7 +87,7 @@
 // 4.1 Trace Memory Blocks
 // -----------------------
 
-// Communication is controlled via special register. Host periodically polls control register on each core to find out if there are any data avalable.
+// Communication is controlled via special register. Host periodically polls control register on each core to find out if there are any data available.
 // When current input memory block is filled it is exposed to host and 'block_len' and 'block_id' fields are updated in the control register.
 // Host reads new register value and according to it's value starts reading data from exposed block. Meanwhile target starts filling another trace block.
 // When host finishes reading the block it clears 'block_len' field in control register indicating to the target that it is ready to accept the next one.
@@ -102,9 +102,9 @@
 // multithreading environment it can happen that task/ISR which copies data is preempted by another high prio task/ISR. So it is possible situation
 // that task/ISR will fail to complete filling its data chunk before the whole trace block is exposed to the host. To handle such conditions tracing
 // module prepends all user data chunks with header which contains allocated buffer size and actual data length within it. OpenOCD command
-// which reads application traces reports error when it reads incompleted user data block.
-// Data which are transfered from host to target are also prepended with a header. Down channel data header is simple and consists of one two bytes field
-// containing length of host data following the heder.
+// which reads application traces reports error when it reads incomplete user data block.
+// Data which are transffered from host to target are also prepended with a header. Down channel data header is simple and consists of one two bytes field
+// containing length of host data following the header.
 
 // 4.3 Data Buffering
 // ------------------
@@ -141,20 +141,18 @@
 //   So no local task switch occurs when mutex is locked. But this does not apply to tasks on another CPU.
 //   WARNING: Priority inversion can happen when low prio task works on one CPU and medium and high prio tasks work on another.
 // WARNING: Care must be taken when selecting timeout values for trace calls from ISRs. Tracing module does not care about watchdogs when waiting
-// on internal locks and for host to complete previous block reading, so if timeout value exceedes watchdog's one it can lead to the system reboot.
+// on internal locks and for host to complete previous block reading, so if timeout value exceeds watchdog's one it can lead to the system reboot.
 
 // 6. Timeouts
 // ===========
 
-// Timeout mechanism is based on xthal_get_ccount() routine and supports timeout values in micorseconds.
+// Timeout mechanism is based on xthal_get_ccount() routine and supports timeout values in microseconds.
 // There are two situations when task/ISR can be delayed by tracing API call. Timeout mechanism takes into account both conditions:
 // - Trace data are locked by another task/ISR. When wating on trace data lock.
 // - Current TRAX memory input block is full when working in streaming mode (host is connected). When waiting for host to complete previous block reading.
 // When wating for any of above conditions xthal_get_ccount() is called periodically to calculate time elapsed from trace API routine entry. When elapsed
 // time exceeds specified timeout value operation is canceled and ESP_ERR_TIMEOUT code is returned.
 
-// ALSO SEE example usage of application tracing module in 'components/app_trace/README.rst'
-
 #include <string.h>
 #include <sys/param.h>
 #include "soc/soc.h"
@@ -172,7 +170,6 @@
 
 #define ESP_APPTRACE_PRINT_LOCK                 0
 
-#define LOG_LOCAL_LEVEL CONFIG_LOG_DEFAULT_LEVEL
 #include "esp_log.h"
 const static char *TAG = "esp_apptrace";
 

components/app_trace/component.mk

@@ -27,3 +27,5 @@ COMPONENT_SRCDIRS += \
 else
 COMPONENT_SRCDIRS += gcov
 endif
+
+COMPONENT_ADD_LDFRAGMENTS += linker.lf

components/app_trace/include/esp_app_trace.h

@@ -51,7 +51,7 @@ void esp_apptrace_down_buffer_config(uint8_t *buf, uint32_t size);
  *
  * @param dest Indicates HW interface to send data.
  * @param size Size of data to write to trace buffer.
- * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinetly.
+ * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinitely.
  *
  * @return non-NULL on success, otherwise NULL.
  */
@@ -63,7 +63,7 @@ uint8_t *esp_apptrace_buffer_get(esp_apptrace_dest_t dest, uint32_t size, uint32
  *
  * @param dest Indicates HW interface to send data. Should be identical to the same parameter in call to esp_apptrace_buffer_get.
  * @param ptr  Address of trace buffer to release. Should be the value returned by call to esp_apptrace_buffer_get.
- * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinetly.
+ * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinitely.
  *
  * @return ESP_OK on success, otherwise see esp_err_t
  */
@@ -75,7 +75,7 @@ esp_err_t esp_apptrace_buffer_put(esp_apptrace_dest_t dest, uint8_t *ptr, uint32
  * @param dest Indicates HW interface to send data.
  * @param data Address of data to write to trace buffer.
  * @param size Size of data to write to trace buffer.
- * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinetly.
+ * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinitely.
  *
  * @return ESP_OK on success, otherwise see esp_err_t
  */
@@ -85,7 +85,7 @@ esp_err_t esp_apptrace_write(esp_apptrace_dest_t dest, const void *data, uint32_
  * @brief vprintf-like function to sent log messages to host via specified HW interface.
  *
  * @param dest Indicates HW interface to send data.
- * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinetly.
+ * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinitely.
  * @param fmt  Address of format string.
  * @param ap   List of arguments.
  *
@@ -107,7 +107,7 @@ int esp_apptrace_vprintf(const char *fmt, va_list ap);
  * @brief Flushes remaining data in trace buffer to host.
  *
  * @param dest Indicates HW interface to flush data on.
- * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinetly.
+ * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinitely.
  *
  * @return ESP_OK on success, otherwise see esp_err_t
  */
@@ -119,7 +119,7 @@ esp_err_t esp_apptrace_flush(esp_apptrace_dest_t dest, uint32_t tmo);
  *
  * @param dest   Indicates HW interface to flush data on.
  * @param min_sz Threshold for flushing data. If current filling level is above this value, data will be flushed. TRAX destinations only.
- * @param tmo    Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinetly.
+ * @param tmo    Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinitely.
  *
  * @return ESP_OK on success, otherwise see esp_err_t
  */
@@ -131,31 +131,31 @@ esp_err_t esp_apptrace_flush_nolock(esp_apptrace_dest_t dest, uint32_t min_sz, u
  * @param dest Indicates HW interface to read the data on.
  * @param data Address of buffer to put data from trace buffer.
  * @param size Pointer to store size of read data. Before call to this function pointed memory must hold requested size of data
- * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinetly.
+ * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinitely.
  *
  * @return ESP_OK on success, otherwise see esp_err_t
  */
 esp_err_t esp_apptrace_read(esp_apptrace_dest_t dest, void *data, uint32_t *size, uint32_t tmo);
 
 /**
- * @brief Rertrieves incoming data buffer if any.
+ * @brief Retrieves incoming data buffer if any.
  *        After data in buffer are processed esp_apptrace_down_buffer_put must be called to indicate it.
  *
  * @param dest Indicates HW interface to receive data.
- * @param size Address to store size of available data in down buffer. Must be initializaed with requested value.
- * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinetly.
+ * @param size Address to store size of available data in down buffer. Must be initialized with requested value.
+ * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinitely.
  *
  * @return non-NULL on success, otherwise NULL.
  */
 uint8_t *esp_apptrace_down_buffer_get(esp_apptrace_dest_t dest, uint32_t *size, uint32_t tmo);
 
 /**
- * @brief Indicates that the data in down buffer are processesd.
+ * @brief Indicates that the data in down buffer are processed.
  *        This function is a counterpart of and must be preceeded by esp_apptrace_down_buffer_get.
  *
  * @param dest Indicates HW interface to receive data. Should be identical to the same parameter in call to esp_apptrace_down_buffer_get.
  * @param ptr  Address of trace buffer to release. Should be the value returned by call to esp_apptrace_down_buffer_get.
- * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinetly.
+ * @param tmo  Timeout for operation (in us). Use ESP_APPTRACE_TMO_INFINITE to wait indefinitely.
  *
  * @return ESP_OK on success, otherwise see esp_err_t
  */
@@ -247,7 +247,7 @@ int esp_apptrace_ftell(esp_apptrace_dest_t dest, void *stream);
 
 /**
  * @brief Indicates to the host that all file operations are completed.
- *		  This function should be called after all file operations are finished and 
+ *		  This function should be called after all file operations are finished and
  *		  indicate to the host that it can perform cleanup operations (close open files etc.).
  *
  * @param dest   Indicates HW interface to use.

components/app_trace/linker.lf

@@ -0,0 +1,12 @@
+[mapping]
+archive: libapp_trace.a
+entries: 
+    * (noflash)
+
+[mapping]
+archive: libdriver.a
+entries:
+    : SYSVIEW_TS_SOURCE_TIMER_00 = y || SYSVIEW_TS_SOURCE_TIMER_01 = y 
+      || SYSVIEW_TS_SOURCE_TIMER_10 = y || SYSVIEW_TS_SOURCE_TIMER_11 = y
+    timer (noflash)
+

components/app_trace/sys_view/Config/SEGGER_SYSVIEW_Conf.h

@@ -166,10 +166,11 @@ Revision: $Rev: 5927 $
   #define SEGGER_SYSVIEW_GET_INTERRUPT_ID()   SEGGER_SYSVIEW_X_GetInterruptId() // Get the currently active interrupt Id from the user-provided function.
 #endif
 
-void SEGGER_SYSVIEW_X_SysView_Lock();
-void SEGGER_SYSVIEW_X_SysView_Unlock();
-#define SEGGER_SYSVIEW_LOCK()   SEGGER_SYSVIEW_X_SysView_Lock()
-#define SEGGER_SYSVIEW_UNLOCK() SEGGER_SYSVIEW_X_SysView_Unlock()
+unsigned SEGGER_SYSVIEW_X_SysView_Lock();
+void SEGGER_SYSVIEW_X_SysView_Unlock(unsigned int_state);
+// to be recursive save IRQ status on the stack of the caller
+#define SEGGER_SYSVIEW_LOCK()   unsigned _SYSVIEW_int_state = SEGGER_SYSVIEW_X_SysView_Lock()
+#define SEGGER_SYSVIEW_UNLOCK() SEGGER_SYSVIEW_X_SysView_Unlock(_SYSVIEW_int_state)
 
 #endif  // SEGGER_SYSVIEW_CONF_H
 

components/app_trace/sys_view/SEGGER/SEGGER_SYSVIEW.c

@@ -2368,7 +2368,7 @@ void SEGGER_SYSVIEW_RegisterModule(SEGGER_SYSVIEW_MODULE* pModule) {
     _pFirstModule = pModule;
     _NumModules++;
   }
-  SEGGER_SYSVIEW_SendModule(0);
+  SEGGER_SYSVIEW_SendModule(_NumModules-1);
   if (pModule->pfSendModuleDesc) {
     pModule->pfSendModuleDesc();
   }

components/app_trace/sys_view/Sample/Config/SEGGER_SYSVIEW_Config_FreeRTOS.c

@@ -337,15 +337,18 @@ void SEGGER_SYSVIEW_X_RTT_Unlock()
 {
 }
 
-void SEGGER_SYSVIEW_X_SysView_Lock()
+unsigned SEGGER_SYSVIEW_X_SysView_Lock()
 {
     esp_apptrace_tmo_t tmo;
     esp_apptrace_tmo_init(&tmo, SEGGER_LOCK_WAIT_TMO);
     esp_apptrace_lock_take(&s_sys_view_lock, &tmo);
+    // to be recursive save IRQ status on the stack of the caller to keep it from overwriting
+    return s_sys_view_lock.int_state;
 }
 
-void SEGGER_SYSVIEW_X_SysView_Unlock()
+void SEGGER_SYSVIEW_X_SysView_Unlock(unsigned int_state)
 {
+    s_sys_view_lock.int_state = int_state;
     esp_apptrace_lock_give(&s_sys_view_lock);
 }
 

components/app_trace/sys_view/Sample/OS/SEGGER_SYSVIEW_FreeRTOS.h

@@ -80,7 +80,7 @@ Notes:
   #define portSTACK_GROWTH              ( -1 )
 #endif
 
-#define SYSVIEW_FREERTOS_MAX_NOF_TASKS  16
+#define SYSVIEW_FREERTOS_MAX_NOF_TASKS  CONFIG_SYSVIEW_MAX_TASKS
 
 /*********************************************************************
 *

components/app_update/CMakeLists.txt

@@ -1,17 +1,40 @@
-set(COMPONENT_SRCS "esp_ota_ops.c")
+set(COMPONENT_SRCS "esp_ota_ops.c"
+                   "esp_app_desc.c")
 set(COMPONENT_ADD_INCLUDEDIRS "include")
 
-set(COMPONENT_REQUIRES spi_flash partition_table)
-set(COMPONENT_PRIV_REQUIRES bootloader_support)
+set(COMPONENT_REQUIRES spi_flash partition_table bootloader_support)
 
 register_component()
 
-# Add custom target for generating empty otadata partition for flashing
-if(${OTADATA_PARTITION_OFFSET})
-    add_custom_command(OUTPUT "${PROJECT_BINARY_DIR}/${BLANK_OTADATA_FILE}"
-        COMMAND ${PYTHON} ${CMAKE_CURRENT_SOURCE_DIR}/gen_empty_partition.py
-        --size ${OTADATA_PARTITION_SIZE} "${PROJECT_BINARY_DIR}/${BLANK_OTADATA_FILE}")
+# esp_app_desc structure is added as an undefined symbol because otherwise the 
+# linker will ignore this structure as it has no other files depending on it.
+target_link_libraries(${COMPONENT_TARGET} "-u esp_app_desc")
 
-    add_custom_target(blank_ota_data ALL DEPENDS "${PROJECT_BINARY_DIR}/${BLANK_OTADATA_FILE}")
+# cut PROJECT_VER and PROJECT_NAME to required 32 characters.
+string(SUBSTRING "${PROJECT_VER}" 0 31 PROJECT_VER_CUT)
+string(SUBSTRING "${PROJECT_NAME}" 0 31 PROJECT_NAME_CUT)
+
+set_source_files_properties(
+    SOURCE "esp_app_desc.c"
+    PROPERTIES COMPILE_DEFINITIONS 
+    "PROJECT_VER=\"${PROJECT_VER_CUT}\"; PROJECT_NAME=\"${PROJECT_NAME_CUT}\"")
+
+# Add custom target for generating empty otadata partition for flashing
+if(OTADATA_PARTITION_OFFSET AND OTADATA_PARTITION_SIZE)
+    add_custom_command(OUTPUT "${IDF_BUILD_ARTIFACTS_DIR}/${BLANK_OTADATA_FILE}"
+        COMMAND ${PYTHON} ${IDF_PATH}/components/partition_table/parttool.py
+        --partition-type data --partition-subtype ota -q
+        --partition-table-file ${PARTITION_CSV_PATH} generate_blank_partition_file
+        --output "${IDF_BUILD_ARTIFACTS_DIR}/${BLANK_OTADATA_FILE}")
+
+    add_custom_target(blank_ota_data ALL DEPENDS "${IDF_BUILD_ARTIFACTS_DIR}/${BLANK_OTADATA_FILE}")
     add_dependencies(flash blank_ota_data)
 endif()
+
+set(otatool_py ${PYTHON} ${COMPONENT_PATH}/otatool.py)
+
+add_custom_target(read_otadata DEPENDS "${PARTITION_CSV_PATH}"
+                COMMAND ${otatool_py} --partition-table-file ${PARTITION_CSV_PATH} read_otadata)
+
+add_custom_target(erase_otadata DEPENDS "${PARTITION_CSV_PATH}"
+                COMMAND ${otatool_py} --partition-table-file ${PARTITION_CSV_PATH} erase_otadata)

components/app_update/Kconfig.projbuild

@@ -0,0 +1,25 @@
+menu "Application manager"
+
+    config APP_COMPILE_TIME_DATE
+        bool "Use time/date stamp for app"
+        default y
+        help
+            If set, then the app will be built with the current time/date stamp. It is stored in the app description
+            structure. If not set, time/date stamp will be excluded from app image. This can be useful for getting the
+            same binary image files made from the same source, but at different times.
+
+    config APP_EXCLUDE_PROJECT_VER_VAR
+        bool "Exclude PROJECT_VER from firmware image"
+        default n
+        help
+            The PROJECT_VER variable from the build system will not affect the firmware image.
+            This value will not be contained in the esp_app_desc structure.
+
+    config APP_EXCLUDE_PROJECT_NAME_VAR
+        bool "Exclude PROJECT_NAME from firmware image"
+        default n
+        help
+            The PROJECT_NAME variable from the build system will not affect the firmware image.
+            This value will not be contained in the esp_app_desc structure.
+
+endmenu # "Application manager"

components/app_update/Makefile.projbuild

@@ -1,60 +1,49 @@
 # Generate partition binary
 #
-.PHONY: dump_otadata erase_ota blank_ota_data
+.PHONY: blank_ota_data erase_otadata read_otadata
 
-GEN_EMPTY_PART := $(PYTHON) $(COMPONENT_PATH)/gen_empty_partition.py
+OTATOOL_PY := $(PYTHON) $(COMPONENT_PATH)/otatool.py
+PARTTOOL_PY := $(PYTHON) $(IDF_PATH)/components/partition_table/parttool.py
+
+# Generate blank partition file
 BLANK_OTA_DATA_FILE = $(BUILD_DIR_BASE)/ota_data_initial.bin
 
-PARTITION_TABLE_LEN := 0xC00
-OTADATA_LEN := 0x2000
+# Copy PARTITION_TABLE_CSV_PATH definition here from $IDF_PATH/components/partition_table/Makefile.projbuild
+# to avoid undefined variables warning for PARTITION_TABLE_CSV_PATH
+ifndef PARTITION_TABLE_CSV_PATH
+PARTITION_TABLE_ROOT := $(call dequote,$(if $(CONFIG_PARTITION_TABLE_CUSTOM),$(PROJECT_PATH),$(IDF_PATH)/components/partition_table))
+PARTITION_TABLE_CSV_PATH := $(call dequote,$(abspath $(PARTITION_TABLE_ROOT)/$(call dequote,$(CONFIG_PARTITION_TABLE_FILENAME))))
+endif
 
-PARTITION_TABLE_ONCHIP_BIN_PATH := $(call dequote,$(abspath $(BUILD_DIR_BASE)))
-PARTITION_TABLE_ONCHIP_BIN_NAME := "onchip_partition.bin"
-OTADATA_ONCHIP_BIN_NAME := "onchip_otadata.bin"
+$(BLANK_OTA_DATA_FILE): partition_table_get_info $(PARTITION_TABLE_CSV_PATH) | check_python_dependencies
+	$(shell if [ "$(OTA_DATA_OFFSET)" != "" ] && [ "$(OTA_DATA_SIZE)" != "" ]; then \
+				$(PARTTOOL_PY) --partition-type data --partition-subtype ota --partition-table-file $(PARTITION_TABLE_CSV_PATH) \
+								-q generate_blank_partition_file --output $(BLANK_OTA_DATA_FILE); \
+			fi; )
+	$(eval BLANK_OTA_DATA_FILE = $(shell if [ "$(OTA_DATA_OFFSET)" != "" ] && [ "$(OTA_DATA_SIZE)" != "" ]; then \
+			echo $(BLANK_OTA_DATA_FILE); else echo " "; fi) )
 
-PARTITION_TABLE_ONCHIP_BIN := $(PARTITION_TABLE_ONCHIP_BIN_PATH)/$(call dequote,$(PARTITION_TABLE_ONCHIP_BIN_NAME)) 
-OTADATA_ONCHIP_BIN := $(PARTITION_TABLE_ONCHIP_BIN_PATH)/$(call dequote,$(OTADATA_ONCHIP_BIN_NAME))
-
-PARTITION_TABLE_GET_BIN_CMD = $(ESPTOOLPY_SERIAL) read_flash $(PARTITION_TABLE_OFFSET) $(PARTITION_TABLE_LEN) $(PARTITION_TABLE_ONCHIP_BIN)
-OTADATA_GET_BIN_CMD = $(ESPTOOLPY_SERIAL) read_flash $(OTADATA_OFFSET) $(OTADATA_LEN) $(OTADATA_ONCHIP_BIN)
-
-GEN_OTADATA = $(IDF_PATH)/components/app_update/dump_otadata.py
-ERASE_OTADATA_CMD = $(ESPTOOLPY_SERIAL) erase_region $(OTADATA_OFFSET) $(OTADATA_LEN)
+blank_ota_data: $(BLANK_OTA_DATA_FILE)
 
 # If there is no otadata partition, both OTA_DATA_OFFSET and BLANK_OTA_DATA_FILE 
 # expand to empty values.
 ESPTOOL_ALL_FLASH_ARGS += $(OTA_DATA_OFFSET) $(BLANK_OTA_DATA_FILE)
 
-$(PARTITION_TABLE_ONCHIP_BIN):
-	$(PARTITION_TABLE_GET_BIN_CMD)
+erase_otadata: $(PARTITION_TABLE_CSV_PATH) partition_table_get_info | check_python_dependencies
+	$(OTATOOL_PY) --partition-table-file $(PARTITION_TABLE_CSV_PATH) erase_otadata
 
-onchip_otadata_get_info: $(PARTITION_TABLE_ONCHIP_BIN) 
-	$(eval OTADATA_OFFSET:=$(shell $(GET_PART_INFO) --type data --subtype ota --offset $(PARTITION_TABLE_ONCHIP_BIN)))
-	@echo $(if $(OTADATA_OFFSET), $(shell export OTADATA_OFFSET), $(shell rm -f $(PARTITION_TABLE_ONCHIP_BIN));$(error "ERROR: ESP32 does not have otadata partition."))
+read_otadata: $(PARTITION_TABLE_CSV_PATH) partition_table_get_info | check_python_dependencies
+	$(OTATOOL_PY) --partition-table-file $(PARTITION_TABLE_CSV_PATH) read_otadata
 
-$(OTADATA_ONCHIP_BIN):
-	$(OTADATA_GET_BIN_CMD)
-
-dump_otadata: onchip_otadata_get_info $(OTADATA_ONCHIP_BIN) $(PARTITION_TABLE_ONCHIP_BIN) 
-	@echo "otadata retrieved. Contents:"
-	@echo $(SEPARATOR)
-	$(GEN_OTADATA) $(OTADATA_ONCHIP_BIN)
-	@echo $(SEPARATOR)
-	rm -f $(PARTITION_TABLE_ONCHIP_BIN)
-	rm -f $(OTADATA_ONCHIP_BIN)
-
-$(BLANK_OTA_DATA_FILE): partition_table_get_info
-	$(GEN_EMPTY_PART) --size $(OTA_DATA_SIZE) $(BLANK_OTA_DATA_FILE)
-	$(eval BLANK_OTA_DATA_FILE = $(shell if [ $(OTA_DATA_SIZE) != 0 ]; then echo $(BLANK_OTA_DATA_FILE); else echo " "; fi) )
-
-blank_ota_data: $(BLANK_OTA_DATA_FILE)
-
-erase_ota: partition_table_get_info | check_python_dependencies
-	@echo $(if $(OTA_DATA_OFFSET), "Erase ota_data [addr=$(OTA_DATA_OFFSET) size=$(OTA_DATA_SIZE)] ...", $(error "ERROR: Partition table does not have ota_data partition."))
-	$(ESPTOOLPY_SERIAL) erase_region $(OTA_DATA_OFFSET) $(OTA_DATA_SIZE)
+erase_ota: erase_otadata
+	@echo "WARNING: erase_ota is deprecated. Use erase_otadata instead."
 
 all: blank_ota_data
 flash: blank_ota_data
 
+TMP_DEFINES := $(BUILD_DIR_BASE)/app_update/tmp_cppflags.txt
+export TMP_DEFINES
+
 clean:
 	rm -f $(BLANK_OTA_DATA_FILE)
+	rm -f $(TMP_DEFINES)

components/app_update/component.mk

@@ -3,3 +3,54 @@
 #
 # (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
 
+# esp_app_desc structure is added as an undefined symbol because otherwise the 
+# linker will ignore this structure as it has no other files depending on it.
+COMPONENT_ADD_LDFLAGS += -u esp_app_desc
+
+ifndef IS_BOOTLOADER_BUILD
+GET_PROJECT_VER ?=
+ifeq ("${PROJECT_VER}", "")
+ifeq ("$(wildcard ${PROJECT_PATH}/version.txt)","")
+
+GET_PROJECT_VER := $(shell cd ${PROJECT_PATH} && git describe --always --tags --dirty 2> /dev/null)
+ifeq ("${GET_PROJECT_VER}", "")
+GET_PROJECT_VER := "1"
+$(info Project is not inside a git repository, will not use 'git describe' to determine PROJECT_VER.)
+endif
+
+else
+# read from version.txt
+GET_PROJECT_VER := $(shell cat ${PROJECT_PATH}/version.txt)
+endif
+endif
+# If ``PROJECT_VER`` variable set in project Makefile file, its value will be used.
+# Else, if the ``$PROJECT_PATH/version.txt`` exists, its contents will be used as ``PROJECT_VER``.
+# Else, if the project is located inside a Git repository, the output of git describe will be used.
+# Otherwise, ``PROJECT_VER`` will be "1".
+
+ifeq ("${PROJECT_VER}", "")
+PROJECT_VER:= $(GET_PROJECT_VER)
+else
+PROJECT_VER:= $(PROJECT_VER)
+endif
+
+# cut PROJECT_VER and PROJECT_NAME to required 32 characters.
+PROJECT_VER_CUT  := $(shell echo "$(PROJECT_VER)"  | cut -c 1-31)
+PROJECT_NAME_CUT := $(shell echo "$(PROJECT_NAME)" | cut -c 1-31)
+
+$(info App "$(PROJECT_NAME_CUT)" version: $(PROJECT_VER_CUT))
+
+NEW_DEFINES:= "$(PROJECT_VER_CUT) $(PROJECT_NAME_CUT) $(IDF_VER)"
+ifeq ("$(wildcard ${TMP_DEFINES})","")
+OLD_DEFINES:= ""
+else
+OLD_DEFINES:= "$(shell cat $(TMP_DEFINES))"
+endif
+
+# If NEW_DEFINES (PROJECT_VER, PROJECT_NAME) were changed then rebuild only esp_app_desc.
+ifneq (${NEW_DEFINES}, ${OLD_DEFINES})
+$(shell echo $(NEW_DEFINES) > $(TMP_DEFINES); rm -f esp_app_desc.o;)
+endif
+
+esp_app_desc.o: CPPFLAGS += -D PROJECT_VER=\""$(PROJECT_VER_CUT)"\" -D PROJECT_NAME=\""$(PROJECT_NAME_CUT)"\"
+endif

components/app_update/dump_otadata.py

@@ -1,88 +0,0 @@
-#!/usr/bin/env python
-#
-# gen_otadata prints info about the otadata partition.
-#
-# Copyright 2018 Espressif Systems (Shanghai) PTE LTD
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http:#www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-from __future__ import print_function, division
-import argparse
-import os
-import re
-import struct
-import sys
-import hashlib
-import binascii
-
-__version__ = '1.0'
-
-quiet = False
-
-def status(msg):
-    """ Print status message to stderr """
-    if not quiet:
-        critical(msg)
-
-def critical(msg):
-    """ Print critical message to stderr """
-    if not quiet:
-        sys.stderr.write(msg)
-        sys.stderr.write('\n')
-
-def little_endian(buff, offset):
-    data = buff[offset:offset+4]
-    data.reverse()
-    data = ''.join(data)
-    return data
-               
-def main():
-    global quiet
-    parser = argparse.ArgumentParser(description='Prints otadata partition in human readable form.')
-
-    parser.add_argument('--quiet', '-q', help="Don't print status messages to stderr", action='store_true')
-
-    search_type = parser.add_mutually_exclusive_group()
-
-    parser.add_argument('input', help='Path to binary file containing otadata partition to parse.',
-                        type=argparse.FileType('rb'))
-
-    args = parser.parse_args()
-
-    quiet = args.quiet
-
-    input = args.input.read()
-    
-    hex_input_0 = binascii.hexlify(input)
-    hex_input_0 = map(''.join, zip(*[iter(hex_input_0)]*2))
-    hex_input_1 = binascii.hexlify(input[4096:])
-    hex_input_1 = map(''.join, zip(*[iter(hex_input_1)]*2))
-    
-    print("\t%11s\t%8s    |\t%8s\t%8s" %("OTA_SEQ", "CRC", "OTA_SEQ", "CRC"))
-    print("Firmware:  0x%s  \t 0x%s |\t0x%s \t 0x%s" % (little_endian(hex_input_0, 0), little_endian(hex_input_0, 28), \
-                                                        little_endian(hex_input_1, 0), little_endian(hex_input_1, 28)))
-class InputError(RuntimeError):
-    def __init__(self, e):
-        super(InputError, self).__init__(e)
-
-class ValidationError(InputError):
-    def __init__(self, partition, message):
-        super(ValidationError, self).__init__(
-            "Partition %s invalid: %s" % (partition.name, message))
-
-if __name__ == '__main__':
-    try:
-        r = main()
-        sys.exit(r)
-    except InputError as e:
-        print(e, file=sys.stderr)
-        sys.exit(2)

components/app_update/esp_app_desc.c

@@ -0,0 +1,85 @@
+// Copyright 2017-2018 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#include <assert.h>
+#include <sys/param.h>
+#include "esp_ota_ops.h"
+#include "esp_attr.h"
+#include "sdkconfig.h"
+
+// Application version info
+const __attribute__((section(".rodata_desc"))) esp_app_desc_t esp_app_desc = {
+    .magic_word = ESP_APP_DESC_MAGIC_WORD,
+#ifdef CONFIG_APP_EXCLUDE_PROJECT_VER_VAR
+    .version = "",
+#else
+    .version = PROJECT_VER,
+#endif
+
+#ifdef CONFIG_APP_EXCLUDE_PROJECT_NAME_VAR
+    .project_name = "",
+#else
+    .project_name = PROJECT_NAME,
+#endif
+    .idf_ver = IDF_VER,
+
+#ifdef CONFIG_APP_SECURE_VERSION
+    .secure_version = CONFIG_APP_SECURE_VERSION,
+#else
+    .secure_version = 0,
+#endif
+
+#ifdef CONFIG_APP_COMPILE_TIME_DATE
+    .time = __TIME__,
+    .date = __DATE__,
+#else
+    .time = "",
+    .date = "",
+#endif
+};
+
+
+#ifndef CONFIG_APP_EXCLUDE_PROJECT_VER_VAR
+_Static_assert(sizeof(PROJECT_VER) <= sizeof(esp_app_desc.version), "PROJECT_VER is longer than version field in structure");
+#endif
+_Static_assert(sizeof(IDF_VER) <= sizeof(esp_app_desc.idf_ver), "IDF_VER is longer than idf_ver field in structure");
+#ifndef CONFIG_APP_EXCLUDE_PROJECT_NAME_VAR
+_Static_assert(sizeof(PROJECT_NAME) <= sizeof(esp_app_desc.project_name), "PROJECT_NAME is longer than project_name field in structure");
+#endif
+
+const esp_app_desc_t *esp_ota_get_app_description(void)
+{
+    return &esp_app_desc;
+}
+
+/* The following two functions may be called from the panic handler
+ * or core dump, hence IRAM_ATTR.
+ */
+
+static inline char IRAM_ATTR to_hex_digit(unsigned val)
+{
+    return (val < 10) ? ('0' + val) : ('a' + val - 10);
+}
+
+int IRAM_ATTR esp_ota_get_app_elf_sha256(char* dst, size_t size)
+{
+    size_t n = MIN((size - 1) / 2, sizeof(esp_app_desc.app_elf_sha256));
+    const uint8_t* src = esp_app_desc.app_elf_sha256;
+    for (size_t i = 0; i < n; ++i) {
+        dst[2*i] = to_hex_digit(src[i] >> 4);
+        dst[2*i + 1] = to_hex_digit(src[i] & 0xf);
+    }
+    dst[2*n] = 0;
+    return 2*n + 1;
+}

components/app_update/esp_ota_ops.c

@@ -36,11 +36,14 @@
 #include "rom/crc.h"
 #include "soc/dport_reg.h"
 #include "esp_log.h"
+#include "esp_flash_data_types.h"
+#include "bootloader_common.h"
+#include "sys/param.h"
+#include "esp_system.h"
+#include "esp_efuse.h"
 
 
-#define OTA_MAX(a,b) ((a) >= (b) ? (a) : (b)) 
-#define OTA_MIN(a,b) ((a) <= (b) ? (a) : (b)) 
-#define SUB_TYPE_ID(i) (i & 0x0F) 
+#define SUB_TYPE_ID(i) (i & 0x0F)
 
 typedef struct ota_ops_entry_ {
     uint32_t handle;
@@ -52,19 +55,10 @@ typedef struct ota_ops_entry_ {
     LIST_ENTRY(ota_ops_entry_) entries;
 } ota_ops_entry_t;
 
-/* OTA selection structure (two copies in the OTA data partition.)
-   Size of 32 bytes is friendly to flash encryption */
-typedef struct {
-    uint32_t ota_seq;
-    uint8_t  seq_label[24];
-    uint32_t crc;                /* CRC32 of ota_seq field only */
-} ota_select;
-
 static LIST_HEAD(ota_ops_entries_head, ota_ops_entry_) s_ota_ops_entries_head =
     LIST_HEAD_INITIALIZER(s_ota_ops_entries_head);
 
 static uint32_t s_ota_ops_last_handle = 0;
-static ota_select s_ota_select[2];
 
 const static char *TAG = "esp_ota_ops";
 
@@ -77,6 +71,63 @@ static bool is_ota_partition(const esp_partition_t *p)
             && p->subtype < ESP_PARTITION_SUBTYPE_APP_OTA_MAX);
 }
 
+// Read otadata partition and fill array from two otadata structures.
+// Also return pointer to otadata info partition.
+static const esp_partition_t *read_otadata(esp_ota_select_entry_t *two_otadata)
+{
+    const esp_partition_t *otadata_partition = esp_partition_find_first(ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_OTA, NULL);
+
+    if (otadata_partition == NULL) {
+        ESP_LOGE(TAG, "not found otadata");
+        return NULL;
+    }
+
+    spi_flash_mmap_handle_t ota_data_map;
+    const void *result = NULL;
+    esp_err_t err = esp_partition_mmap(otadata_partition, 0, otadata_partition->size, SPI_FLASH_MMAP_DATA, &result, &ota_data_map);
+    if (err != ESP_OK) {
+        ESP_LOGE(TAG, "mmap otadata filed. Err=0x%8x", err);
+        return NULL;
+    } else {
+        memcpy(&two_otadata[0], result, sizeof(esp_ota_select_entry_t));
+        memcpy(&two_otadata[1], result + SPI_FLASH_SEC_SIZE, sizeof(esp_ota_select_entry_t));
+        spi_flash_munmap(ota_data_map);
+    }
+    return otadata_partition;
+}
+
+static esp_err_t image_validate(const esp_partition_t *partition, esp_image_load_mode_t load_mode)
+{
+    esp_image_metadata_t data;
+    const esp_partition_pos_t part_pos = {
+        .offset = partition->address,
+        .size = partition->size,
+    };
+
+    if (esp_image_verify(load_mode, &part_pos, &data) != ESP_OK) {
+        return ESP_ERR_OTA_VALIDATE_FAILED;
+    }
+
+#ifdef CONFIG_SECURE_SIGNED_ON_UPDATE
+    esp_err_t ret = esp_secure_boot_verify_signature(partition->address, data.image_len);
+    if (ret != ESP_OK) {
+        return ESP_ERR_OTA_VALIDATE_FAILED;
+    }
+#endif
+
+    return ESP_OK;
+}
+
+static esp_ota_img_states_t set_new_state_otadata(void)
+{
+#ifdef CONFIG_APP_ROLLBACK_ENABLE
+    ESP_LOGD(TAG, "Monitoring the first boot of the app is enabled.");
+    return ESP_OTA_IMG_NEW;
+#else
+    return ESP_OTA_IMG_UNDEFINED;
+#endif
+}
+
 esp_err_t esp_ota_begin(const esp_partition_t *partition, size_t image_size, esp_ota_handle_t *out_handle)
 {
     ota_ops_entry_t *new_entry;
@@ -95,10 +146,21 @@ esp_err_t esp_ota_begin(const esp_partition_t *partition, size_t image_size, esp
         return ESP_ERR_INVALID_ARG;
     }
 
-    if (partition == esp_ota_get_running_partition()) {
+    const esp_partition_t* running_partition = esp_ota_get_running_partition();
+    if (partition == running_partition) {
         return ESP_ERR_OTA_PARTITION_CONFLICT;
     }
 
+#ifdef CONFIG_APP_ROLLBACK_ENABLE
+    esp_ota_img_states_t ota_state_running_part;
+    if (esp_ota_get_state_partition(running_partition, &ota_state_running_part) == ESP_OK) {
+        if (ota_state_running_part == ESP_OTA_IMG_PENDING_VERIFY) {
+            ESP_LOGE(TAG, "Running app has not confirmed state (ESP_OTA_IMG_PENDING_VERIFY)");
+            return ESP_ERR_OTA_ROLLBACK_INVALID_STATE;
+        }
+    }
+#endif
+
     // If input image size is 0 or OTA_SIZE_UNKNOWN, erase entire partition
     if ((image_size == 0) || (image_size == OTA_SIZE_UNKNOWN)) {
         ret = esp_partition_erase_range(partition, 0, partition->size);
@@ -146,7 +208,7 @@ esp_err_t esp_ota_write(esp_ota_handle_t handle, const void *data, size_t size)
             // must erase the partition before writing to it
             assert(it->erased_size > 0 && "must erase the partition before writing to it");
             if (it->wrote_size == 0 && it->partial_bytes == 0 && size > 0 && data_bytes[0] != ESP_IMAGE_HEADER_MAGIC) {
-                ESP_LOGE(TAG, "OTA image has invalid magic byte (expected 0xE9, saw 0x%02x", data_bytes[0]);
+                ESP_LOGE(TAG, "OTA image has invalid magic byte (expected 0xE9, saw 0x%02x)", data_bytes[0]);
                 return ESP_ERR_OTA_VALIDATE_FAILED;
             }
 
@@ -156,7 +218,7 @@ esp_err_t esp_ota_write(esp_ota_handle_t handle, const void *data, size_t size)
 
                 /* check if we have partially written data from earlier */
                 if (it->partial_bytes != 0) {
-                    copy_len = OTA_MIN(16 - it->partial_bytes, size);
+                    copy_len = MIN(16 - it->partial_bytes, size);
                     memcpy(it->partial_data + it->partial_bytes, data_bytes, copy_len);
                     it->partial_bytes += copy_len;
                     if (it->partial_bytes != 16) {
@@ -246,32 +308,20 @@ esp_err_t esp_ota_end(esp_ota_handle_t handle)
     return ret;
 }
 
-static uint32_t ota_select_crc(const ota_select *s)
+static esp_err_t rewrite_ota_seq(esp_ota_select_entry_t *two_otadata, uint32_t seq, uint8_t sec_id, const esp_partition_t *ota_data_partition)
 {
-    return crc32_le(UINT32_MAX, (uint8_t *)&s->ota_seq, 4);
-}
-
-static bool ota_select_valid(const ota_select *s)
-{
-    return s->ota_seq != UINT32_MAX && s->crc == ota_select_crc(s);
-}
-
-static esp_err_t rewrite_ota_seq(uint32_t seq, uint8_t sec_id, const esp_partition_t *ota_data_partition)
-{
-    esp_err_t ret;
-
-    if (sec_id == 0 || sec_id == 1) {
-        s_ota_select[sec_id].ota_seq = seq;
-        s_ota_select[sec_id].crc = ota_select_crc(&s_ota_select[sec_id]);
-        ret = esp_partition_erase_range(ota_data_partition, sec_id * SPI_FLASH_SEC_SIZE, SPI_FLASH_SEC_SIZE);
-        if (ret != ESP_OK) {
-            return ret;
-        } else {
-            return esp_partition_write(ota_data_partition, SPI_FLASH_SEC_SIZE * sec_id, &s_ota_select[sec_id].ota_seq, sizeof(ota_select));
-        }
-    } else {
+    if (two_otadata == NULL || sec_id > 1) {
         return ESP_ERR_INVALID_ARG;
     }
+
+    two_otadata[sec_id].ota_seq = seq;
+    two_otadata[sec_id].crc = bootloader_common_ota_select_crc(&two_otadata[sec_id]);
+    esp_err_t ret = esp_partition_erase_range(ota_data_partition, sec_id * SPI_FLASH_SEC_SIZE, SPI_FLASH_SEC_SIZE);
+    if (ret != ESP_OK) {
+        return ret;
+    } else {
+        return esp_partition_write(ota_data_partition, SPI_FLASH_SEC_SIZE * sec_id, &two_otadata[sec_id], sizeof(esp_ota_select_entry_t));
+    }
 }
 
 static uint8_t get_ota_partition_count(void)
@@ -286,119 +336,88 @@ static uint8_t get_ota_partition_count(void)
 
 static esp_err_t esp_rewrite_ota_data(esp_partition_subtype_t subtype)
 {
-    esp_err_t ret;
-    const esp_partition_t *find_partition = NULL;
-    uint16_t ota_app_count = 0;
-    uint32_t i = 0;
-    uint32_t seq;
-    spi_flash_mmap_handle_t ota_data_map;
-    const void *result = NULL;
-
-    find_partition = esp_partition_find_first(ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_OTA, NULL);
-    if (find_partition != NULL) {
-        ota_app_count = get_ota_partition_count();
-        //esp32_idf use two sector for store information about which partition is running
-        //it defined the two sector as ota data partition,two structure ota_select is saved in the two sector
-        //named data in first sector as s_ota_select[0], second sector data as s_ota_select[1]
-        //e.g.
-        //if s_ota_select[0].ota_seq == s_ota_select[1].ota_seq == 0xFFFFFFFF,means ota info partition is in init status
-        //so it will boot factory application(if there is),if there's no factory application,it will boot ota[0] application 
-        //if s_ota_select[0].ota_seq != 0 and s_ota_select[1].ota_seq != 0,it will choose a max seq ,and get value of max_seq%max_ota_app_number
-        //and boot a subtype (mask 0x0F) value is (max_seq - 1)%max_ota_app_number,so if want switch to run ota[x],can use next formulas.
-        //for example, if s_ota_select[0].ota_seq = 4, s_ota_select[1].ota_seq = 5, and there are 8 ota application, 
-        //current running is (5-1)%8 = 4,running ota[4],so if we want to switch to run ota[7],
-        //we should add s_ota_select[0].ota_seq (is 4) to 4 ,(8-1)%8=7,then it will boot ota[7]
-        //if      A=(B - C)%D
-        //then    B=(A + C)%D + D*n ,n= (0,1,2...)
-        //so current ota app sub type id is x , dest bin subtype is y,total ota app count is n
-        //seq will add (x + n*1 + 1 - seq)%n
-        if (SUB_TYPE_ID(subtype) >= ota_app_count) {
-            return ESP_ERR_INVALID_ARG;
-        }
-
-        ret = esp_partition_mmap(find_partition, 0, find_partition->size, SPI_FLASH_MMAP_DATA, &result, &ota_data_map);
-        if (ret != ESP_OK) {
-            result = NULL;
-            return ret;
-        } else {
-            memcpy(&s_ota_select[0], result, sizeof(ota_select));
-            memcpy(&s_ota_select[1], result + SPI_FLASH_SEC_SIZE, sizeof(ota_select));
-            spi_flash_munmap(ota_data_map);
-        }
-
-        if (ota_select_valid(&s_ota_select[0]) && ota_select_valid(&s_ota_select[1])) {
-            seq = OTA_MAX(s_ota_select[0].ota_seq, s_ota_select[1].ota_seq);
-            while (seq > (SUB_TYPE_ID(subtype) + 1) % ota_app_count + i * ota_app_count) {
-                i++;
-            }
-
-            if (s_ota_select[0].ota_seq >= s_ota_select[1].ota_seq) {
-                return rewrite_ota_seq((SUB_TYPE_ID(subtype) + 1) % ota_app_count + i * ota_app_count, 1, find_partition);
-            } else {
-                return rewrite_ota_seq((SUB_TYPE_ID(subtype) + 1) % ota_app_count + i * ota_app_count, 0, find_partition);
-            }
-
-        } else if (ota_select_valid(&s_ota_select[0])) {
-            while (s_ota_select[0].ota_seq > (SUB_TYPE_ID(subtype) + 1) % ota_app_count + i * ota_app_count) {
-                i++;
-            }
-            return rewrite_ota_seq((SUB_TYPE_ID(subtype) + 1) % ota_app_count + i * ota_app_count, 1, find_partition);
-
-        } else if (ota_select_valid(&s_ota_select[1])) {
-            while (s_ota_select[1].ota_seq > (SUB_TYPE_ID(subtype) + 1) % ota_app_count + i * ota_app_count) {
-                i++;
-            }
-            return rewrite_ota_seq((SUB_TYPE_ID(subtype) + 1) % ota_app_count + i * ota_app_count, 0, find_partition);
-
-        } else {
-            /* Both OTA slots are invalid, probably because unformatted... */
-            return rewrite_ota_seq(SUB_TYPE_ID(subtype) + 1, 0, find_partition);
-        }
-
-    } else {
+    esp_ota_select_entry_t otadata[2];
+    const esp_partition_t *otadata_partition = read_otadata(otadata);
+    if (otadata_partition == NULL) {
         return ESP_ERR_NOT_FOUND;
     }
+
+    int ota_app_count = get_ota_partition_count();
+    if (SUB_TYPE_ID(subtype) >= ota_app_count) {
+        return ESP_ERR_INVALID_ARG;
+    }
+
+    //esp32_idf use two sector for store information about which partition is running
+    //it defined the two sector as ota data partition,two structure esp_ota_select_entry_t is saved in the two sector
+    //named data in first sector as otadata[0], second sector data as otadata[1]
+    //e.g.
+    //if otadata[0].ota_seq == otadata[1].ota_seq == 0xFFFFFFFF,means ota info partition is in init status
+    //so it will boot factory application(if there is),if there's no factory application,it will boot ota[0] application
+    //if otadata[0].ota_seq != 0 and otadata[1].ota_seq != 0,it will choose a max seq ,and get value of max_seq%max_ota_app_number
+    //and boot a subtype (mask 0x0F) value is (max_seq - 1)%max_ota_app_number,so if want switch to run ota[x],can use next formulas.
+    //for example, if otadata[0].ota_seq = 4, otadata[1].ota_seq = 5, and there are 8 ota application,
+    //current running is (5-1)%8 = 4,running ota[4],so if we want to switch to run ota[7],
+    //we should add otadata[0].ota_seq (is 4) to 4 ,(8-1)%8=7,then it will boot ota[7]
+    //if      A=(B - C)%D
+    //then    B=(A + C)%D + D*n ,n= (0,1,2...)
+    //so current ota app sub type id is x , dest bin subtype is y,total ota app count is n
+    //seq will add (x + n*1 + 1 - seq)%n
+
+    int active_otadata = bootloader_common_get_active_otadata(otadata);
+    if (active_otadata != -1) {
+        uint32_t seq = otadata[active_otadata].ota_seq;
+        uint32_t i = 0;
+        while (seq > (SUB_TYPE_ID(subtype) + 1) % ota_app_count + i * ota_app_count) {
+            i++;
+        }
+        int next_otadata = (~active_otadata)&1; // if 0 -> will be next 1. and if 1 -> will be next 0.
+        otadata[next_otadata].ota_state = set_new_state_otadata();
+        return rewrite_ota_seq(otadata, (SUB_TYPE_ID(subtype) + 1) % ota_app_count + i * ota_app_count, next_otadata, otadata_partition);
+    } else {
+        /* Both OTA slots are invalid, probably because unformatted... */
+        int next_otadata = 0;
+        otadata[next_otadata].ota_state = set_new_state_otadata();
+        return rewrite_ota_seq(otadata, SUB_TYPE_ID(subtype) + 1, next_otadata, otadata_partition);
+    }
 }
 
 esp_err_t esp_ota_set_boot_partition(const esp_partition_t *partition)
 {
-    const esp_partition_t *find_partition = NULL;
     if (partition == NULL) {
         return ESP_ERR_INVALID_ARG;
     }
 
-    esp_image_metadata_t data;
-    const esp_partition_pos_t part_pos = {
-        .offset = partition->address,
-        .size = partition->size,
-    };
-    if (esp_image_verify(ESP_IMAGE_VERIFY, &part_pos, &data) != ESP_OK) {
+    if (image_validate(partition, ESP_IMAGE_VERIFY) != ESP_OK) {
         return ESP_ERR_OTA_VALIDATE_FAILED;
     }
 
-#ifdef CONFIG_SECURE_SIGNED_ON_UPDATE
-    esp_err_t ret = esp_secure_boot_verify_signature(partition->address, data.image_len);
-    if (ret != ESP_OK) {
-        return ESP_ERR_OTA_VALIDATE_FAILED;
-    }
-#endif
     // if set boot partition to factory bin ,just format ota info partition
     if (partition->type == ESP_PARTITION_TYPE_APP) {
         if (partition->subtype == ESP_PARTITION_SUBTYPE_APP_FACTORY) {
-            find_partition = esp_partition_find_first(ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_OTA, NULL);
+            const esp_partition_t *find_partition = esp_partition_find_first(ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_OTA, NULL);
             if (find_partition != NULL) {
                 return esp_partition_erase_range(find_partition, 0, find_partition->size);
             } else {
                 return ESP_ERR_NOT_FOUND;
             }
         } else {
-            // try to find this partition in flash,if not find it ,return error
-            find_partition = esp_partition_find_first(ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_OTA, NULL);
-            if (find_partition != NULL) {
-                return esp_rewrite_ota_data(partition->subtype);
-            } else {
-                return ESP_ERR_NOT_FOUND;
+#ifdef CONFIG_APP_ANTI_ROLLBACK
+            esp_app_desc_t partition_app_desc;
+            esp_err_t err = esp_ota_get_partition_description(partition, &partition_app_desc);
+            if (err != ESP_OK) {
+                return err;
             }
+
+            if (esp_efuse_check_secure_version(partition_app_desc.secure_version) == false) {
+                ESP_LOGE(TAG, "This a new partition can not be booted due to a secure version is lower than stored in efuse. Partition will be erased.");
+                esp_err_t err = esp_partition_erase_range(partition, 0, partition->size);
+                if (err != ESP_OK) {
+                    return err;
+                }
+                return ESP_ERR_OTA_SMALL_SEC_VER;
+            }
+#endif
+            return esp_rewrite_ota_data(partition->subtype);
         }
     } else {
         return ESP_ERR_INVALID_ARG;
@@ -435,58 +454,30 @@ static const esp_partition_t *find_default_boot_partition(void)
 
 const esp_partition_t *esp_ota_get_boot_partition(void)
 {
-    esp_err_t ret;
-    const esp_partition_t *find_partition = NULL;
-    spi_flash_mmap_handle_t ota_data_map;
-    const void *result = NULL;
-    uint16_t ota_app_count = 0;
-    find_partition = esp_partition_find_first(ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_OTA, NULL);
-
-    if (find_partition == NULL) {
-        ESP_LOGE(TAG, "not found ota data");
+    esp_ota_select_entry_t otadata[2];
+    const esp_partition_t *otadata_partition = read_otadata(otadata);
+    if (otadata_partition == NULL) {
         return NULL;
     }
 
-    ret = esp_partition_mmap(find_partition, 0, find_partition->size, SPI_FLASH_MMAP_DATA, &result, &ota_data_map);
-    if (ret != ESP_OK) {
-        spi_flash_munmap(ota_data_map);
-        ESP_LOGE(TAG, "mmap ota data filed");
-        return NULL;
-    } else {
-        memcpy(&s_ota_select[0], result, sizeof(ota_select));
-        memcpy(&s_ota_select[1], result + 0x1000, sizeof(ota_select));
-        spi_flash_munmap(ota_data_map);
-    }
-    ota_app_count = get_ota_partition_count();
-
+    int ota_app_count = get_ota_partition_count();
     ESP_LOGD(TAG, "found ota app max = %d", ota_app_count);
 
-    if (s_ota_select[0].ota_seq == 0xFFFFFFFF && s_ota_select[1].ota_seq == 0xFFFFFFFF) {
-        ESP_LOGD(TAG, "finding factory app......");
+    if ((bootloader_common_ota_select_invalid(&otadata[0]) &&
+         bootloader_common_ota_select_invalid(&otadata[1])) ||
+         ota_app_count == 0) {
+        ESP_LOGD(TAG, "finding factory app...");
         return find_default_boot_partition();
-    } else if (ota_select_valid(&s_ota_select[0]) && ota_select_valid(&s_ota_select[1])) {
-        ESP_LOGD(TAG, "finding ota_%d app......", \
-                 ESP_PARTITION_SUBTYPE_APP_OTA_MIN + ((OTA_MAX(s_ota_select[0].ota_seq, s_ota_select[1].ota_seq) - 1) % ota_app_count));
-
-        return esp_partition_find_first(ESP_PARTITION_TYPE_APP, \
-                                        ESP_PARTITION_SUBTYPE_APP_OTA_MIN + ((OTA_MAX(s_ota_select[0].ota_seq, s_ota_select[1].ota_seq) - 1) % ota_app_count), NULL);
-    } else if (ota_select_valid(&s_ota_select[0])) {
-        ESP_LOGD(TAG, "finding ota_%d app......", \
-                 ESP_PARTITION_SUBTYPE_APP_OTA_MIN + (s_ota_select[0].ota_seq - 1) % ota_app_count);
-
-        return esp_partition_find_first(ESP_PARTITION_TYPE_APP, \
-                                        ESP_PARTITION_SUBTYPE_APP_OTA_MIN + (s_ota_select[0].ota_seq - 1) % ota_app_count, NULL);
-
-    } else if (ota_select_valid(&s_ota_select[1])) {
-        ESP_LOGD(TAG, "finding ota_%d app......", \
-                 ESP_PARTITION_SUBTYPE_APP_OTA_MIN + (s_ota_select[1].ota_seq - 1) % ota_app_count);
-
-        return esp_partition_find_first(ESP_PARTITION_TYPE_APP, \
-                                        ESP_PARTITION_SUBTYPE_APP_OTA_MIN + (s_ota_select[1].ota_seq - 1) % ota_app_count, NULL);
-
     } else {
-        ESP_LOGE(TAG, "ota data invalid, no current app. Assuming factory");
-        return find_default_boot_partition();
+        int active_otadata = bootloader_common_get_active_otadata(otadata);
+        if (active_otadata != -1) {
+            int ota_slot = (otadata[active_otadata].ota_seq - 1) % ota_app_count; // Actual OTA partition selection
+            ESP_LOGD(TAG, "finding ota_%d app...", ESP_PARTITION_SUBTYPE_APP_OTA_MIN + ota_slot);
+            return esp_partition_find_first(ESP_PARTITION_TYPE_APP, ESP_PARTITION_SUBTYPE_APP_OTA_MIN + ota_slot, NULL);
+        } else {
+            ESP_LOGE(TAG, "ota data invalid, no current app. Assuming factory");
+            return find_default_boot_partition();
+        }
     }
 }
 
@@ -575,3 +566,265 @@ const esp_partition_t* esp_ota_get_next_update_partition(const esp_partition_t *
     return default_ota;
 
 }
+
+esp_err_t esp_ota_get_partition_description(const esp_partition_t *partition, esp_app_desc_t *app_desc)
+{
+    if (partition == NULL || app_desc == NULL) {
+        return ESP_ERR_INVALID_ARG;
+    }
+
+    if(partition->type != ESP_PARTITION_TYPE_APP) {
+        return ESP_ERR_NOT_SUPPORTED;
+    }
+
+    esp_err_t err = esp_partition_read(partition, sizeof(esp_image_header_t) + sizeof(esp_image_segment_header_t), app_desc, sizeof(esp_app_desc_t));
+    if (err != ESP_OK) {
+        return err;
+    }
+
+    if (app_desc->magic_word != ESP_APP_DESC_MAGIC_WORD) {
+        return ESP_ERR_NOT_FOUND;
+    }
+
+    return ESP_OK;
+}
+
+#ifdef CONFIG_APP_ANTI_ROLLBACK
+static esp_err_t esp_ota_set_anti_rollback(void) {
+    const esp_app_desc_t *app_desc = esp_ota_get_app_description();
+    return esp_efuse_update_secure_version(app_desc->secure_version);
+}
+#endif
+
+// Checks applications on the slots which can be booted in case of rollback.
+// Returns true if the slots have at least one app (except the running app).
+bool esp_ota_check_rollback_is_possible(void)
+{
+    esp_ota_select_entry_t otadata[2];
+    if (read_otadata(otadata) == NULL) {
+        return false;
+    }
+
+    int ota_app_count = get_ota_partition_count();
+    if (ota_app_count == 0) {
+        return false;
+    }
+
+    bool valid_otadata[2];
+    valid_otadata[0] = bootloader_common_ota_select_valid(&otadata[0]);
+    valid_otadata[1] = bootloader_common_ota_select_valid(&otadata[1]);
+
+    int active_ota = bootloader_common_select_otadata(otadata, valid_otadata, true);
+    if (active_ota == -1) {
+        return false;
+    }
+    int last_active_ota = (~active_ota)&1;
+
+    const esp_partition_t *partition = NULL;
+#ifndef CONFIG_APP_ANTI_ROLLBACK
+    if (valid_otadata[last_active_ota] == false) {
+        partition = esp_partition_find_first(ESP_PARTITION_TYPE_APP, ESP_PARTITION_SUBTYPE_APP_FACTORY, NULL);
+        if (partition != NULL) {
+            if(image_validate(partition, ESP_IMAGE_VERIFY_SILENT) == ESP_OK) {
+                return true;
+            }
+        }
+    }
+#endif
+
+    if (valid_otadata[last_active_ota] == true) {
+        int slot = (otadata[last_active_ota].ota_seq - 1) % ota_app_count;
+        partition = esp_partition_find_first(ESP_PARTITION_TYPE_APP, ESP_PARTITION_SUBTYPE_APP_OTA_MIN + slot, NULL);
+        if (partition != NULL) {
+            if(image_validate(partition, ESP_IMAGE_VERIFY_SILENT) == ESP_OK) {
+#ifdef CONFIG_APP_ANTI_ROLLBACK
+                esp_app_desc_t app_desc;
+                if (esp_ota_get_partition_description(partition, &app_desc) == ESP_OK &&
+                    esp_efuse_check_secure_version(app_desc.secure_version) == true) {
+                    return true;
+                }
+#else
+                return true;
+#endif
+            }
+        }
+    }
+    return false;
+}
+
+// if valid == false - will done rollback with reboot. After reboot will boot previous OTA[x] or Factory partition.
+// if valid == true  - it confirm that current OTA[x] is workable. Reboot will not happen.
+static esp_err_t esp_ota_current_ota_is_workable(bool valid)
+{
+    esp_ota_select_entry_t otadata[2];
+    const esp_partition_t *otadata_partition = read_otadata(otadata);
+    if (otadata_partition == NULL) {
+        return ESP_ERR_NOT_FOUND;
+    }
+
+    int active_otadata = bootloader_common_get_active_otadata(otadata);
+    if (active_otadata != -1 && get_ota_partition_count() != 0) {
+        if (valid == true && otadata[active_otadata].ota_state != ESP_OTA_IMG_VALID) {
+            otadata[active_otadata].ota_state = ESP_OTA_IMG_VALID;
+            ESP_LOGD(TAG, "OTA[current] partition is marked as VALID");
+            esp_err_t err = rewrite_ota_seq(otadata, otadata[active_otadata].ota_seq, active_otadata, otadata_partition);
+#ifdef CONFIG_APP_ANTI_ROLLBACK
+            if (err == ESP_OK) {
+                return esp_ota_set_anti_rollback();
+            }
+#endif
+            return err;
+        } else if (valid == false) {
+            if (esp_ota_check_rollback_is_possible() == false) {
+                ESP_LOGE(TAG, "Rollback is not possible, do not have any suitable apps in slots");
+                return ESP_ERR_OTA_ROLLBACK_FAILED;
+            }
+            ESP_LOGD(TAG, "OTA[current] partition is marked as INVALID");
+            otadata[active_otadata].ota_state = ESP_OTA_IMG_INVALID;
+            esp_err_t err = rewrite_ota_seq(otadata, otadata[active_otadata].ota_seq, active_otadata, otadata_partition);
+            if (err != ESP_OK) {
+                return err;
+            }
+            ESP_LOGI(TAG, "Rollback to previously worked partition. Restart.");
+            esp_restart();
+        }
+    } else {
+        ESP_LOGE(TAG, "Running firmware is factory");
+        return ESP_FAIL;
+    }
+    return ESP_OK;
+}
+
+esp_err_t esp_ota_mark_app_valid_cancel_rollback()
+{
+    return esp_ota_current_ota_is_workable(true);
+}
+
+esp_err_t esp_ota_mark_app_invalid_rollback_and_reboot()
+{
+    return esp_ota_current_ota_is_workable(false);
+}
+
+static bool check_invalid_otadata (const esp_ota_select_entry_t *s) {
+    return s->ota_seq != UINT32_MAX &&
+           s->crc == bootloader_common_ota_select_crc(s) &&
+           (s->ota_state == ESP_OTA_IMG_INVALID ||
+            s->ota_state == ESP_OTA_IMG_ABORTED);
+}
+
+static int get_last_invalid_otadata(const esp_ota_select_entry_t *two_otadata)
+{
+
+    bool invalid_otadata[2];
+    invalid_otadata[0] = check_invalid_otadata(&two_otadata[0]);
+    invalid_otadata[1] = check_invalid_otadata(&two_otadata[1]);
+    int num_invalid_otadata = bootloader_common_select_otadata(two_otadata, invalid_otadata, false);
+    ESP_LOGD(TAG, "Invalid otadata[%d]", num_invalid_otadata);
+    return num_invalid_otadata;
+}
+
+const esp_partition_t* esp_ota_get_last_invalid_partition()
+{
+    esp_ota_select_entry_t otadata[2];
+    if (read_otadata(otadata) == NULL) {
+        return NULL;
+    }
+
+    int invalid_otadata = get_last_invalid_otadata(otadata);
+
+    int ota_app_count = get_ota_partition_count();
+    if (invalid_otadata != -1 && ota_app_count != 0) {
+        int ota_slot = (otadata[invalid_otadata].ota_seq - 1) % ota_app_count;
+        ESP_LOGD(TAG, "Find invalid ota_%d app", ESP_PARTITION_SUBTYPE_APP_OTA_MIN + ota_slot);
+
+        const esp_partition_t* invalid_partition = esp_partition_find_first(ESP_PARTITION_TYPE_APP, ESP_PARTITION_SUBTYPE_APP_OTA_MIN + ota_slot, NULL);
+        if (invalid_partition != NULL) {
+            if (image_validate(invalid_partition, ESP_IMAGE_VERIFY_SILENT) != ESP_OK) {
+                ESP_LOGD(TAG, "Last invalid partition has corrupted app");
+                return NULL;
+            }
+        }
+        return invalid_partition;
+    }
+    return NULL;
+}
+
+esp_err_t esp_ota_get_state_partition(const esp_partition_t *partition, esp_ota_img_states_t *ota_state)
+{
+    if (partition == NULL || ota_state == NULL) {
+        return ESP_ERR_INVALID_ARG;
+    }
+
+    if (!is_ota_partition(partition)) {
+        return ESP_ERR_NOT_SUPPORTED;
+    }
+
+    esp_ota_select_entry_t otadata[2];
+    int ota_app_count = get_ota_partition_count();
+    if (read_otadata(otadata) == NULL || ota_app_count == 0) {
+        return ESP_ERR_NOT_FOUND;
+    }
+
+    int req_ota_slot = partition->subtype - ESP_PARTITION_SUBTYPE_APP_OTA_MIN;
+    bool not_found = true;
+    for (int i = 0; i < 2; ++i) {
+        int ota_slot = (otadata[i].ota_seq - 1) % ota_app_count;
+        if (ota_slot == req_ota_slot && otadata[i].crc == bootloader_common_ota_select_crc(&otadata[i])) {
+            *ota_state = otadata[i].ota_state;
+            not_found = false;
+            break;
+        }
+    }
+
+    if (not_found) {
+        return ESP_ERR_NOT_FOUND;
+    }
+
+    return ESP_OK;
+}
+
+esp_err_t esp_ota_erase_last_boot_app_partition(void)
+{
+    esp_ota_select_entry_t otadata[2];
+    const esp_partition_t* ota_data_partition = read_otadata(otadata);
+    if (ota_data_partition == NULL) {
+        return ESP_FAIL;
+    }
+
+    int active_otadata = bootloader_common_get_active_otadata(otadata);
+    int ota_app_count = get_ota_partition_count();
+    if (active_otadata == -1 || ota_app_count == 0) {
+        return ESP_FAIL;
+    }
+
+    int inactive_otadata = (~active_otadata)&1;
+    if (otadata[inactive_otadata].ota_seq == UINT32_MAX || otadata[inactive_otadata].crc != bootloader_common_ota_select_crc(&otadata[inactive_otadata])) {
+        return ESP_FAIL;
+    }
+
+    int ota_slot = (otadata[inactive_otadata].ota_seq - 1) % ota_app_count; // Actual OTA partition selection
+    ESP_LOGD(TAG, "finding last_boot_app_partition ota_%d app...", ESP_PARTITION_SUBTYPE_APP_OTA_MIN + ota_slot);
+
+    const esp_partition_t* last_boot_app_partition_from_otadata = esp_partition_find_first(ESP_PARTITION_TYPE_APP, ESP_PARTITION_SUBTYPE_APP_OTA_MIN + ota_slot, NULL);
+    if (last_boot_app_partition_from_otadata == NULL) {
+        return ESP_FAIL;
+    }
+
+    const esp_partition_t* running_partition = esp_ota_get_running_partition();
+    if (running_partition == NULL || last_boot_app_partition_from_otadata == running_partition) {
+        return ESP_FAIL;
+    }
+
+    esp_err_t err = esp_partition_erase_range(last_boot_app_partition_from_otadata, 0, last_boot_app_partition_from_otadata->size);
+    if (err != ESP_OK) {
+        return err;
+    }
+
+    int sec_id = inactive_otadata;
+    err = esp_partition_erase_range(ota_data_partition, sec_id * SPI_FLASH_SEC_SIZE, SPI_FLASH_SEC_SIZE);
+    if (err != ESP_OK) {
+        return err;
+    }
+
+    return ESP_OK;
+}

components/app_update/gen_empty_partition.py

@@ -1,82 +0,0 @@
-#!/usr/bin/env python
-#
-# generates an empty binary file
-# 
-# This tool generates an empty binary file of the required size.
-#
-# Copyright 2018 Espressif Systems (Shanghai) PTE LTD
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-#     http:#www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-from __future__ import print_function, division
-from __future__ import unicode_literals
-import argparse
-import os
-import re
-import struct
-import sys
-import hashlib
-import binascii
-
-__version__ = '1.0'
-
-quiet = False
-
-def status(msg):
-    """ Print status message to stderr """
-    if not quiet:
-        critical(msg)
-
-def critical(msg):
-    """ Print critical message to stderr """
-    if not quiet:
-        sys.stderr.write(msg)
-        sys.stderr.write('\n')
-
-def generate_blanked_file(size, output_path):
-    output = b"\xFF" * size
-    try:
-        stdout_binary = sys.stdout.buffer  # Python 3
-    except AttributeError:
-        stdout_binary = sys.stdout
-    with stdout_binary if output_path == '-' else open(output_path, 'wb') as f:
-        f.write(output)
-
-def main():
-    global quiet
-    parser = argparse.ArgumentParser(description='Generates an empty binary file of the required size.')
-
-    parser.add_argument('--quiet', '-q', help="Don't print status messages to stderr", action='store_true')
-
-    parser.add_argument('--size', help='Size of generated the file',  type=str, required=True)
-    
-    parser.add_argument('output', help='Path for binary file.', nargs='?', default='-')
-    args = parser.parse_args()
-
-    quiet = args.quiet
-
-    size = int(args.size, 0)
-    if size > 0 :
-        generate_blanked_file(size, args.output)
-    return 0
-    
-class InputError(RuntimeError):
-    def __init__(self, e):
-        super(InputError, self).__init__(e)
-
-if __name__ == '__main__':
-    try:
-        r = main()
-        sys.exit(r)
-    except InputError as e:
-        print(e, file=sys.stderr)
-        sys.exit(2)

components/app_update/include/esp_ota_ops.h

@@ -20,6 +20,8 @@
 #include <stddef.h>
 #include "esp_err.h"
 #include "esp_partition.h"
+#include "esp_image_format.h"
+#include "esp_flash_data_types.h"
 
 #ifdef __cplusplus
 extern "C"
@@ -32,6 +34,10 @@ extern "C"
 #define ESP_ERR_OTA_PARTITION_CONFLICT           (ESP_ERR_OTA_BASE + 0x01)  /*!< Error if request was to write or erase the current running partition */
 #define ESP_ERR_OTA_SELECT_INFO_INVALID          (ESP_ERR_OTA_BASE + 0x02)  /*!< Error if OTA data partition contains invalid content */
 #define ESP_ERR_OTA_VALIDATE_FAILED              (ESP_ERR_OTA_BASE + 0x03)  /*!< Error if OTA app image is invalid */
+#define ESP_ERR_OTA_SMALL_SEC_VER                (ESP_ERR_OTA_BASE + 0x04)  /*!< Error if the firmware has a secure version less than the running firmware. */
+#define ESP_ERR_OTA_ROLLBACK_FAILED              (ESP_ERR_OTA_BASE + 0x05)  /*!< Error if flash does not have valid firmware in passive partition and hence rollback is not possible */
+#define ESP_ERR_OTA_ROLLBACK_INVALID_STATE       (ESP_ERR_OTA_BASE + 0x06)  /*!< Error if current active firmware is still marked in pending validation state (ESP_OTA_IMG_PENDING_VERIFY), essentially first boot of firmware image post upgrade and hence firmware upgrade is not possible */
+
 
 /**
  * @brief Opaque handle for an application OTA update
@@ -41,6 +47,24 @@ extern "C"
  */
 typedef uint32_t esp_ota_handle_t;
 
+/**
+ * @brief   Return esp_app_desc structure. This structure includes app version.
+ * 
+ * Return description for running app.
+ * @return Pointer to esp_app_desc structure.
+ */
+const esp_app_desc_t *esp_ota_get_app_description(void);
+
+/**
+ * @brief   Fill the provided buffer with SHA256 of the ELF file, formatted as hexadecimal, null-terminated.
+ * If the buffer size is not sufficient to fit the entire SHA256 in hex plus a null terminator,
+ * the largest possible number of bytes will be written followed by a null.
+ * @param dst   Destination buffer
+ * @param size  Size of the buffer
+ * @return      Number of bytes written to dst (including null terminator)
+ */
+int esp_ota_get_app_elf_sha256(char* dst, size_t size);
+
 /**
  * @brief   Commence an OTA update writing to the specified partition.
 
@@ -52,6 +76,10 @@ typedef uint32_t esp_ota_handle_t;
  * On success, this function allocates memory that remains in use
  * until esp_ota_end() is called with the returned handle.
  *
+ * Note: If the rollback option is enabled and the running application has the ESP_OTA_IMG_PENDING_VERIFY state then
+ * it will lead to the ESP_ERR_OTA_ROLLBACK_INVALID_STATE error. Confirm the running app before to run download a new app,
+ * use esp_ota_mark_app_valid_cancel_rollback() function for it (this should be done as early as possible when you first download a new application).
+ *
  * @param partition Pointer to info for partition which will receive the OTA update. Required.
  * @param image_size Size of new OTA app image. Partition will be erased in order to receive this size of image. If 0 or OTA_SIZE_UNKNOWN, the entire partition is erased.
  * @param out_handle On success, returns a handle which should be used for subsequent esp_ota_write() and esp_ota_end() calls.
@@ -65,6 +93,7 @@ typedef uint32_t esp_ota_handle_t;
  *    - ESP_ERR_OTA_SELECT_INFO_INVALID: The OTA data partition contains invalid data.
  *    - ESP_ERR_INVALID_SIZE: Partition doesn't fit in configured flash size.
  *    - ESP_ERR_FLASH_OP_TIMEOUT or ESP_ERR_FLASH_OP_FAIL: Flash write failed.
+ *    - ESP_ERR_OTA_ROLLBACK_INVALID_STATE: If the running app has not confirmed state. Before performing an update, the application must be valid.
  */
 esp_err_t esp_ota_begin(const esp_partition_t* partition, size_t image_size, esp_ota_handle_t* out_handle);
 
@@ -170,6 +199,83 @@ const esp_partition_t* esp_ota_get_running_partition(void);
  */
 const esp_partition_t* esp_ota_get_next_update_partition(const esp_partition_t *start_from);
 
+/**
+ * @brief Returns esp_app_desc structure for app partition. This structure includes app version.
+ * 
+ * Returns a description for the requested app partition.
+ * @param[in] partition     Pointer to app partition. (only app partition)
+ * @param[out] app_desc     Structure of info about app.
+ * @return
+ *  - ESP_OK                Successful.
+ *  - ESP_ERR_NOT_FOUND     app_desc structure is not found. Magic word is incorrect.
+ *  - ESP_ERR_NOT_SUPPORTED Partition is not application.
+ *  - ESP_ERR_INVALID_ARG   Arguments is NULL or if partition's offset exceeds partition size.
+ *  - ESP_ERR_INVALID_SIZE  Read would go out of bounds of the partition.
+ *  - or one of error codes from lower-level flash driver.
+ */
+esp_err_t esp_ota_get_partition_description(const esp_partition_t *partition, esp_app_desc_t *app_desc);
+
+/**
+ * @brief This function is called to indicate that the running app is working well.
+ *
+ * @return
+ *  - ESP_OK: if successful.
+ */
+esp_err_t esp_ota_mark_app_valid_cancel_rollback();
+
+/**
+ * @brief This function is called to roll back to the previously workable app with reboot.
+ *
+ * If rollback is successful then device will reset else API will return with error code.
+ * Checks applications on a flash drive that can be booted in case of rollback.
+ * If the flash does not have at least one app (except the running app) then rollback is not possible.
+ * @return
+ *  - ESP_FAIL: if not successful.
+ *  - ESP_ERR_OTA_ROLLBACK_FAILED: The rollback is not possible due to flash does not have any apps.
+ */
+esp_err_t esp_ota_mark_app_invalid_rollback_and_reboot();
+
+/**
+ * @brief Returns last partition with invalid state (ESP_OTA_IMG_INVALID or ESP_OTA_IMG_ABORTED).
+ *
+ * @return partition.
+ */
+const esp_partition_t* esp_ota_get_last_invalid_partition();
+
+/**
+ * @brief Returns state for given partition.
+ *
+ * @param[in] partition  Pointer to partition.
+ * @param[out] ota_state state of partition (if this partition has a record in otadata).
+ * @return
+ *        - ESP_OK:                 Successful.
+ *        - ESP_ERR_INVALID_ARG:    partition or ota_state arguments were NULL.
+ *        - ESP_ERR_NOT_SUPPORTED:  partition is not ota.
+ *        - ESP_ERR_NOT_FOUND:      Partition table does not have otadata or state was not found for given partition.
+ */
+esp_err_t esp_ota_get_state_partition(const esp_partition_t *partition, esp_ota_img_states_t *ota_state);
+
+/**
+ * @brief Erase previous boot app partition and corresponding otadata select for this partition.
+ *
+ * When current app is marked to as valid then you can erase previous app partition.
+ * @return
+ *        - ESP_OK:   Successful, otherwise ESP_ERR.
+ */
+esp_err_t esp_ota_erase_last_boot_app_partition(void);
+
+/**
+ * @brief Checks applications on the slots which can be booted in case of rollback.
+ *
+ * These applications should be valid (marked in otadata as not UNDEFINED, INVALID or ABORTED and crc is good) and be able booted,
+ * and secure_version of app >= secure_version of efuse (if anti-rollback is enabled).
+ *
+ * @return
+ *        - True: Returns true if the slots have at least one app (except the running app).
+ *        - False: The rollback is not possible.
+ */
+bool esp_ota_check_rollback_is_possible(void);
+
 #ifdef __cplusplus
 }
 #endif

components/app_update/otatool.py

@@ -0,0 +1,339 @@
+#!/usr/bin/env python
+#
+# otatool is used to perform ota-level operations - flashing ota partition
+# erasing ota partition and switching ota partition
+#
+# Copyright 2018 Espressif Systems (Shanghai) PTE LTD
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http:#www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+from __future__ import print_function, division
+import argparse
+import os
+import sys
+import binascii
+import subprocess
+import tempfile
+import collections
+import struct
+
+__version__ = '1.0'
+
+IDF_COMPONENTS_PATH = os.path.expandvars(os.path.join("$IDF_PATH", "components"))
+
+PARTTOOL_PY = os.path.join(IDF_COMPONENTS_PATH, "partition_table", "parttool.py")
+
+SPI_FLASH_SEC_SIZE = 0x2000
+
+quiet = False
+
+
+def status(msg):
+    if not quiet:
+        print(msg)
+
+
+def _invoke_parttool(parttool_args, args, output=False, partition=None):
+    invoke_args = []
+
+    if partition:
+        invoke_args += [sys.executable, PARTTOOL_PY] + partition
+    else:
+        invoke_args += [sys.executable, PARTTOOL_PY, "--partition-type", "data", "--partition-subtype", "ota"]
+
+    if quiet:
+        invoke_args += ["-q"]
+
+    if args.port != "":
+        invoke_args += ["--port", args.port]
+
+    if args.partition_table_file:
+        invoke_args += ["--partition-table-file", args.partition_table_file]
+
+    if args.partition_table_offset:
+        invoke_args += ["--partition-table-offset", args.partition_table_offset]
+
+    invoke_args += parttool_args
+
+    if output:
+        return subprocess.check_output(invoke_args)
+    else:
+        return subprocess.check_call(invoke_args)
+
+
+def _get_otadata_contents(args, check=True):
+    global quiet
+
+    if check:
+        check_args = ["get_partition_info", "--info", "offset", "size"]
+
+        quiet = True
+        output = _invoke_parttool(check_args, args, True).split(b" ")
+        quiet = args.quiet
+
+        if not output:
+            raise RuntimeError("No ota_data partition found")
+
+    with tempfile.NamedTemporaryFile(delete=False) as f:
+        f_name = f.name
+
+    try:
+        invoke_args = ["read_partition", "--output", f_name]
+        _invoke_parttool(invoke_args, args)
+        with open(f_name, "rb") as f:
+            contents = f.read()
+    finally:
+        os.unlink(f_name)
+
+    return contents
+
+
+def _get_otadata_status(otadata_contents):
+    status = []
+
+    otadata_status = collections.namedtuple("otadata_status", "seq crc")
+
+    for i in range(2):
+        start = i * (SPI_FLASH_SEC_SIZE >> 1)
+
+        seq = bytearray(otadata_contents[start:start + 4])
+        crc = bytearray(otadata_contents[start + 28:start + 32])
+
+        seq = struct.unpack('>I', seq)
+        crc = struct.unpack('>I', crc)
+
+        status.append(otadata_status(seq[0], crc[0]))
+
+    return status
+
+
+def read_otadata(args):
+    status("Reading ota_data partition contents...")
+    otadata_info = _get_otadata_contents(args)
+    otadata_info = _get_otadata_status(otadata_info)
+
+    print(otadata_info)
+
+    print("\t\t{:11}\t{:8s}|\t{:8s}\t{:8s}".format("OTA_SEQ", "CRC", "OTA_SEQ", "CRC"))
+    print("Firmware:  0x{:8x}  \t 0x{:8x} |\t0x{:8x} \t 0x{:8x}".format(otadata_info[0].seq, otadata_info[0].crc,
+                                                                        otadata_info[1].seq, otadata_info[1].crc))
+
+
+def erase_otadata(args):
+    status("Erasing ota_data partition contents...")
+    _invoke_parttool(["erase_partition"], args)
+    status("Erased ota_data partition contents")
+
+
+def switch_otadata(args):
+    sys.path.append(os.path.join(IDF_COMPONENTS_PATH, "partition_table"))
+    import gen_esp32part as gen
+
+    with tempfile.NamedTemporaryFile(delete=False) as f:
+        f_name = f.name
+
+    try:
+        def is_otadata_status_valid(status):
+            seq = status.seq % (1 << 32)
+            crc = hex(binascii.crc32(struct.pack("I", seq), 0xFFFFFFFF) % (1 << 32))
+            return seq < (int('0xFFFFFFFF', 16) % (1 << 32)) and status.crc == crc
+
+        status("Looking for ota app partitions...")
+
+        # In order to get the number of ota app partitions, we need the partition table
+        partition_table = None
+        invoke_args = ["get_partition_info", "--table", f_name]
+
+        _invoke_parttool(invoke_args, args)
+
+        partition_table = open(f_name, "rb").read()
+        partition_table = gen.PartitionTable.from_binary(partition_table)
+
+        ota_partitions = list()
+
+        for i in range(gen.NUM_PARTITION_SUBTYPE_APP_OTA):
+            ota_partition = filter(lambda p: p.subtype == (gen.MIN_PARTITION_SUBTYPE_APP_OTA + i), partition_table)
+
+            try:
+                ota_partitions.append(list(ota_partition)[0])
+            except IndexError:
+                break
+
+        ota_partitions = sorted(ota_partitions, key=lambda p: p.subtype)
+
+        if not ota_partitions:
+            raise RuntimeError("No ota app partitions found")
+
+        status("Verifying partition to switch to exists...")
+
+        # Look for the app partition to switch to
+        ota_partition_next = None
+
+        try:
+            if args.name:
+                ota_partition_next = filter(lambda p: p.name == args.name, ota_partitions)
+            else:
+                ota_partition_next = filter(lambda p: p.subtype - gen.MIN_PARTITION_SUBTYPE_APP_OTA  == args.slot, ota_partitions)
+
+            ota_partition_next = list(ota_partition_next)[0]
+        except IndexError:
+            raise RuntimeError("Partition to switch to not found")
+
+        otadata_contents = _get_otadata_contents(args)
+        otadata_status = _get_otadata_status(otadata_contents)
+
+        # Find the copy to base the computation for ota sequence number on
+        otadata_compute_base = -1
+
+        # Both are valid, take the max as computation base
+        if is_otadata_status_valid(otadata_status[0]) and is_otadata_status_valid(otadata_status[1]):
+            if otadata_status[0].seq >= otadata_status[1].seq:
+                otadata_compute_base = 0
+            else:
+                otadata_compute_base = 1
+        # Only one copy is valid, use that
+        elif is_otadata_status_valid(otadata_status[0]):
+            otadata_compute_base = 0
+        elif is_otadata_status_valid(otadata_status[1]):
+            otadata_compute_base = 1
+        # Both are invalid (could be initial state - all 0xFF's)
+        else:
+            pass
+
+        ota_seq_next = 0
+        ota_partitions_num = len(ota_partitions)
+
+        target_seq = (ota_partition_next.subtype & 0x0F) + 1
+
+        # Find the next ota sequence number
+        if otadata_compute_base == 0 or otadata_compute_base == 1:
+            base_seq = otadata_status[otadata_compute_base].seq % (1 << 32)
+
+            i = 0
+            while base_seq > target_seq % ota_partitions_num + i * ota_partitions_num:
+                i += 1
+
+            ota_seq_next = target_seq % ota_partitions_num + i * ota_partitions_num
+        else:
+            ota_seq_next = target_seq
+
+        # Create binary data from computed values
+        ota_seq_next = struct.pack("I", ota_seq_next)
+        ota_seq_crc_next = binascii.crc32(ota_seq_next, 0xFFFFFFFF) % (1 << 32)
+        ota_seq_crc_next = struct.pack("I", ota_seq_crc_next)
+
+        with open(f_name, "wb") as otadata_next_file:
+            start = (1 if otadata_compute_base == 0 else 0) * (SPI_FLASH_SEC_SIZE >> 1)
+
+            otadata_next_file.write(otadata_contents)
+
+            otadata_next_file.seek(start)
+            otadata_next_file.write(ota_seq_next)
+
+            otadata_next_file.seek(start + 28)
+            otadata_next_file.write(ota_seq_crc_next)
+
+            otadata_next_file.flush()
+
+        _invoke_parttool(["write_partition", "--input", f_name], args)
+        status("Updated ota_data partition")
+    finally:
+        os.unlink(f_name)
+
+
+def _get_partition_specifier(args):
+    if args.name:
+        return ["--partition-name", args.name]
+    else:
+        return ["--partition-type", "app", "--partition-subtype", "ota_" + str(args.slot)]
+
+
+def read_ota_partition(args):
+    invoke_args = ["read_partition", "--output", args.output]
+    _invoke_parttool(invoke_args, args, partition=_get_partition_specifier(args))
+    status("Read ota partition contents to file {}".format(args.output))
+
+
+def write_ota_partition(args):
+    invoke_args = ["write_partition", "--input", args.input]
+    _invoke_parttool(invoke_args, args, partition=_get_partition_specifier(args))
+    status("Written contents of file {} to ota partition".format(args.input))
+
+
+def erase_ota_partition(args):
+    invoke_args = ["erase_partition"]
+    _invoke_parttool(invoke_args, args, partition=_get_partition_specifier(args))
+    status("Erased contents of ota partition")
+
+
+def main():
+    global quiet
+
+    parser = argparse.ArgumentParser("ESP-IDF OTA Partitions Tool")
+
+    parser.add_argument("--quiet", "-q", help="suppress stderr messages", action="store_true")
+
+    # There are two possible sources for the partition table: a device attached to the host
+    # or a partition table CSV/binary file. These sources are mutually exclusive.
+    partition_table_info_source_args = parser.add_mutually_exclusive_group()
+
+    partition_table_info_source_args.add_argument("--port", "-p", help="port where the device to read the partition table from is attached", default="")
+    partition_table_info_source_args.add_argument("--partition-table-file", "-f", help="file (CSV/binary) to read the partition table from", default="")
+
+    parser.add_argument("--partition-table-offset", "-o", help="offset to read the partition table from", default="0x8000")
+
+    subparsers = parser.add_subparsers(dest="operation", help="run otatool -h for additional help")
+
+    # Specify the supported operations
+    subparsers.add_parser("read_otadata", help="read otadata partition")
+    subparsers.add_parser("erase_otadata", help="erase otadata partition")
+
+    slot_or_name_parser = argparse.ArgumentParser(add_help=False)
+    slot_or_name_parser_args = slot_or_name_parser.add_mutually_exclusive_group()
+    slot_or_name_parser_args.add_argument("--slot", help="slot number of the ota partition", type=int)
+    slot_or_name_parser_args.add_argument("--name", help="name of the ota partition")
+
+    subparsers.add_parser("switch_otadata", help="switch otadata partition", parents=[slot_or_name_parser])
+
+    read_ota_partition_subparser = subparsers.add_parser("read_ota_partition", help="read contents of an ota partition", parents=[slot_or_name_parser])
+    read_ota_partition_subparser.add_argument("--output", help="file to write the contents of the ota partition to")
+
+    write_ota_partition_subparser = subparsers.add_parser("write_ota_partition", help="write contents to an ota partition", parents=[slot_or_name_parser])
+    write_ota_partition_subparser.add_argument("--input", help="file whose contents to write to the ota partition")
+
+    subparsers.add_parser("erase_ota_partition", help="erase contents of an ota partition", parents=[slot_or_name_parser])
+
+    args = parser.parse_args()
+
+    quiet = args.quiet
+
+    # No operation specified, display help and exit
+    if args.operation is None:
+        if not quiet:
+            parser.print_help()
+        sys.exit(1)
+
+    # Else execute the operation
+    operation_func = globals()[args.operation]
+
+    if quiet:
+        # If exceptions occur, suppress and exit quietly
+        try:
+            operation_func(args)
+        except Exception:
+            sys.exit(2)
+    else:
+        operation_func(args)
+
+
+if __name__ == '__main__':
+    main()

components/app_update/project_include.cmake

@@ -3,6 +3,7 @@
 # partition table
 # (NB: because of component dependency, we know partition_table
 # project_include.cmake has already been included.)
-if(${OTADATA_PARTITION_OFFSET})
+
+if(OTADATA_PARTITION_OFFSET AND OTADATA_PARTITION_SIZE AND IDF_BUILD_ARTIFACTS)
     set(BLANK_OTADATA_FILE "ota_data_initial.bin")
 endif()

components/app_update/test/CMakeLists.txt

@@ -1,6 +1,6 @@
 set(COMPONENT_SRCDIRS ".")
 set(COMPONENT_ADD_INCLUDEDIRS ".")
 
-set(COMPONENT_REQUIRES unity app_update bootloader_support nvs_flash)
+set(COMPONENT_REQUIRES unity test_utils app_update bootloader_support nvs_flash)
 
 register_component()

components/app_update/test/test_app_desc.c

@@ -0,0 +1,50 @@
+#include <string.h>
+#include "esp_ota_ops.h"
+#include "unity.h"
+
+TEST_CASE("esp_ota_get_app_elf_sha256 test", "[esp_app_desc]")
+{
+    const int sha256_hex_len = 64;
+    char dst[sha256_hex_len + 2];
+    const char fill = 0xcc;
+    int res;
+    size_t len;
+
+    char ref_sha256[sha256_hex_len + 1];
+    const esp_app_desc_t* desc = esp_ota_get_app_description();
+    for (int i = 0; i < sizeof(ref_sha256) / 2; ++i) {
+        snprintf(ref_sha256 + 2*i, 3, "%02x", desc->app_elf_sha256[i]);
+    }
+    ref_sha256[sha256_hex_len] = 0;
+
+    printf("Ref: %s\n", ref_sha256);
+
+    memset(dst, fill, sizeof(dst));
+    len = sizeof(dst);
+    res = esp_ota_get_app_elf_sha256(dst, len);
+    printf("%d: %s (%d)\n", len, dst, res);
+    TEST_ASSERT_EQUAL(sha256_hex_len + 1, res);
+    TEST_ASSERT_EQUAL(0, memcmp(dst, ref_sha256, res - 1));
+    TEST_ASSERT_EQUAL_HEX(0, dst[sha256_hex_len]);
+    TEST_ASSERT_EQUAL_HEX(fill, dst[sha256_hex_len + 1]);
+
+    memset(dst, fill, sizeof(dst));
+    len = 9;
+    res = esp_ota_get_app_elf_sha256(dst, len);
+    printf("%d: %s (%d)\n", len, dst, res);
+    TEST_ASSERT_EQUAL(9, res);
+    TEST_ASSERT_EQUAL(0, memcmp(dst, ref_sha256, res - 1));
+    TEST_ASSERT_EQUAL_HEX(0, dst[8]);
+    TEST_ASSERT_EQUAL_HEX(fill, dst[9]);
+
+    memset(dst, fill, sizeof(dst));
+    len = 8;
+    res = esp_ota_get_app_elf_sha256(dst, len);
+    printf("%d: %s (%d)\n", len, dst, res);
+    // should output even number of characters plus '\0'
+    TEST_ASSERT_EQUAL(7, res);
+    TEST_ASSERT_EQUAL(0, memcmp(dst, ref_sha256, res - 1));
+    TEST_ASSERT_EQUAL_HEX(0, dst[6]);
+    TEST_ASSERT_EQUAL_HEX(fill, dst[7]);
+    TEST_ASSERT_EQUAL_HEX(fill, dst[8]);
+}

components/app_update/test/test_ota_ops.c

@@ -8,7 +8,7 @@
 #include <unity.h>
 #include <test_utils.h>
 #include <esp_ota_ops.h>
-
+#include "bootloader_common.h"
 
 /* These OTA tests currently don't assume an OTA partition exists
    on the device, so they're a bit limited
@@ -84,3 +84,26 @@ TEST_CASE("esp_ota_get_next_update_partition logic", "[ota]")
     TEST_ASSERT_EQUAL_PTR(ota_0, p);
 }
 
+TEST_CASE("esp_ota_get_partition_description ", "[ota]")
+{
+    const esp_partition_t *running = esp_ota_get_running_partition();
+    TEST_ASSERT_NOT_NULL(running);
+    esp_app_desc_t app_desc1, app_desc2;
+    TEST_ESP_OK(esp_ota_get_partition_description(running, &app_desc1));
+    const esp_partition_pos_t running_pos = {
+            .offset = running->address,
+            .size = running->size
+    };
+    TEST_ESP_OK(bootloader_common_get_partition_description(&running_pos, &app_desc2));
+
+    TEST_ASSERT_EQUAL_MEMORY_MESSAGE((uint8_t *)&app_desc1, (uint8_t *)&app_desc2, sizeof(app_desc1), "must be the same");
+
+    const esp_partition_t *not_app = esp_partition_find_first(ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_OTA, NULL);
+    TEST_ASSERT_NOT_NULL(not_app);
+    TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_ota_get_partition_description(not_app, &app_desc1));
+    const esp_partition_pos_t not_app_pos = {
+            .offset = not_app->address,
+            .size = not_app->size
+    };
+    TEST_ESP_ERR(ESP_ERR_NOT_FOUND, bootloader_common_get_partition_description(&not_app_pos, &app_desc1));
+}

components/app_update/test/test_switch_ota.c

@@ -237,6 +237,12 @@ static void reset_output_pin(uint32_t num_pin)
 }
 #endif
 
+static void mark_app_valid(void)
+{
+#ifdef CONFIG_APP_ROLLBACK_ENABLE
+    TEST_ESP_OK(esp_ota_mark_app_valid_cancel_rollback());
+#endif
+}
 
 /* @brief Checks and prepares the partition so that the factory app is launched after that.
  */
@@ -262,15 +268,18 @@ static void test_flow1(void)
         case 3:
             ESP_LOGI(TAG, "OTA0");
             TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype);
+            mark_app_valid();
             copy_current_app_to_next_part_and_reboot(cur_app);
             break;
         case 4:
             ESP_LOGI(TAG, "OTA1");
             TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_1, cur_app->subtype);
+            mark_app_valid();
             copy_current_app_to_next_part_and_reboot(cur_app);
             break;
         case 5:
             ESP_LOGI(TAG, "OTA0");
+            mark_app_valid();
             TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype);
             erase_ota_data();
             break;
@@ -286,7 +295,7 @@ static void test_flow1(void)
 // 3 Stage: run OTA0    -> check it -> copy OTA0 to OTA1                -> reboot  --//--
 // 4 Stage: run OTA1    -> check it -> copy OTA1 to OTA0                -> reboot  --//--
 // 5 Stage: run OTA0    -> check it -> erase OTA_DATA for next tests    -> PASS
-TEST_CASE_MULTIPLE_STAGES("Switching between factory, OTA0, OTA1, OTA0", "[app_update][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET]", start_test, test_flow1, test_flow1, test_flow1, test_flow1);
+TEST_CASE_MULTIPLE_STAGES("Switching between factory, OTA0, OTA1, OTA0", "[app_update][timeout=90][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET]", start_test, test_flow1, test_flow1, test_flow1, test_flow1);
 
 static void test_flow2(void)
 {
@@ -302,6 +311,7 @@ static void test_flow2(void)
         case 3:
             ESP_LOGI(TAG, "OTA0");
             TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype);
+            mark_app_valid();
             copy_current_app_to_next_part(cur_app, get_next_update_partition());
             corrupt_ota_data(CORR_CRC_1_SECTOR_OTA_DATA);
             reboot_as_deep_sleep();
@@ -322,7 +332,7 @@ static void test_flow2(void)
 // 2 Stage: run factory -> check it -> copy factory to OTA0             -> reboot  --//--
 // 3 Stage: run OTA0    -> check it -> corrupt ota data                 -> reboot  --//--
 // 4 Stage: run factory -> check it -> erase OTA_DATA for next tests    -> PASS
-TEST_CASE_MULTIPLE_STAGES("Switching between factory, OTA0, corrupt ota_sec1, factory", "[app_update][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET]", start_test, test_flow2, test_flow2, test_flow2);
+TEST_CASE_MULTIPLE_STAGES("Switching between factory, OTA0, corrupt ota_sec1, factory", "[app_update][timeout=90][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET]", start_test, test_flow2, test_flow2, test_flow2);
 
 static void test_flow3(void)
 {
@@ -338,11 +348,13 @@ static void test_flow3(void)
         case 3:
             ESP_LOGI(TAG, "OTA0");
             TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype);
+            mark_app_valid();
             copy_current_app_to_next_part_and_reboot(cur_app);
             break;
         case 4:
             ESP_LOGI(TAG, "OTA1");
             TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_1, cur_app->subtype);
+            mark_app_valid();
             copy_current_app_to_next_part(cur_app, get_next_update_partition());
             corrupt_ota_data(CORR_CRC_2_SECTOR_OTA_DATA);
             reboot_as_deep_sleep();
@@ -364,7 +376,7 @@ static void test_flow3(void)
 // 3 Stage: run OTA0    -> check it -> copy OTA0 to OTA1                -> reboot  --//--
 // 3 Stage: run OTA1    -> check it -> corrupt ota sector2              -> reboot  --//--
 // 4 Stage: run OTA0    -> check it -> erase OTA_DATA for next tests    -> PASS
-TEST_CASE_MULTIPLE_STAGES("Switching between factory, OTA0, OTA1, currupt ota_sec2, OTA0", "[app_update][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET]", start_test, test_flow3, test_flow3, test_flow3, test_flow3);
+TEST_CASE_MULTIPLE_STAGES("Switching between factory, OTA0, OTA1, currupt ota_sec2, OTA0", "[app_update][timeout=90][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET]", start_test, test_flow3, test_flow3, test_flow3, test_flow3);
 
 #ifdef CONFIG_BOOTLOADER_FACTORY_RESET
 #define STORAGE_NAMESPACE "update_ota"
@@ -394,7 +406,7 @@ static void test_flow4(void)
         case 3:
             ESP_LOGI(TAG, "OTA0");
             TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype);
-
+            mark_app_valid();
             TEST_ESP_OK(nvs_flash_init());
             TEST_ESP_OK(nvs_open(STORAGE_NAMESPACE, NVS_READWRITE, &handle));
             TEST_ESP_OK(nvs_get_i32(handle, "boot_count", &boot_count_nvs));
@@ -431,7 +443,7 @@ static void test_flow4(void)
 // 2 Stage: run factory -> check it -> copy factory to OTA0          -> reboot  --//--
 // 3 Stage: run OTA0    -> check it -> set_pin_factory_reset         -> reboot  --//--
 // 4 Stage: run factory -> check it -> erase OTA_DATA for next tests -> PASS
-TEST_CASE_MULTIPLE_STAGES("Switching between factory, OTA0, sets pin_factory_reset, factory", "[app_update][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET]", start_test, test_flow4, test_flow4, test_flow4);
+TEST_CASE_MULTIPLE_STAGES("Switching between factory, OTA0, sets pin_factory_reset, factory", "[app_update][timeout=90][ignore][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET]", start_test, test_flow4, test_flow4, test_flow4);
 #endif
 
 #ifdef CONFIG_BOOTLOADER_APP_TEST
@@ -474,5 +486,247 @@ static void test_flow5(void)
 // 2 Stage: run factory    -> check it -> copy factory to Test and set pin_test_app -> reboot  --//--
 // 3 Stage: run test       -> check it -> reset pin_test_app                        -> reboot  --//--
 // 4 Stage: run factory    -> check it -> erase OTA_DATA for next tests             -> PASS
-TEST_CASE_MULTIPLE_STAGES("Switching between factory, test, factory", "[app_update][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET]", start_test, test_flow5, test_flow5, test_flow5);
+TEST_CASE_MULTIPLE_STAGES("Switching between factory, test, factory", "[app_update][timeout=90][ignore][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET]", start_test, test_flow5, test_flow5, test_flow5);
 #endif
+
+static const esp_partition_t* app_update(void)
+{
+    const esp_partition_t *cur_app = get_running_firmware();
+    const esp_partition_t* update_partition = esp_ota_get_next_update_partition(NULL);
+    TEST_ASSERT_NOT_NULL(update_partition);
+    esp_ota_handle_t update_handle = 0;
+    TEST_ESP_OK(esp_ota_begin(update_partition, OTA_SIZE_UNKNOWN, &update_handle));
+    copy_app_partition(update_handle, cur_app);
+    TEST_ESP_OK(esp_ota_end(update_handle));
+    TEST_ESP_OK(esp_ota_set_boot_partition(update_partition));
+    return update_partition;
+}
+
+
+static void test_rollback1(void)
+{
+    boot_count++;
+    ESP_LOGI(TAG, "boot count %d", boot_count);
+    const esp_partition_t *cur_app = get_running_firmware();
+    esp_ota_img_states_t ota_state = 0x5555AAAA;
+    const esp_partition_t* update_partition = NULL;
+    switch (boot_count) {
+        case 2:
+            ESP_LOGI(TAG, "Factory");
+            TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_FACTORY, cur_app->subtype);
+            TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition());
+            TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_ota_get_state_partition(cur_app, &ota_state));
+            update_partition = app_update();
+            TEST_ESP_OK(esp_ota_get_state_partition(update_partition, &ota_state));
+#ifndef CONFIG_APP_ROLLBACK_ENABLE
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state);
+#else
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_NEW, ota_state);
+#endif
+            reboot_as_deep_sleep();
+            break;
+        case 3:
+            ESP_LOGI(TAG, "OTA0");
+            TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype);
+            TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition());
+            TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state));
+#ifndef CONFIG_APP_ROLLBACK_ENABLE
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state);
+#else
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_PENDING_VERIFY, ota_state);
+#endif
+            TEST_ESP_OK(esp_ota_mark_app_valid_cancel_rollback());
+            TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state));
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_VALID, ota_state);
+            reboot_as_deep_sleep();
+            break;
+        case 4:
+            ESP_LOGI(TAG, "OTA0");
+            TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype);
+            TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state));
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_VALID, ota_state);
+            TEST_ESP_OK(esp_ota_mark_app_invalid_rollback_and_reboot());
+            break;
+        default:
+            erase_ota_data();
+            TEST_FAIL_MESSAGE("Unexpected stage");
+            break;
+    }
+}
+
+static void test_rollback1_1(void)
+{
+    boot_count = 5;
+    esp_ota_img_states_t ota_state = 0x5555AAAA;
+    ESP_LOGI(TAG, "boot count %d", boot_count);
+    const esp_partition_t *cur_app = get_running_firmware();
+    ESP_LOGI(TAG, "Factory");
+    TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_FACTORY, cur_app->subtype);
+
+    const esp_partition_t *invalid_partition = esp_ota_get_last_invalid_partition();
+    const esp_partition_t* next_update_partition = esp_ota_get_next_update_partition(NULL);
+    TEST_ASSERT_NOT_NULL(invalid_partition);
+    TEST_ASSERT_NOT_NULL(next_update_partition);
+    TEST_ASSERT_EQUAL_PTR(invalid_partition, next_update_partition);
+    TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_ota_get_state_partition(cur_app, &ota_state));
+    TEST_ESP_OK(esp_ota_get_state_partition(invalid_partition, &ota_state));
+    TEST_ASSERT_EQUAL(ESP_OTA_IMG_INVALID, ota_state);
+
+    erase_ota_data();
+}
+
+// 1 Stage: After POWER_RESET erase OTA_DATA for this test                          -> reboot through deep sleep.
+// 2 Stage: run factory    -> check it -> copy factory to next app slot             -> reboot  --//--
+// 3 Stage: run OTA0       -> check it -> esp_ota_mark_app_valid_cancel_rollback()                 -> reboot  --//--
+// 4 Stage: run OTA0       -> check it -> esp_ota_mark_app_invalid_rollback_and_reboot()         -> reboot
+// 5 Stage: run factory    -> check it -> erase OTA_DATA for next tests             -> PASS
+TEST_CASE_MULTIPLE_STAGES("Test rollback. factory, OTA0, OTA0, rollback -> factory", "[app_update][timeout=90][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET, SW_CPU_RESET]", start_test, test_rollback1, test_rollback1, test_rollback1, test_rollback1_1);
+
+static void test_rollback2(void)
+{
+    boot_count++;
+    ESP_LOGI(TAG, "boot count %d", boot_count);
+    const esp_partition_t *cur_app = get_running_firmware();
+    esp_ota_img_states_t ota_state = 0x5555AAAA;
+    const esp_partition_t* update_partition = NULL;
+    switch (boot_count) {
+        case 2:
+            ESP_LOGI(TAG, "Factory");
+            TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_FACTORY, cur_app->subtype);
+            TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition());
+            TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_ota_get_state_partition(cur_app, &ota_state));
+            update_partition = app_update();
+            TEST_ESP_OK(esp_ota_get_state_partition(update_partition, &ota_state));
+#ifndef CONFIG_APP_ROLLBACK_ENABLE
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state);
+#else
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_NEW, ota_state);
+#endif
+            reboot_as_deep_sleep();
+            break;
+        case 3:
+            ESP_LOGI(TAG, "OTA0");
+            TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype);
+            TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition());
+            TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state));
+#ifndef CONFIG_APP_ROLLBACK_ENABLE
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state);
+#else
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_PENDING_VERIFY, ota_state);
+#endif
+            TEST_ESP_OK(esp_ota_mark_app_valid_cancel_rollback());
+            TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition());
+            TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state));
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_VALID, ota_state);
+            update_partition = app_update();
+            TEST_ESP_OK(esp_ota_get_state_partition(update_partition, &ota_state));
+#ifndef CONFIG_APP_ROLLBACK_ENABLE
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state);
+#else
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_NEW, ota_state);
+#endif
+            reboot_as_deep_sleep();
+            break;
+        case 4:
+            ESP_LOGI(TAG, "OTA1");
+            TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_1, cur_app->subtype);
+            TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition());
+            TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state));
+#ifndef CONFIG_APP_ROLLBACK_ENABLE
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state);
+            TEST_ESP_OK(esp_ota_mark_app_invalid_rollback_and_reboot());
+#else
+            TEST_ASSERT_EQUAL(ESP_OTA_IMG_PENDING_VERIFY, ota_state);
+            reboot_as_deep_sleep();
+#endif
+            break;
+        default:
+            erase_ota_data();
+            TEST_FAIL_MESSAGE("Unexpected stage");
+            break;
+    }
+}
+
+static void test_rollback2_1(void)
+{
+    boot_count = 5;
+    esp_ota_img_states_t ota_state = 0x5555AAAA;
+    ESP_LOGI(TAG, "boot count %d", boot_count);
+    const esp_partition_t *cur_app = get_running_firmware();
+    ESP_LOGI(TAG, "OTA0");
+    TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype);
+
+    const esp_partition_t *invalid_partition = esp_ota_get_last_invalid_partition();
+    TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_1, invalid_partition->subtype);
+    const esp_partition_t* next_update_partition = esp_ota_get_next_update_partition(NULL);
+    TEST_ASSERT_NOT_NULL(invalid_partition);
+    TEST_ASSERT_NOT_NULL(next_update_partition);
+    TEST_ASSERT_EQUAL_PTR(invalid_partition, next_update_partition);
+    TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state));
+    TEST_ASSERT_EQUAL(ESP_OTA_IMG_VALID, ota_state);
+    TEST_ESP_OK(esp_ota_get_state_partition(invalid_partition, &ota_state));
+#ifndef CONFIG_APP_ROLLBACK_ENABLE
+    TEST_ASSERT_EQUAL(ESP_OTA_IMG_INVALID, ota_state);
+#else
+    TEST_ASSERT_EQUAL(ESP_OTA_IMG_ABORTED, ota_state);
+#endif
+    erase_ota_data();
+}
+
+// 1 Stage: After POWER_RESET erase OTA_DATA for this test                                     -> reboot through deep sleep.
+// 2 Stage: run factory        -> check it -> copy factory to next app slot                    -> reboot  --//--
+// 3 Stage: run OTA0           -> check it -> esp_ota_mark_app_valid_cancel_rollback(), copy to next app slot -> reboot  --//--
+// 4 Stage: run OTA1           -> check it -> PENDING_VERIFY/esp_ota_mark_app_invalid_rollback_and_reboot() -> reboot
+// 5 Stage: run OTA0(rollback) -> check it -> erase OTA_DATA for next tests                    -> PASS
+TEST_CASE_MULTIPLE_STAGES("Test rollback. factory, OTA0, OTA1, rollback -> OTA0", "[app_update][timeout=90][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET, SW_CPU_RESET]", start_test, test_rollback2, test_rollback2, test_rollback2, test_rollback2_1);
+
+static void test_erase_last_app_flow(void)
+{
+    boot_count++;
+    ESP_LOGI(TAG, "boot count %d", boot_count);
+    const esp_partition_t *cur_app = get_running_firmware();
+    switch (boot_count) {
+        case 2:
+            ESP_LOGI(TAG, "Factory");
+            TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_FACTORY, cur_app->subtype);
+            app_update();
+            reboot_as_deep_sleep();
+            break;
+        case 3:
+            ESP_LOGI(TAG, "OTA0");
+            TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype);
+            mark_app_valid();
+            app_update();
+            reboot_as_deep_sleep();
+            break;
+        case 4:
+            ESP_LOGI(TAG, "OTA1");
+            TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_1, cur_app->subtype);
+            TEST_ESP_OK(esp_ota_erase_last_boot_app_partition());
+            TEST_ESP_OK(esp_ota_mark_app_invalid_rollback_and_reboot());
+            reboot_as_deep_sleep();
+            break;
+        default:
+            erase_ota_data();
+            TEST_FAIL_MESSAGE("Unexpected stage");
+            break;
+    }
+}
+
+static void test_erase_last_app_rollback(void)
+{
+    boot_count = 5;
+    ESP_LOGI(TAG, "boot count %d", boot_count);
+    const esp_partition_t *cur_app = get_running_firmware();
+    ESP_LOGI(TAG, "erase_last_app");
+    TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_FACTORY, cur_app->subtype);
+    TEST_ESP_ERR(ESP_FAIL, esp_ota_erase_last_boot_app_partition());
+    erase_ota_data();
+}
+
+// 1 Stage: After POWER_RESET erase OTA_DATA for this test                                     -> reboot through deep sleep.
+// 2 Stage: run factory        -> check it -> copy factory to OTA0                             -> reboot  --//--
+// 3 Stage: run OTA0           -> check it -> copy factory to OTA1                             -> reboot  --//--
+// 4 Stage: run OTA1           -> check it -> erase OTA0 and rollback                          -> reboot
+// 5 Stage: run factory        -> check it -> erase OTA_DATA for next tests                    -> PASS
+TEST_CASE_MULTIPLE_STAGES("Test erase_last_boot_app_partition. factory, OTA1, OTA0, factory", "[app_update][timeout=90][reset=DEEPSLEEP_RESET, DEEPSLEEP_RESET, DEEPSLEEP_RESET, SW_CPU_RESET]", start_test, test_erase_last_app_flow, test_erase_last_app_flow, test_erase_last_app_flow, test_erase_last_app_rollback);

components/aws_iot/Kconfig

@@ -1,8 +1,8 @@
 menuconfig AWS_IOT_SDK
     bool "Amazon Web Services IoT Platform"
     help
-       Select this option to enable support for the AWS IoT platform,
-       via the esp-idf component for the AWS IoT Device C SDK.
+        Select this option to enable support for the AWS IoT platform,
+        via the esp-idf component for the AWS IoT Device C SDK.
 
 config AWS_IOT_MQTT_HOST
     string "AWS IoT Endpoint Hostname"
@@ -86,74 +86,79 @@ config AWS_IOT_MQTT_MAX_RECONNECT_WAIT_INTERVAL
 menu "Thing Shadow"
     depends on AWS_IOT_SDK
 
-config AWS_IOT_OVERRIDE_THING_SHADOW_RX_BUFFER
-    bool "Override Shadow RX buffer size"
-    depends on AWS_IOT_SDK
-    default n
-    help
-        Allows setting a different Thing Shadow RX buffer
-        size. This is the maximum size of a Thing Shadow
-        message in bytes, plus one.
+    config AWS_IOT_OVERRIDE_THING_SHADOW_RX_BUFFER
+        bool "Override Shadow RX buffer size"
+        depends on AWS_IOT_SDK
+        default n
+        help
+            Allows setting a different Thing Shadow RX buffer
+            size. This is the maximum size of a Thing Shadow
+            message in bytes, plus one.
 
-        If not overridden, the default value is the MQTT RX Buffer length plus one. If overriden, do not set higher than the default value.
+            If not overridden, the default value is the MQTT RX Buffer length plus one. If overriden, do not set
+            higher than the default value.
 
-config AWS_IOT_SHADOW_MAX_SIZE_OF_RX_BUFFER
-    int "Maximum RX Buffer (bytes)"
-    depends on AWS_IOT_OVERRIDE_THING_SHADOW_RX_BUFFER
-    default 513
-    range 32 65536
-    help
-        Allows setting a different Thing Shadow RX buffer size.
-        This is the maximum size of a Thing Shadow message in bytes,
-        plus one.
+    config AWS_IOT_SHADOW_MAX_SIZE_OF_RX_BUFFER
+        int "Maximum RX Buffer (bytes)"
+        depends on AWS_IOT_OVERRIDE_THING_SHADOW_RX_BUFFER
+        default 513
+        range 32 65536
+        help
+            Allows setting a different Thing Shadow RX buffer size.
+            This is the maximum size of a Thing Shadow message in bytes,
+            plus one.
 
 
-config AWS_IOT_SHADOW_MAX_SIZE_OF_UNIQUE_CLIENT_ID_BYTES
-    int "Maximum unique client ID size (bytes)"
-    depends on AWS_IOT_SDK
-    default 80
-    range 4 1000
-    help
-        Maximum size of the Unique Client Id.
+    config AWS_IOT_SHADOW_MAX_SIZE_OF_UNIQUE_CLIENT_ID_BYTES
+        int "Maximum unique client ID size (bytes)"
+        depends on AWS_IOT_SDK
+        default 80
+        range 4 1000
+        help
+            Maximum size of the Unique Client Id.
 
-config AWS_IOT_SHADOW_MAX_SIMULTANEOUS_ACKS
-    int "Maximum simultaneous responses"
-    depends on AWS_IOT_SDK
-    default 10
-    range 1 100
-    help
-        At any given time we will wait for this many responses. This will correlate to the rate at which the shadow actions are requested
+    config AWS_IOT_SHADOW_MAX_SIMULTANEOUS_ACKS
+        int "Maximum simultaneous responses"
+        depends on AWS_IOT_SDK
+        default 10
+        range 1 100
+        help
+            At any given time we will wait for this many responses. This will correlate to the rate at which the
+            shadow actions are requested
 
-config AWS_IOT_SHADOW_MAX_SIMULTANEOUS_THINGNAMES
-    int "Maximum simultaneous Thing Name operations"
-    depends on AWS_IOT_SDK
-    default 10
-    range 1 100
-    help
-       We could perform shadow action on any thing Name and this is maximum Thing Names we can act on at any given time
+    config AWS_IOT_SHADOW_MAX_SIMULTANEOUS_THINGNAMES
+        int "Maximum simultaneous Thing Name operations"
+        depends on AWS_IOT_SDK
+        default 10
+        range 1 100
+        help
+            We could perform shadow action on any thing Name and this is maximum Thing Names we can act on at any
+            given time
 
-config AWS_IOT_SHADOW_MAX_JSON_TOKEN_EXPECTED
-    int "Maximum expected JSON tokens"
-    depends on AWS_IOT_SDK
-    default 120
-    help
-        These are the max tokens that is expected to be in the Shadow JSON document. Includes the metadata which is published
+    config AWS_IOT_SHADOW_MAX_JSON_TOKEN_EXPECTED
+        int "Maximum expected JSON tokens"
+        depends on AWS_IOT_SDK
+        default 120
+        help
+            These are the max tokens that is expected to be in the Shadow JSON document. Includes the metadata which
+            is published
 
-config AWS_IOT_SHADOW_MAX_SHADOW_TOPIC_LENGTH_WITHOUT_THINGNAME
-    int "Maximum topic length (not including Thing Name)"
-    depends on AWS_IOT_SDK
-    default 60
-    range 10 1000
-    help
-       All shadow actions have to be published or subscribed to a topic which is of the format $aws/things/{thingName}/shadow/update/accepted. This refers to the size of the topic without the Thing Name
+    config AWS_IOT_SHADOW_MAX_SHADOW_TOPIC_LENGTH_WITHOUT_THINGNAME
+        int "Maximum topic length (not including Thing Name)"
+        depends on AWS_IOT_SDK
+        default 60
+        range 10 1000
+        help
+            All shadow actions have to be published or subscribed to a topic which is of the format
+            $aws/things/{thingName}/shadow/update/accepted. This refers to the size of the topic without the Thing
+            Name
 
-config AWS_IOT_SHADOW_MAX_SIZE_OF_THING_NAME
-    int "Maximum Thing Name length"
-    depends on AWS_IOT_SDK
-    default 20
-    range 4 1000
-    help
-        Maximum length of a Thing Name.
+    config AWS_IOT_SHADOW_MAX_SIZE_OF_THING_NAME
+        int "Maximum Thing Name length"
+        depends on AWS_IOT_SDK
+        default 20
+        range 4 1000
+        help
+            Maximum length of a Thing Name.
 
 endmenu  # Thing Shadow
-

components/aws_iot/port/network_mbedtls_wrapper.c

@@ -236,6 +236,7 @@ IoT_Error_t iot_tls_connect(Network *pNetwork, TLSConnectParams *params) {
 
     mbedtls_ssl_conf_read_timeout(&(tlsDataParams->conf), pNetwork->tlsConnectParams.timeout_ms);
 
+#ifdef CONFIG_MBEDTLS_SSL_ALPN
     /* Use the AWS IoT ALPN extension for MQTT, if port 443 is requested */
     if (pNetwork->tlsConnectParams.DestinationPort == 443) {
         const char *alpnProtocols[] = { "x-amzn-mqtt-ca", NULL };
@@ -244,6 +245,7 @@ IoT_Error_t iot_tls_connect(Network *pNetwork, TLSConnectParams *params) {
             return SSL_CONNECTION_ERROR;
         }
     }
+#endif
 
     if((ret = mbedtls_ssl_setup(&(tlsDataParams->ssl), &(tlsDataParams->conf))) != 0) {
         ESP_LOGE(TAG, "failed! mbedtls_ssl_setup returned -0x%x", -ret);

components/bootloader/Kconfig.projbuild

@@ -1,429 +1,526 @@
 menu "Bootloader config"
-choice LOG_BOOTLOADER_LEVEL
-   bool "Bootloader log verbosity"
-   default LOG_BOOTLOADER_LEVEL_INFO
-   help
-       Specify how much output to see in bootloader logs.
+    choice LOG_BOOTLOADER_LEVEL
+        bool "Bootloader log verbosity"
+        default LOG_BOOTLOADER_LEVEL_INFO
+        help
+            Specify how much output to see in bootloader logs.
 
-config LOG_BOOTLOADER_LEVEL_NONE
-   bool "No output"
-config LOG_BOOTLOADER_LEVEL_ERROR
-   bool "Error"
-config LOG_BOOTLOADER_LEVEL_WARN
-   bool "Warning"
-config LOG_BOOTLOADER_LEVEL_INFO
-   bool "Info"
-config LOG_BOOTLOADER_LEVEL_DEBUG
-   bool "Debug"
-config LOG_BOOTLOADER_LEVEL_VERBOSE
-   bool "Verbose"
-endchoice
+        config LOG_BOOTLOADER_LEVEL_NONE
+            bool "No output"
+        config LOG_BOOTLOADER_LEVEL_ERROR
+            bool "Error"
+        config LOG_BOOTLOADER_LEVEL_WARN
+            bool "Warning"
+        config LOG_BOOTLOADER_LEVEL_INFO
+            bool "Info"
+        config LOG_BOOTLOADER_LEVEL_DEBUG
+            bool "Debug"
+        config LOG_BOOTLOADER_LEVEL_VERBOSE
+            bool "Verbose"
+    endchoice
 
-config LOG_BOOTLOADER_LEVEL
-    int
-    default 0 if LOG_BOOTLOADER_LEVEL_NONE
-    default 1 if LOG_BOOTLOADER_LEVEL_ERROR
-    default 2 if LOG_BOOTLOADER_LEVEL_WARN
-    default 3 if LOG_BOOTLOADER_LEVEL_INFO
-    default 4 if LOG_BOOTLOADER_LEVEL_DEBUG
-    default 5 if LOG_BOOTLOADER_LEVEL_VERBOSE
+    config LOG_BOOTLOADER_LEVEL
+        int
+        default 0 if LOG_BOOTLOADER_LEVEL_NONE
+        default 1 if LOG_BOOTLOADER_LEVEL_ERROR
+        default 2 if LOG_BOOTLOADER_LEVEL_WARN
+        default 3 if LOG_BOOTLOADER_LEVEL_INFO
+        default 4 if LOG_BOOTLOADER_LEVEL_DEBUG
+        default 5 if LOG_BOOTLOADER_LEVEL_VERBOSE
 
-config BOOTLOADER_SPI_WP_PIN
-    int "SPI Flash WP Pin when customising pins via efuse (read help)"
-    range 0 33
-    default 7
-    depends on FLASHMODE_QIO || FLASHMODE_QOUT
-    help
-        This value is ignored unless flash mode is set to QIO or QOUT *and* the SPI flash pins have been
-        overriden by setting the efuses SPI_PAD_CONFIG_xxx.
+    config BOOTLOADER_SPI_WP_PIN
+        int "SPI Flash WP Pin when customising pins via eFuse (read help)"
+        range 0 33
+        default 7
+        depends on FLASHMODE_QIO || FLASHMODE_QOUT
+        help
+            This value is ignored unless flash mode is set to QIO or QOUT *and* the SPI flash pins have been
+            overriden by setting the eFuses SPI_PAD_CONFIG_xxx.
 
-        When this is the case, the Efuse config only defines 3 of the 4 Quad I/O data pins. The WP pin (aka ESP32
-        pin "SD_DATA_3" or SPI flash pin "IO2") is not specified in Efuse. That pin number is compiled into the bootloader
-        instead.
+            When this is the case, the eFuse config only defines 3 of the 4 Quad I/O data pins. The WP pin (aka ESP32
+            pin "SD_DATA_3" or SPI flash pin "IO2") is not specified in eFuse. That pin number is compiled into the
+            bootloader instead.
 
-        The default value (GPIO 7) is correct for WP pin on ESP32-D2WD integrated flash.
+            The default value (GPIO 7) is correct for WP pin on ESP32-D2WD integrated flash.
 
-choice BOOTLOADER_VDDSDIO_BOOST
-    bool "VDDSDIO LDO voltage"
-    default BOOTLOADER_VDDSDIO_BOOST_1_9V
-    help
-        If this option is enabled, and VDDSDIO LDO is set to 1.8V (using EFUSE
-        or MTDI bootstrapping pin), bootloader will change LDO settings to
-        output 1.9V instead. This helps prevent flash chip from browning out
-        during flash programming operations.
+    choice BOOTLOADER_VDDSDIO_BOOST
+        bool "VDDSDIO LDO voltage"
+        default BOOTLOADER_VDDSDIO_BOOST_1_9V
+        help
+            If this option is enabled, and VDDSDIO LDO is set to 1.8V (using eFuse
+            or MTDI bootstrapping pin), bootloader will change LDO settings to
+            output 1.9V instead. This helps prevent flash chip from browning out
+            during flash programming operations.
 
-        This option has no effect if VDDSDIO is set to 3.3V, or if the internal
-        VDDSDIO regulator is disabled via efuse.
+            This option has no effect if VDDSDIO is set to 3.3V, or if the internal
+            VDDSDIO regulator is disabled via eFuse.
 
-config BOOTLOADER_VDDSDIO_BOOST_1_8V
-    bool "1.8V"
-    depends on !ESPTOOLPY_FLASHFREQ_80M
-config BOOTLOADER_VDDSDIO_BOOST_1_9V
-    bool "1.9V"
-endchoice
+        config BOOTLOADER_VDDSDIO_BOOST_1_8V
+            bool "1.8V"
+            depends on !ESPTOOLPY_FLASHFREQ_80M
+        config BOOTLOADER_VDDSDIO_BOOST_1_9V
+            bool "1.9V"
+    endchoice
 
-config BOOTLOADER_FACTORY_RESET
-    bool "GPIO triggers factory reset"
-    default N
-    help
-        Allows to reset the device to factory settings:
-        - clear one or more data partitions;
-        - boot from "factory" partition.
-        The factory reset will occur if there is a GPIO input pulled low while device starts up.
-        See settings below.
+    config BOOTLOADER_FACTORY_RESET
+        bool "GPIO triggers factory reset"
+        default N
+        help
+            Allows to reset the device to factory settings:
+            - clear one or more data partitions;
+            - boot from "factory" partition.
+            The factory reset will occur if there is a GPIO input pulled low while device starts up.
+            See settings below.
 
-config BOOTLOADER_NUM_PIN_FACTORY_RESET
-    int "Number of the GPIO input for factory reset"
-    depends on BOOTLOADER_FACTORY_RESET
-    range 0 39
-    default 4
-    help
-        The selected GPIO will be configured as an input with internal pull-up enabled.
-        To trigger a factory reset, this GPIO must be pulled low on reset.
-        Note that GPIO34-39 do not have an internal pullup and an external one must be provided.
+    config BOOTLOADER_NUM_PIN_FACTORY_RESET
+        int "Number of the GPIO input for factory reset"
+        depends on BOOTLOADER_FACTORY_RESET
+        range 0 39
+        default 4
+        help
+            The selected GPIO will be configured as an input with internal pull-up enabled.
+            To trigger a factory reset, this GPIO must be pulled low on reset.
+            Note that GPIO34-39 do not have an internal pullup and an external one must be provided.
 
-config BOOTLOADER_OTA_DATA_ERASE
-    bool "Clear OTA data on factory reset (select factory partition)"
-    depends on BOOTLOADER_FACTORY_RESET
-    help
-        The device will boot from "factory" partition (or OTA slot 0 if no factory partition is present) after a factory reset.
+    config BOOTLOADER_OTA_DATA_ERASE
+        bool "Clear OTA data on factory reset (select factory partition)"
+        depends on BOOTLOADER_FACTORY_RESET
+        help
+            The device will boot from "factory" partition (or OTA slot 0 if no factory partition is present) after a
+            factory reset.
 
-config BOOTLOADER_DATA_FACTORY_RESET
-     string "Comma-separated names of partitions to clear on factory reset"
-     depends on BOOTLOADER_FACTORY_RESET
-     default "nvs"
-     help
-        Allows customers to select which data partitions will be erased while factory reset.
-        
-        Specify the names of partitions as a comma-delimited with optional spaces for readability. (Like this: "nvs, phy_init, ...")
-        Make sure that the name specified in the partition table and here are the same. 
-        Partitions of type "app" cannot be specified here.
+    config BOOTLOADER_DATA_FACTORY_RESET
+        string "Comma-separated names of partitions to clear on factory reset"
+        depends on BOOTLOADER_FACTORY_RESET
+        default "nvs"
+        help
+            Allows customers to select which data partitions will be erased while factory reset.
 
-config BOOTLOADER_APP_TEST
-    bool "GPIO triggers boot from test app partition"
-    default N
-    help
-        Allows to run the test app from "TEST" partition.
-        A boot from "test" partition will occur if there is a GPIO input pulled low while device starts up.
-        See settings below.
+            Specify the names of partitions as a comma-delimited with optional spaces for readability. (Like this:
+            "nvs, phy_init, ...")
+            Make sure that the name specified in the partition table and here are the same.
+            Partitions of type "app" cannot be specified here.
 
-config BOOTLOADER_NUM_PIN_APP_TEST
-    int "Number of the GPIO input to boot TEST partition"
-    depends on BOOTLOADER_APP_TEST
-    range 0 39
-    default 18
-    help
-        The selected GPIO will be configured as an input with internal pull-up enabled.
-        To trigger a test app, this GPIO must be pulled low on reset.
-        After the GPIO input is deactivated and the device reboots, the old application will boot. 
-        (factory or OTA[x]).
-        Note that GPIO34-39 do not have an internal pullup and an external one must be provided.
+    config BOOTLOADER_APP_TEST
+        bool "GPIO triggers boot from test app partition"
+        default N
+        help
+            Allows to run the test app from "TEST" partition.
+            A boot from "test" partition will occur if there is a GPIO input pulled low while device starts up.
+            See settings below.
 
-config BOOTLOADER_HOLD_TIME_GPIO
-    int "Hold time of GPIO for reset/test mode (seconds)"
-    depends on BOOTLOADER_FACTORY_RESET || BOOTLOADER_APP_TEST
-    default 5
-    help
-        The GPIO must be held low continuously for this period of time after reset 
-        before a factory reset or test partition boot (as applicable) is performed.
+    config BOOTLOADER_NUM_PIN_APP_TEST
+        int "Number of the GPIO input to boot TEST partition"
+        depends on BOOTLOADER_APP_TEST
+        range 0 39
+        default 18
+        help
+            The selected GPIO will be configured as an input with internal pull-up enabled.
+            To trigger a test app, this GPIO must be pulled low on reset.
+            After the GPIO input is deactivated and the device reboots, the old application will boot.
+            (factory or OTA[x]).
+            Note that GPIO34-39 do not have an internal pullup and an external one must be provided.
 
-config BOOTLOADER_WDT_ENABLE
-    bool "Use RTC watchdog in start code"
-    default y
-    help
-        Tracks the execution time of startup code.
-        If the execution time is exceeded, the RTC_WDT will restart system.
-        It is also useful to prevent a lock up in start code caused by an unstable power source.
-        NOTE: Tracks the execution time starts from the bootloader code - re-set timeout, while selecting the source for slow_clk - and ends calling app_main.
-        Re-set timeout is needed due to WDT uses a SLOW_CLK clock source. After changing a frequency slow_clk a time of WDT needs to re-set for new frequency.
-        slow_clk depends on ESP32_RTC_CLOCK_SOURCE (INTERNAL_RC or EXTERNAL_CRYSTAL).
+    config BOOTLOADER_HOLD_TIME_GPIO
+        int "Hold time of GPIO for reset/test mode (seconds)"
+        depends on BOOTLOADER_FACTORY_RESET || BOOTLOADER_APP_TEST
+        default 5
+        help
+            The GPIO must be held low continuously for this period of time after reset
+            before a factory reset or test partition boot (as applicable) is performed.
 
-config BOOTLOADER_WDT_DISABLE_IN_USER_CODE
-    bool "Allows RTC watchdog disable in user code"
-    depends on BOOTLOADER_WDT_ENABLE
-    default n
-    help
-        If it is set, the client must itself reset or disable rtc_wdt in their code (app_main()).
-        Otherwise rtc_wdt will be disabled before calling app_main function.
-        Use function rtc_wdt_feed() for resetting counter of rtc_wdt.
-        Use function rtc_wdt_disable() for disabling rtc_wdt.
+    config BOOTLOADER_WDT_ENABLE
+        bool "Use RTC watchdog in start code"
+        default y
+        help
+            Tracks the execution time of startup code.
+            If the execution time is exceeded, the RTC_WDT will restart system.
+            It is also useful to prevent a lock up in start code caused by an unstable power source.
+            NOTE: Tracks the execution time starts from the bootloader code - re-set timeout, while selecting the
+            source for slow_clk - and ends calling app_main.
+            Re-set timeout is needed due to WDT uses a SLOW_CLK clock source. After changing a frequency slow_clk a
+            time of WDT needs to re-set for new frequency.
+            slow_clk depends on ESP32_RTC_CLOCK_SOURCE (INTERNAL_RC or EXTERNAL_CRYSTAL).
 
-config BOOTLOADER_WDT_TIME_MS
-    int "Timeout for RTC watchdog (ms)"
-    depends on BOOTLOADER_WDT_ENABLE
-    default 9000
-    range 0 120000
-    help
-        Verify that this parameter is correct and more then the execution time. 
-        Pay attention to options such as reset to factory, trigger test partition and encryption on boot
-        - these options can increase the execution time. 
-        Note: RTC_WDT will reset while encryption operations will be performed.
+    config BOOTLOADER_WDT_DISABLE_IN_USER_CODE
+        bool "Allows RTC watchdog disable in user code"
+        depends on BOOTLOADER_WDT_ENABLE
+        default n
+        help
+            If it is set, the client must itself reset or disable rtc_wdt in their code (app_main()).
+            Otherwise rtc_wdt will be disabled before calling app_main function.
+            Use function rtc_wdt_feed() for resetting counter of rtc_wdt.
+            Use function rtc_wdt_disable() for disabling rtc_wdt.
+
+    config BOOTLOADER_WDT_TIME_MS
+        int "Timeout for RTC watchdog (ms)"
+        depends on BOOTLOADER_WDT_ENABLE
+        default 9000
+        range 0 120000
+        help
+            Verify that this parameter is correct and more then the execution time.
+            Pay attention to options such as reset to factory, trigger test partition and encryption on boot
+            - these options can increase the execution time.
+            Note: RTC_WDT will reset while encryption operations will be performed.
+
+    config APP_ROLLBACK_ENABLE
+        bool "Enable app rollback support"
+        default n
+        help
+            After updating the app, the bootloader runs a new app with the "ESP_OTA_IMG_PENDING_VERIFY" state set.
+            This state prevents the re-run of this app. After the first boot of the new app in the user code, the
+            function should be called to confirm the operability of the app or vice versa about its non-operability.
+            If the app is working, then it is marked as valid. Otherwise, it is marked as not valid and rolls back to
+            the previous working app. A reboot is performed, and the app is booted before the software update.
+            Note: If during the first boot a new app the power goes out or the WDT works, then roll back will happen.
+            Rollback is possible only between the apps with the same security versions.
+
+    config APP_ANTI_ROLLBACK
+        bool "Enable app anti-rollback support"
+        depends on APP_ROLLBACK_ENABLE
+        default n
+        help
+            This option prevents rollback to previous firmware/application image with lower security version.
+
+    config APP_SECURE_VERSION
+        int "eFuse secure version of app"
+        depends on APP_ANTI_ROLLBACK
+        default 0
+        help
+            The secure version is the sequence number stored in the header of each firmware.
+            The security version is set in the bootloader, version is recorded in the eFuse field
+            as the number of set ones. The allocated number of bits in the efuse field
+            for storing the security version is limited (see APP_SECURE_VERSION_SIZE_EFUSE_FIELD option).
+
+            Bootloader: When bootloader selects an app to boot, an app is selected that has
+            a security version greater or equal that recorded in eFuse field.
+            The app is booted with a higher (or equal) secure version.
+
+            The security version is worth increasing if in previous versions there is
+            a significant vulnerability and their use is not acceptable.
+
+            Your partition table should has a scheme with ota_0 + ota_1 (without factory).
+
+    config APP_SECURE_VERSION_SIZE_EFUSE_FIELD
+        int "Size of the efuse secure version field"
+        depends on APP_ANTI_ROLLBACK
+        range 1 32
+        default 32
+        help
+            The size of the efuse secure version field. Its length is limited to 32 bits.
+            This determines how many times the security version can be increased.
+
+    config EFUSE_SECURE_VERSION_EMULATE
+        bool "Emulate operations with efuse secure version(only test)"
+        default n
+        depends on APP_ANTI_ROLLBACK
+        help
+            This option allow emulate read/write operations with efuse secure version.
+            It allow to test anti-rollback implemention without permanent write eFuse bits.
+            In partition table should be exist this partition `emul_efuse, data, 5, , 0x2000`.
 
 endmenu  # Bootloader
 
 
 menu "Security features"
 
-# These three are the actual options to check in code,
-# selected by the displayed options
-config SECURE_SIGNED_ON_BOOT
-    bool
-    default y
-    depends on SECURE_BOOT_ENABLED || SECURE_SIGNED_ON_BOOT_NO_SECURE_BOOT
+    # These three are the actual options to check in code,
+    # selected by the displayed options
+    config SECURE_SIGNED_ON_BOOT
+        bool
+        default y
+        depends on SECURE_BOOT_ENABLED || SECURE_SIGNED_ON_BOOT_NO_SECURE_BOOT
+
+    config SECURE_SIGNED_ON_UPDATE
+        bool
+        default y
+        depends on SECURE_BOOT_ENABLED || SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
+
+    config SECURE_SIGNED_APPS
+        bool
+        default y
+        depends on SECURE_SIGNED_ON_BOOT || SECURE_SIGNED_ON_UPDATE
+
+
+    config SECURE_SIGNED_APPS_NO_SECURE_BOOT
+        bool "Require signed app images"
+        default n
+        depends on !SECURE_BOOT_ENABLED
+        help
+            Require apps to be signed to verify their integrity.
+
+            This option uses the same app signature scheme as hardware secure boot, but unlike hardware secure boot it
+            does not prevent the bootloader from being physically updated. This means that the device can be secured
+            against remote network access, but not physical access. Compared to using hardware Secure Boot this option
+            is much simpler to implement.
+
+    config SECURE_SIGNED_ON_BOOT_NO_SECURE_BOOT
+        bool "Bootloader verifies app signatures"
+        default n
+        depends on SECURE_SIGNED_APPS_NO_SECURE_BOOT
+        help
+            If this option is set, the bootloader will be compiled with code to verify that an app is signed before
+            booting it.
+
+            If hardware secure boot is enabled, this option is always enabled and cannot be disabled.
+            If hardware secure boot is not enabled, this option doesn't add significant security by itself so most
+            users will want to leave it disabled.
+
+    config SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
+        bool "Verify app signature on update"
+        default y
+        depends on SECURE_SIGNED_APPS_NO_SECURE_BOOT
+        help
+            If this option is set, any OTA updated apps will have the signature verified before being considered valid.
+
+            When enabled, the signature is automatically checked whenever the esp_ota_ops.h APIs are used for OTA
+            updates, or esp_image_format.h APIs are used to verify apps.
+
+            If hardware secure boot is enabled, this option is always enabled and cannot be disabled.
+            If hardware secure boot is not enabled, this option still adds significant security against network-based
+            attackers by preventing spoofing of OTA updates.
+
+    config SECURE_BOOT_ENABLED
+        bool "Enable hardware secure boot in bootloader (READ DOCS FIRST)"
+        default n
+        help
+            Build a bootloader which enables secure boot on first boot.
+
+            Once enabled, secure boot will not boot a modified bootloader. The bootloader will only load a partition
+            table or boot an app if the data has a verified digital signature. There are implications for reflashing
+            updated apps once secure boot is enabled.
+
+            When enabling secure boot, JTAG and ROM BASIC Interpreter are permanently disabled by default.
+
+            Refer to https://docs.espressif.com/projects/esp-idf/en/latest/security/secure-boot.html before enabling.
+
+    choice SECURE_BOOTLOADER_MODE
+        bool "Secure bootloader mode"
+        depends on SECURE_BOOT_ENABLED
+        default SECURE_BOOTLOADER_ONE_TIME_FLASH
 
-config SECURE_SIGNED_ON_UPDATE
-    bool
-    default y
-    depends on SECURE_BOOT_ENABLED || SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
+        config SECURE_BOOTLOADER_ONE_TIME_FLASH
+            bool "One-time flash"
+            help
+                On first boot, the bootloader will generate a key which is not readable externally or by software. A
+                digest is generated from the bootloader image itself. This digest will be verified on each subsequent
+                boot.
+
+                Enabling this option means that the bootloader cannot be changed after the first time it is booted.
+
+        config SECURE_BOOTLOADER_REFLASHABLE
+            bool "Reflashable"
+            help
+                Generate a reusable secure bootloader key, derived (via SHA-256) from the secure boot signing key.
+
+                This allows the secure bootloader to be re-flashed by anyone with access to the secure boot signing
+                key.
+
+                This option is less secure than one-time flash, because a leak of the digest key from one device
+                allows reflashing of any device that uses it.
+
+    endchoice
+
+    config SECURE_BOOT_BUILD_SIGNED_BINARIES
+        bool "Sign binaries during build"
+        depends on SECURE_SIGNED_APPS
+        default y
+        help
+            Once secure boot or signed app requirement is enabled, app images are required to be signed.
 
-config SECURE_SIGNED_APPS
-   bool
-   default y
-   depends on SECURE_SIGNED_ON_BOOT || SECURE_SIGNED_ON_UPDATE
+            If enabled (default), these binary files are signed as part of the build process. The file named in
+            "Secure boot private signing key" will be used to sign the image.
 
+            If disabled, unsigned app/partition data will be built. They must be signed manually using espsecure.py
+            (for example, on a remote signing server.)
 
-config SECURE_SIGNED_APPS_NO_SECURE_BOOT
-    bool "Require signed app images"
-    default n
-    depends on !SECURE_BOOT_ENABLED
-    help
-        Require apps to be signed to verify their integrity.
+    config SECURE_BOOT_SIGNING_KEY
+        string "Secure boot private signing key"
+        depends on SECURE_BOOT_BUILD_SIGNED_BINARIES
+        default secure_boot_signing_key.pem
+        help
+            Path to the key file used to sign app images.
 
-        This option uses the same app signature scheme as hardware secure boot, but unlike hardware secure boot it does not prevent the bootloader from being physically updated. This means that the device can be secured against remote network access, but not physical access. Compared to using hardware Secure Boot this option is much simpler to implement.
+            Key file is an ECDSA private key (NIST256p curve) in PEM format.
+
+            Path is evaluated relative to the project directory.
+
+            You can generate a new signing key by running the following command:
+            espsecure.py generate_signing_key secure_boot_signing_key.pem
 
-config SECURE_SIGNED_ON_BOOT_NO_SECURE_BOOT
-    bool "Bootloader verifies app signatures"
-    default n
-    depends on SECURE_SIGNED_APPS_NO_SECURE_BOOT
-    help
-        If this option is set, the bootloader will be compiled with code to verify that an app is signed before booting it.
+            See https://docs.espressif.com/projects/esp-idf/en/latest/security/secure-boot.html for details.
+
+    config SECURE_BOOT_VERIFICATION_KEY
+        string "Secure boot public signature verification key"
+        depends on SECURE_SIGNED_APPS && !SECURE_BOOT_BUILD_SIGNED_BINARIES
+        default signature_verification_key.bin
+        help
+            Path to a public key file used to verify signed images. This key is compiled into the bootloader and/or
+            app, to verify app images.
 
-        If hardware secure boot is enabled, this option is always enabled and cannot be disabled.
-        If hardware secure boot is not enabled, this option doesn't add significant security by itself so most users will want to leave it disabled.
+            Key file is in raw binary format, and can be extracted from a
+            PEM formatted private key using the espsecure.py
+            extract_public_key command.
 
-config SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
-    bool "Verify app signature on update"
-    default y
-    depends on SECURE_SIGNED_APPS_NO_SECURE_BOOT
-    help
-         If this option is set, any OTA updated apps will have the signature verified before being considered valid.
+            Refer to https://docs.espressif.com/projects/esp-idf/en/latest/security/secure-boot.html before enabling.
 
-         When enabled, the signature is automatically checked whenever the esp_ota_ops.h APIs are used for OTA updates,
-         or esp_image_format.h APIs are used to verify apps.
+    choice SECURE_BOOTLOADER_KEY_ENCODING
+        bool "Hardware Key Encoding"
+        depends on SECURE_BOOTLOADER_REFLASHABLE
+        default SECURE_BOOTLOADER_NO_ENCODING
+        help
 
-         If hardware secure boot is enabled, this option is always enabled and cannot be disabled.
-         If hardware secure boot is not enabled, this option still adds significant security against network-based attackers by preventing spoofing of OTA updates.
+            In reflashable secure bootloader mode, a hardware key is derived from the signing key (with SHA-256) and
+            can be written to eFuse with espefuse.py.
 
-config SECURE_BOOT_ENABLED
-    bool "Enable hardware secure boot in bootloader (READ DOCS FIRST)"
-    default n
-    help
-        Build a bootloader which enables secure boot on first boot.
+            Normally this is a 256-bit key, but if 3/4 Coding Scheme is used on the device then the eFuse key is
+            truncated to 192 bits.
 
-        Once enabled, secure boot will not boot a modified bootloader. The bootloader will only load a partition table or boot an app if the data has a verified digital signature. There are implications for reflashing updated apps once secure boot is enabled.
+            This configuration item doesn't change any firmware code, it only changes the size of key binary which is
+            generated at build time.
+
+        config SECURE_BOOTLOADER_KEY_ENCODING_256BIT
+            bool "No encoding (256 bit key)"
+
+        config SECURE_BOOTLOADER_KEY_ENCODING_192BIT
+            bool "3/4 encoding (192 bit key)"
 
-        When enabling secure boot, JTAG and ROM BASIC Interpreter are permanently disabled by default.
+    endchoice
+
+    config SECURE_BOOT_INSECURE
+        bool "Allow potentially insecure options"
+        depends on SECURE_BOOT_ENABLED
+        default N
+        help
+            You can disable some of the default protections offered by secure boot, in order to enable testing or a
+            custom combination of security features.
+
+            Only enable these options if you are very sure.
+
+            Refer to https://docs.espressif.com/projects/esp-idf/en/latest/security/secure-boot.html before enabling.
+
+    config FLASH_ENCRYPTION_ENABLED
+        bool "Enable flash encryption on boot (READ DOCS FIRST)"
+        default N
+        help
+            If this option is set, flash contents will be encrypted by the bootloader on first boot.
+
+            Note: After first boot, the system will be permanently encrypted. Re-flashing an encrypted
+            system is complicated and not always possible.
+
+            Read https://docs.espressif.com/projects/esp-idf/en/latest/security/flash-encryption.html before enabling.
+
+    config FLASH_ENCRYPTION_INSECURE
+        bool "Allow potentially insecure options"
+        depends on FLASH_ENCRYPTION_ENABLED
+        default N
+        help
+            You can disable some of the default protections offered by flash encryption, in order to enable testing or
+            a custom combination of security features.
+
+            Only enable these options if you are very sure.
+
+            Refer to https://docs.espressif.com/projects/esp-idf/en/latest/security/secure-boot.html and
+            https://docs.espressif.com/projects/esp-idf/en/latest/security/flash-encryption.html for details.
+
+    menu "Potentially insecure options"
+        visible if FLASH_ENCRYPTION_INSECURE || SECURE_BOOT_INSECURE
+
+        # NOTE: Options in this menu NEED to have SECURE_BOOT_INSECURE
+        # and/or FLASH_ENCRYPTION_INSECURE in "depends on", as the menu
+        # itself doesn't enable/disable its children (if it's not set,
+        # it's possible for the insecure menu to be disabled but the insecure option
+        # to remain on which is very bad.)
+
+        config SECURE_BOOT_ALLOW_ROM_BASIC
+            bool "Leave ROM BASIC Interpreter available on reset"
+            depends on SECURE_BOOT_INSECURE || FLASH_ENCRYPTION_INSECURE
+            default N
+            help
+                By default, the BASIC ROM Console starts on reset if no valid bootloader is
+                read from the flash.
+
+                When either flash encryption or secure boot are enabled, the default is to
+                disable this BASIC fallback mode permanently via eFuse.
+
+                If this option is set, this eFuse is not burned and the BASIC ROM Console may
+                remain accessible.  Only set this option in testing environments.
+
+        config SECURE_BOOT_ALLOW_JTAG
+            bool "Allow JTAG Debugging"
+            depends on SECURE_BOOT_INSECURE || FLASH_ENCRYPTION_INSECURE
+            default N
+            help
+                If not set (default), the bootloader will permanently disable JTAG (across entire chip) on first boot
+                when either secure boot or flash encryption is enabled.
+
+                Setting this option leaves JTAG on for debugging, which negates all protections of flash encryption
+                and some of the protections of secure boot.
+
+                Only set this option in testing environments.
+
+        config SECURE_BOOT_ALLOW_SHORT_APP_PARTITION
+            bool "Allow app partition length not 64KB aligned"
+            depends on SECURE_BOOT_INSECURE
+            help
+                If not set (default), app partition size must be a multiple of 64KB. App images are padded to 64KB
+                length, and the bootloader checks any trailing bytes after the signature (before the next 64KB
+                boundary) have not been written. This is because flash cache maps entire 64KB pages into the address
+                space. This prevents an attacker from appending unverified data after the app image in the flash,
+                causing it to be mapped into the address space.
+
+                Setting this option allows the app partition length to be unaligned, and disables padding of the app
+                image to this length. It is generally not recommended to set this option, unless you have a legacy
+                partitioning scheme which doesn't support 64KB aligned partition lengths.
+
+        config FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_ENCRYPT
+            bool "Leave UART bootloader encryption enabled"
+            depends on FLASH_ENCRYPTION_INSECURE
+            default N
+            help
+                If not set (default), the bootloader will permanently disable UART bootloader encryption access on
+                first boot. If set, the UART bootloader will still be able to access hardware encryption.
+
+                It is recommended to only set this option in testing environments.
+
+        config FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_DECRYPT
+            bool "Leave UART bootloader decryption enabled"
+            depends on FLASH_ENCRYPTION_INSECURE
+            default N
+            help
+                If not set (default), the bootloader will permanently disable UART bootloader decryption access on
+                first boot. If set, the UART bootloader will still be able to access hardware decryption.
+
+                Only set this option in testing environments. Setting this option allows complete bypass of flash
+                encryption.
+
+        config FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_CACHE
+            bool "Leave UART bootloader flash cache enabled"
+            depends on FLASH_ENCRYPTION_INSECURE
+            default N
+            help
+                If not set (default), the bootloader will permanently disable UART bootloader flash cache access on
+                first boot. If set, the UART bootloader will still be able to access the flash cache.
+
+                Only set this option in testing environments.
+
+    endmenu  # Potentially Insecure
+
+    config FLASH_ENCRYPTION_DISABLE_PLAINTEXT
+        bool "Disable serial reflashing of plaintext firmware"
+        depends on FLASH_ENCRYPTION_ENABLED
+        default y if SECURE_BOOT_ENABLED
+        default n if !SECURE_BOOT_ENABLED
+        help
+            If this option is enabled, flash encryption is permanently enabled after first boot by write-protecting
+            the FLASH_CRYPT_CNT efuse. This is the recommended configuration for a secure production system.
+
+            If this option is disabled, FLASH_CRYPT_CNT is left writeable and up to 4 plaintext re-flashes are allowed.
+            An attacker with physical access will be able to read out encrypted flash contents until all plaintext
+            re-flashes have been used up.
+
+            If this option is disabled and hardware Secure Boot is enabled, Secure Boot must be configured in
+            Reflashable mode so that a new Secure Boot digest can be flashed at the same time as plaintext firmware.
+            This combination is not secure and should not be used for a production system.
 
-        Refer to https://docs.espressif.com/projects/esp-idf/en/latest/security/secure-boot.html before enabling.
-
-choice SECURE_BOOTLOADER_MODE
-    bool "Secure bootloader mode"
-    depends on SECURE_BOOT_ENABLED
-    default SECURE_BOOTLOADER_ONE_TIME_FLASH
-
-config SECURE_BOOTLOADER_ONE_TIME_FLASH
-       bool "One-time flash"
-       help
-           On first boot, the bootloader will generate a key which is not readable externally or by software. A digest is generated from the bootloader image itself. This digest will be verified on each subsequent boot.
-
-           Enabling this option means that the bootloader cannot be changed after the first time it is booted.
-
-config SECURE_BOOTLOADER_REFLASHABLE
-    bool "Reflashable"
-    help
-        Generate a reusable secure bootloader key, derived (via SHA-256) from the secure boot signing key.
-
-        This allows the secure bootloader to be re-flashed by anyone with access to the secure boot signing key.
-
-        This option is less secure than one-time flash, because a leak of the digest key from one device allows reflashing of any device that uses it.
-
-endchoice
-
-config SECURE_BOOT_BUILD_SIGNED_BINARIES
-     bool "Sign binaries during build"
-     depends on SECURE_SIGNED_APPS
-     default y
-     help
-        Once secure boot or signed app requirement is enabled, app images are required to be signed.
-
-        If enabled (default), these binary files are signed as part of the build process. The file named in "Secure boot private signing key" will be used to sign the image.
-
-        If disabled, unsigned app/partition data will be built. They must be signed manually using espsecure.py (for example, on a remote signing server.)
-
-config SECURE_BOOT_SIGNING_KEY
-     string "Secure boot private signing key"
-     depends on SECURE_BOOT_BUILD_SIGNED_BINARIES
-     default secure_boot_signing_key.pem
-     help
-        Path to the key file used to sign app images.
-
-        Key file is an ECDSA private key (NIST256p curve) in PEM format.
-
-        Path is evaluated relative to the project directory.
-
-        You can generate a new signing key by running the following command:
-        espsecure.py generate_signing_key secure_boot_signing_key.pem
-
-        See docs/security/secure-boot.rst for details.
-
-config SECURE_BOOT_VERIFICATION_KEY
-    string "Secure boot public signature verification key"
-    depends on SECURE_SIGNED_APPS && !SECURE_BOOT_BUILD_SIGNED_BINARIES
-    default signature_verification_key.bin
-    help
-       Path to a public key file used to verify signed images. This key is compiled into the bootloader and/or app,
-       to verify app images.
-
-       Key file is in raw binary format, and can be extracted from a
-       PEM formatted private key using the espsecure.py
-       extract_public_key command.
-
-       Refer to https://docs.espressif.com/projects/esp-idf/en/latest/security/secure-boot.html before enabling.
-
-choice SECURE_BOOTLOADER_KEY_ENCODING
-    bool "Hardware Key Encoding"
-    depends on SECURE_BOOTLOADER_REFLASHABLE
-    default SECURE_BOOTLOADER_NO_ENCODING
-    help
-
-    In reflashable secure bootloader mode, a hardware key is derived from the signing key (with SHA-256) and can be written to efuse
-    with espefuse.py.
-
-    Normally this is a 256-bit key, but if 3/4 Coding Scheme is used on the device then the efuse key is truncated to 192 bits.
-
-    This configuration item doesn't change any firmware code, it only changes the size of key binary which is generated at build time.
-
-config SECURE_BOOTLOADER_KEY_ENCODING_256BIT
-       bool "No encoding (256 bit key)"
-
-config SECURE_BOOTLOADER_KEY_ENCODING_192BIT
-       bool "3/4 encoding (192 bit key)"
-
-endchoice
-
-config SECURE_BOOT_INSECURE
-    bool "Allow potentially insecure options"
-    depends on SECURE_BOOT_ENABLED
-    default N
-    help
-       You can disable some of the default protections offered by secure boot, in order to enable testing or a custom combination of security features.
-
-       Only enable these options if you are very sure.
-
-       Refer to https://docs.espressif.com/projects/esp-idf/en/latest/security/secure-boot.html before enabling.
-
-config FLASH_ENCRYPTION_ENABLED
-    bool "Enable flash encryption on boot (READ DOCS FIRST)"
-    default N
-    help
-       If this option is set, flash contents will be encrypted by the bootloader on first boot.
-
-       Note: After first boot, the system will be permanently encrypted. Re-flashing an encrypted
-       system is complicated and not always possible.
-
-       Read https://docs.espressif.com/projects/esp-idf/en/latest/security/flash-encryption.html before enabling.
-
-config FLASH_ENCRYPTION_INSECURE
-    bool "Allow potentially insecure options"
-    depends on FLASH_ENCRYPTION_ENABLED
-    default N
-    help
-       You can disable some of the default protections offered by flash encryption, in order to enable testing or a custom combination of security features.
-
-       Only enable these options if you are very sure.
-
-       Refer to docs/security/secure-boot.rst and docs/security/flash-encryption.rst for details.
-
-menu "Potentially insecure options"
-    visible if FLASH_ENCRYPTION_INSECURE || SECURE_BOOT_INSECURE
-
-# NOTE: Options in this menu NEED to have SECURE_BOOT_INSECURE
-# and/or FLASH_ENCRYPTION_INSECURE in "depends on", as the menu
-# itself doesn't enable/disable its children (if it's not set,
-# it's possible for the insecure menu to be disabled but the insecure option
-# to remain on which is very bad.)
-
-config SECURE_BOOT_ALLOW_ROM_BASIC
-       bool "Leave ROM BASIC Interpreter available on reset"
-       depends on SECURE_BOOT_INSECURE || FLASH_ENCRYPTION_INSECURE
-       default N
-       help
-          By default, the BASIC ROM Console starts on reset if no valid bootloader is
-          read from the flash.
-
-          When either flash encryption or secure boot are enabled, the default is to
-          disable this BASIC fallback mode permanently via efuse.
-
-          If this option is set, this efuse is not burned and the BASIC ROM Console may
-          remain accessible.  Only set this option in testing environments.
-
-config SECURE_BOOT_ALLOW_JTAG
-       bool "Allow JTAG Debugging"
-       depends on SECURE_BOOT_INSECURE || FLASH_ENCRYPTION_INSECURE
-       default N
-       help
-          If not set (default), the bootloader will permanently disable JTAG (across entire chip) on first boot when either secure boot or flash encryption is enabled.
-
-          Setting this option leaves JTAG on for debugging, which negates all protections of flash encryption and some of the protections of secure boot.
-
-          Only set this option in testing environments.
-
-config SECURE_BOOT_ALLOW_SHORT_APP_PARTITION
-       bool "Allow app partition length not 64KB aligned"
-       depends on SECURE_BOOT_INSECURE
-       help
-           If not set (default), app partition size must be a multiple of 64KB. App images are padded to 64KB length, and the bootloader checks any trailing bytes after the signature (before the next 64KB boundary) have not been written. This is because flash cache maps entire 64KB pages into the address space. This prevents an attacker from appending unverified data after the app image in the flash, causing it to be mapped into the address space.
-
-           Setting this option allows the app partition length to be unaligned, and disables padding of the app image to this length. It is generally not recommended to set this option, unless you have a legacy partitioning scheme which doesn't support 64KB aligned partition lengths.
-
-config FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_ENCRYPT
-    bool "Leave UART bootloader encryption enabled"
-    depends on FLASH_ENCRYPTION_INSECURE
-    default N
-    help
-        If not set (default), the bootloader will permanently disable UART bootloader encryption access on first boot. If set, the UART bootloader will still be able to access hardware encryption.
-
-        It is recommended to only set this option in testing environments.
-
-config FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_DECRYPT
-    bool "Leave UART bootloader decryption enabled"
-    depends on FLASH_ENCRYPTION_INSECURE
-    default N
-    help
-        If not set (default), the bootloader will permanently disable UART bootloader decryption access on first boot. If set, the UART bootloader will still be able to access hardware decryption.
-
-        Only set this option in testing environments. Setting this option allows complete bypass of flash encryption.
-
-config FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_CACHE
-    bool "Leave UART bootloader flash cache enabled"
-    depends on FLASH_ENCRYPTION_INSECURE
-    default N
-    help
-        If not set (default), the bootloader will permanently disable UART bootloader flash cache access on first boot. If set, the UART bootloader will still be able to access the flash cache.
-
-        Only set this option in testing environments.
-
-config SECURE_BOOT_TEST_MODE
-       bool "Secure boot test mode: don't permanently set any efuses"
-       depends on SECURE_BOOT_INSECURE
-       default N
-       help
-          If this option is set, all permanent secure boot changes (via Efuse) are disabled.
-
-          Log output will state changes which would be applied, but they will not be.
-
-          This option is for testing purposes only - it completely disables secure boot protection.
-
-
-endmenu  # Potentially Insecure
 endmenu  # Security features

components/bootloader/project_include.cmake

@@ -1,27 +1,67 @@
+# This is for tracking the top level project path
 if(BOOTLOADER_BUILD)
-    return()  # don't keep recursing!
+    set(main_project_path "${CMAKE_BINARY_DIR}/../..")
+else()
+    set(main_project_path "${IDF_PROJECT_PATH}")
+endif()
+
+get_filename_component(secure_boot_signing_key
+    "${CONFIG_SECURE_BOOT_SIGNING_KEY}"
+    ABSOLUTE BASE_DIR "${main_project_path}")
+if(NOT EXISTS ${secure_boot_signing_key})
+    # If the signing key is not found, create a phony gen_secure_boot_signing_key target that
+    # fails the build. fail_at_build_time also touches CMakeCache.txt to cause a cmake run next time
+    # (to pick up a new signing key if one exists, etc.)
+    fail_at_build_time(gen_secure_boot_signing_key
+        "Secure Boot Signing Key ${CONFIG_SECURE_BOOT_SIGNING_KEY} does not exist. Generate using:"
+        "\tespsecure.py generate_signing_key ${CONFIG_SECURE_BOOT_SIGNING_KEY}")
+else()
+    add_custom_target(gen_secure_boot_signing_key)
+endif()
+
+if(BOOTLOADER_BUILD OR NOT IDF_BUILD_ARTIFACTS)
+    return()  # don't keep recursing, generate on project builds
 endif()
 
 # Glue to build the bootloader subproject binary as an external
 # cmake project under this one
 #
 #
-set(bootloader_build_dir "${CMAKE_BINARY_DIR}/bootloader")
+set(bootloader_build_dir "${IDF_BUILD_ARTIFACTS_DIR}/bootloader")
 set(bootloader_binary_files
     "${bootloader_build_dir}/bootloader.elf"
     "${bootloader_build_dir}/bootloader.bin"
     "${bootloader_build_dir}/bootloader.map"
     )
 
-externalproject_add(bootloader
-    # TODO: support overriding the bootloader in COMPONENT_PATHS
-    SOURCE_DIR "${IDF_PATH}/components/bootloader/subproject"
-    BINARY_DIR "${bootloader_build_dir}"
-    CMAKE_ARGS  -DSDKCONFIG=${SDKCONFIG} -DIDF_PATH=${IDF_PATH}
-    INSTALL_COMMAND ""
-    BUILD_ALWAYS 1  # no easy way around this...
-    BUILD_BYPRODUCTS ${bootloader_binary_files}
-    )
+# These additional files may get generated
+if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
+    set(bootloader_binary_files
+        ${bootloader_binary_files}
+        "${bootloader_build_dir}/bootloader-reflash-digest.bin"
+        "${bootloader_build_dir}/secure-bootloader-key-192.bin"
+        "${bootloader_build_dir}/secure-bootloader-key-256.bin"
+        )
+endif()
+
+if((NOT CONFIG_SECURE_BOOT_ENABLED) OR
+    CONFIG_SECURE_BOOTLOADER_REFLASHABLE OR
+    CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH)
+    externalproject_add(bootloader
+        # TODO: support overriding the bootloader in COMPONENT_PATHS
+        SOURCE_DIR "${CMAKE_CURRENT_LIST_DIR}/subproject"
+        BINARY_DIR "${bootloader_build_dir}"
+        CMAKE_ARGS  -DSDKCONFIG=${SDKCONFIG} -DIDF_PATH=${IDF_PATH}
+                    -DSECURE_BOOT_SIGNING_KEY=${secure_boot_signing_key}
+                    -DEXTRA_COMPONENT_DIRS=${CMAKE_CURRENT_LIST_DIR}
+        INSTALL_COMMAND ""
+        BUILD_ALWAYS 1  # no easy way around this...
+        BUILD_BYPRODUCTS ${bootloader_binary_files}
+        DEPENDS gen_secure_boot_signing_key
+        )
+else()
+    fail_at_build_time(bootloader "Invalid bootloader target: bad sdkconfig?")
+endif()
 
 # this is a hack due to an (annoying) shortcoming in cmake, it can't
 # extend the 'clean' target to the external project

components/bootloader/subproject/CMakeLists.txt

@@ -10,7 +10,7 @@ if(NOT IDF_PATH)
         "in by the parent build process.")
 endif()
 
-set(COMPONENTS bootloader esptool_py esp32 partition_table soc bootloader_support log spi_flash micro-ecc soc main)
+set(COMPONENTS bootloader esptool_py esp32 partition_table soc bootloader_support log spi_flash micro-ecc soc main efuse)
 set(BOOTLOADER_BUILD 1)
 add_definitions(-DBOOTLOADER_BUILD=1)
 
@@ -21,8 +21,117 @@ project(bootloader)
 
 target_linker_script(bootloader.elf
     "main/esp32.bootloader.ld"
-    "main/esp32.bootloader.rom.ld")
-# Imported from esp32 component
+    "main/esp32.bootloader.rom.ld"
+)
+
+# as cmake won't attach linker args to a header-only library, attach
+# linker args directly to the bootloader.elf
+set(ESP32_BOOTLOADER_LINKER_SCRIPTS
+    "${IDF_PATH}/components/esp32/ld/esp32.rom.ld"
+    "${IDF_PATH}/components/esp32/ld/esp32.rom.spiram_incompatible_fns.ld"
+    "${IDF_PATH}/components/esp32/ld/esp32.peripherals.ld")
+
 target_linker_script(bootloader.elf ${ESP32_BOOTLOADER_LINKER_SCRIPTS})
 
 target_link_libraries(bootloader.elf gcc)
+
+set(secure_boot_signing_key ${SECURE_BOOT_SIGNING_KEY})
+
+string(REPLACE ";" " " espsecurepy "${ESPSECUREPY}")
+string(REPLACE ";" " " espefusepy "${ESPEFUSEPY}")
+set(esptoolpy_write_flash "${ESPTOOLPY_WRITE_FLASH_STR}")
+
+if(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
+    if(CONFIG_SECURE_BOOTLOADER_KEY_ENCODING_192BIT)
+        set(key_digest_len 192)
+    else()
+        set(key_digest_len 256)
+    endif()
+
+    get_filename_component(bootloader_digest_bin
+        "bootloader-reflash-digest.bin"
+        ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")
+
+    get_filename_component(secure_bootloader_key
+        "secure-bootloader-key-${key_digest_len}.bin"
+        ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")
+
+    add_custom_command(OUTPUT "${secure_bootloader_key}"
+        COMMAND ${ESPSECUREPY} digest_private_key
+            --keylen "${key_digest_len}"
+            --keyfile "${secure_boot_signing_key}"
+            "${secure_bootloader_key}"
+        VERBATIM)
+
+    if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
+        add_custom_target(gen_secure_bootloader_key ALL DEPENDS "${secure_bootloader_key}")
+    else()
+        if(NOT EXISTS "${secure_bootloader_key}")
+            message(FATAL_ERROR
+                "No pre-generated key for a reflashable secure bootloader is available, "
+                "due to signing configuration."
+                "\nTo generate one, you can use this command:"
+                "\n\t${espsecurepy} generate_flash_encryption_key ${secure_bootloader_key}"
+                "\nIf a signing key is present, then instead use:"
+                "\n\t${ESPSECUREPY} digest_private_key "
+                "--keylen (192/256) --keyfile KEYFILE "
+                "${secure_bootloader_key}")
+        endif()
+        add_custom_target(gen_secure_bootloader_key)
+    endif()
+
+    add_custom_command(OUTPUT "${bootloader_digest_bin}"
+        COMMAND ${CMAKE_COMMAND} -E echo "DIGEST ${bootloader_digest_bin}"
+        COMMAND ${ESPSECUREPY} digest_secure_bootloader --keyfile "${secure_bootloader_key}"
+            -o "${bootloader_digest_bin}" "${CMAKE_BINARY_DIR}/bootloader.bin"
+        DEPENDS gen_secure_bootloader_key "${CMAKE_BINARY_DIR}/bootloader.bin"
+        VERBATIM)
+
+    add_custom_target (gen_bootloader_digest_bin ALL DEPENDS "${bootloader_digest_bin}")
+endif()
+
+if(CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH)
+    add_custom_command(TARGET bootloader POST_BUILD
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "=============================================================================="
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "Bootloader built. Secure boot enabled, so bootloader not flashed automatically."
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "One-time flash command is:"
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"
+        VERBATIM)
+
+elseif(CONFIG_SECURE_BOOTLOADER_REFLASHABLE)
+    add_custom_command(TARGET bootloader POST_BUILD
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "=============================================================================="
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "Bootloader built and secure digest generated."
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "Secure boot enabled, so bootloader not flashed automatically."
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "Burn secure boot key to efuse using:"
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "\t${espefusepy} burn_key secure_boot ${secure_bootloader_key}"
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "First time flash command is:"
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "\t${esptoolpy_write_flash} ${BOOTLOADER_OFFSET} ${CMAKE_BINARY_DIR}/bootloader.bin"
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "=============================================================================="
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "To reflash the bootloader after initial flash:"
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "\t${esptoolpy_write_flash} 0x0 ${bootloader_digest_bin}"
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "=============================================================================="
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "* After first boot, only re-flashes of this kind (with same key) will be accepted."
+        COMMAND ${CMAKE_COMMAND} -E echo
+            "* Not recommended to re-use the same secure boot keyfile on multiple production devices."
+        DEPENDS gen_secure_bootloader_key gen_bootloader_digest_bin
+        VERBATIM)
+endif()

components/bootloader/subproject/Makefile

@@ -8,7 +8,7 @@ endif
 
 PROJECT_NAME := bootloader
 
-COMPONENTS := esptool_py bootloader_support log spi_flash micro-ecc soc main
+COMPONENTS := esptool_py bootloader_support log spi_flash micro-ecc soc main efuse
 
 # Clear C and CXX from top level project
 CFLAGS =

components/bootloader/subproject/main/bootloader_start.c

@@ -24,6 +24,7 @@
 #include "bootloader_common.h"
 #include "sdkconfig.h"
 #include "esp_image_format.h"
+#include "rom/rtc.h"
 
 static const char* TAG = "boot";
 
@@ -74,7 +75,8 @@ static int selected_boot_partition(const bootloader_state_t *bs)
     int boot_index = bootloader_utility_get_selected_boot_partition(bs);
     if (boot_index == INVALID_INDEX) {
         return boot_index; // Unrecoverable failure (not due to corrupt ota data or bad partition contents)
-    } else {
+    }
+    if (rtc_get_reset_reason(0) != DEEPSLEEP_RESET) {
         // Factory firmware.
 #ifdef CONFIG_BOOTLOADER_FACTORY_RESET
         if (bootloader_common_check_long_hold_gpio(CONFIG_BOOTLOADER_NUM_PIN_FACTORY_RESET, CONFIG_BOOTLOADER_HOLD_TIME_GPIO) == 1) {

components/bootloader/subproject/main/esp32.bootloader.ld

@@ -45,7 +45,6 @@ SECTIONS
     *libbootloader_support.a:bootloader_random.*(.literal .text .literal.* .text.*)
     *libbootloader_support.a:bootloader_utility.*(.literal .text .literal.* .text.*)
     *libbootloader_support.a:bootloader_sha.*(.literal .text .literal.* .text.*)
-    *libbootloader_support.a:efuse.*(.literal .text .literal.* .text.*)
     *libbootloader_support.a:esp_image_format.*(.literal .text .literal.* .text.*)
     *libbootloader_support.a:flash_encrypt.*(.literal .text .literal.* .text.*)
     *libbootloader_support.a:flash_partitions.*(.literal .text .literal.* .text.*)
@@ -54,6 +53,7 @@ SECTIONS
     *libmicro-ecc.a:*.*(.literal .text .literal.* .text.*)
     *libspi_flash.a:*.*(.literal .text .literal.* .text.*)
     *libsoc.a:rtc_wdt.*(.literal .text .literal.* .text.*)
+    *libefuse.a:*.*(.literal .text .literal.* .text.*)
     *(.fini.literal)
     *(.fini)
     *(.gnu.version)

components/bootloader_support/CMakeLists.txt

@@ -1,10 +1,10 @@
 set(COMPONENT_SRCS "src/bootloader_clock.c"
                    "src/bootloader_common.c"
                    "src/bootloader_flash.c"
+                   "src/bootloader_flash_config.c"
                    "src/bootloader_random.c"
                    "src/bootloader_sha.c"
                    "src/bootloader_utility.c"
-                   "src/efuse.c"
                    "src/esp_image_format.c"
                    "src/flash_encrypt.c"
                    "src/flash_partitions.c"
@@ -15,13 +15,47 @@ set(COMPONENT_SRCS "src/bootloader_clock.c"
 if(${BOOTLOADER_BUILD})
     set(COMPONENT_ADD_INCLUDEDIRS "include include_bootloader")
     set(COMPONENT_REQUIRES)
-    set(COMPONENT_PRIV_REQUIRES spi_flash micro-ecc)
+    set(COMPONENT_PRIV_REQUIRES spi_flash micro-ecc efuse)
     list(APPEND COMPONENT_SRCS "src/bootloader_init.c")
+
+    if(CONFIG_SECURE_SIGNED_APPS)
+        get_filename_component(secure_boot_verification_key
+            "signature_verification_key.bin"
+            ABSOLUTE BASE_DIR "${CMAKE_BINARY_DIR}")
+        if(CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES)
+            add_custom_command(OUTPUT "${secure_boot_verification_key}"
+                COMMAND ${ESPSECUREPY}
+                    extract_public_key --keyfile "${secure_boot_signing_key}"
+                    "${secure_boot_verification_key}"
+                DEPENDS gen_secure_boot_signing_key
+                VERBATIM)
+        else()
+            get_filename_component(orig_secure_boot_verification_key
+                "${CONFIG_SECURE_BOOT_VERIFICATION_KEY}"
+                ABSOLUTE BASE_DIR "${main_project_path}")
+            if(NOT EXISTS ${orig_secure_boot_verification_key})
+                message(FATAL_ERROR
+                    "Secure Boot Verification Public Key ${CONFIG_SECURE_BOOT_VERIFICATION_KEY} does not exist."
+                    "\nThis can be extracted from the private signing key."
+                    "\nSee docs/security/secure-boot.rst for details.")
+            endif()
+
+            add_custom_command(OUTPUT "${secure_boot_verification_key}"
+                COMMAND ${CMAKE_COMMAND} -E copy "${orig_secure_boot_verification_key}"
+                    "${secure_boot_verification_key}"
+                DEPENDS "${orig_secure_boot_verification_key}"
+                VERBATIM)
+        endif()
+        set(COMPONENT_EMBED_FILES "${secure_boot_verification_key}")
+        set_property(DIRECTORY "${CMAKE_CURRENT_SOURCE_DIR}"
+            APPEND PROPERTY ADDITIONAL_MAKE_CLEAN_FILES
+            "${secure_boot_verification_key}")
+    endif()
 else()
     set(COMPONENT_ADD_INCLUDEDIRS "include")
     set(COMPONENT_PRIV_INCLUDEDIRS "include_bootloader")
     set(COMPONENT_REQUIRES)
-    set(COMPONENT_PRIV_REQUIRES spi_flash mbedtls micro-ecc)
+    set(COMPONENT_PRIV_REQUIRES spi_flash mbedtls micro-ecc efuse)
 endif()
 
 register_component()

components/bootloader_support/include/bootloader_common.h

@@ -14,6 +14,8 @@
 
 #pragma once
 #include "esp_flash_data_types.h"
+#include "esp_image_format.h"
+#include "esp_image_format.h"
 
 /// Type of hold a GPIO in low state
 typedef enum {
@@ -22,22 +24,35 @@ typedef enum {
     GPIO_NOT_HOLD   = 0     /*!< If the GPIO input is not low */
 } esp_comm_gpio_hold_t;
 
+typedef enum {
+    ESP_IMAGE_BOOTLOADER,
+    ESP_IMAGE_APPLICATION
+} esp_image_type;
+
 /**
- * @brief Calculate crc for the OTA data partition.
+ * @brief Calculate crc for the OTA data select.
  *
- * @param[in] ota_data The OTA data partition.
+ * @param[in] s The OTA data select.
  * @return    Returns crc value.
  */
 uint32_t bootloader_common_ota_select_crc(const esp_ota_select_entry_t *s);
 
 /**
- * @brief Verifies the validity of the OTA data partition
+ * @brief Verifies the validity of the OTA data select
  *
- * @param[in] ota_data The OTA data partition.
+ * @param[in] s The OTA data select.
  * @return    Returns true on valid, false otherwise.
  */
 bool bootloader_common_ota_select_valid(const esp_ota_select_entry_t *s);
 
+/**
+ * @brief Returns true if OTADATA is not marked as bootable partition.
+ *
+ * @param[in] s The OTA data select.
+ * @return    Returns true if OTADATA invalid, false otherwise.
+ */
+bool bootloader_common_ota_select_invalid(const esp_ota_select_entry_t *s);
+
 /**
  * @brief Check if the GPIO input is a long hold or a short hold.
  *
@@ -91,3 +106,62 @@ bool bootloader_common_label_search(const char *list, char *label);
  *          - ESP_FAIL: An allocation error occurred.
  */
 esp_err_t bootloader_common_get_sha256_of_partition(uint32_t address, uint32_t size, int type, uint8_t *out_sha_256);
+
+/**
+ * @brief Returns the number of active otadata.
+ *
+ * @param[in] two_otadata Pointer on array from two otadata structures.
+ *
+ * @return The number of active otadata (0 or 1).
+ *        - -1: If it does not have active otadata.
+ */
+int bootloader_common_get_active_otadata(esp_ota_select_entry_t *two_otadata);
+
+/**
+ * @brief Returns the number of active otadata.
+ *
+ * @param[in] two_otadata       Pointer on array from two otadata structures.
+ * @param[in] valid_two_otadata Pointer on array from two bools. True means select.
+ * @param[in] max               True - will select the maximum ota_seq number, otherwise the minimum.
+ *
+ * @return The number of active otadata (0 or 1).
+ *        - -1: If it does not have active otadata.
+ */
+int bootloader_common_select_otadata(const esp_ota_select_entry_t *two_otadata, bool *valid_two_otadata, bool max);
+
+/**
+ * @brief Returns esp_app_desc structure for app partition. This structure includes app version.
+ *
+ * Returns a description for the requested app partition.
+ * @param[in] partition      App partition description.
+ * @param[out] app_desc      Structure of info about app.
+ * @return
+ *  - ESP_OK:                Successful.
+ *  - ESP_ERR_INVALID_ARG:   The arguments passed are not valid.
+ *  - ESP_ERR_NOT_FOUND:     app_desc structure is not found. Magic word is incorrect.
+ *  - ESP_FAIL:              mapping is fail.
+ */
+esp_err_t bootloader_common_get_partition_description(const esp_partition_pos_t *partition, esp_app_desc_t *app_desc);
+
+/**
+ * @brief Get chip revision
+ *
+ * @return Chip revision number
+ */
+uint8_t bootloader_common_get_chip_revision(void);
+
+/**
+ * @brief Check if the image (bootloader and application) has valid chip ID and revision
+ *
+ * @param[in] img_hdr: image header
+ * @param[in] type: image type, bootloader or application
+ * @return
+ *      - ESP_OK: image and chip are matched well
+ *      - ESP_FAIL: image doesn't match to the chip
+ */
+esp_err_t bootloader_common_check_chip_validity(const esp_image_header_t* img_hdr, esp_image_type type);
+
+/**
+ * @brief Configure VDDSDIO, call this API to rise VDDSDIO to 1.9V when VDDSDIO regulator is enabled as 1.8V mode.
+ */
+void bootloader_common_vddsdio_configure();

components/bootloader_support/include/bootloader_flash_config.h

@@ -0,0 +1,71 @@
+// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+#pragma once
+
+#include "esp_image_format.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * @brief Update the flash id in g_rom_flashchip(global esp_rom_spiflash_chip_t structure).
+ *
+ * @return None
+ */
+void bootloader_flash_update_id();
+
+/**
+ * @brief Set the flash CS setup and hold time.
+ *
+ * @note CS setup time is recomemded to be 1.5T, and CS hold time is recommended to be 2.5T.
+ *       cs_setup = 1, cs_setup_time = 0; cs_hold = 1, cs_hold_time = 1.
+ *
+ * @return None
+ */
+void bootloader_flash_cs_timing_config();
+
+/**
+ * @brief Configure SPI flash clock.
+ *
+ * @note This function only set clock frequency for SPI0.
+ *
+ * @param pfhdr Pointer to App image header, from where to fetch flash settings.
+ *
+ * @return None
+ */
+void bootloader_flash_clock_config(const esp_image_header_t* pfhdr);
+
+/**
+ * @brief Configure SPI flash gpio, include the IO matrix and drive strength configuration.
+ *
+ * @param pfhdr Pointer to App image header, from where to fetch flash settings.
+ *
+ * @return None
+ */
+void bootloader_flash_gpio_config(const esp_image_header_t* pfhdr);
+
+/**
+ * @brief Configure SPI flash read dummy based on different mode and frequency.
+ *
+ * @param pfhdr Pointer to App image header, from where to fetch flash settings.
+ *
+ * @return None
+ */
+void bootloader_flash_dummy_config(const esp_image_header_t* pfhdr);
+
+#ifdef __cplusplus
+}
+#endif

components/bootloader_support/include/esp_efuse.h

@@ -1,99 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-#ifndef _ESP_EFUSE_H
-#define _ESP_EFUSE_H
-
-#include "soc/efuse_reg.h"
-#include "esp_err.h"
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-/* @brief Permanently update values written to the efuse write registers
- *
- * After updating EFUSE_BLKx_WDATAx_REG registers with new values to
- * write, call this function to permanently write them to efuse.
- *
- * @note Setting bits in efuse is permanent, they cannot be unset.
- *
- * @note Due to this restriction you don't need to copy values to
- * Efuse write registers from the matching read registers, bits which
- * are set in the read register but unset in the matching write
- * register will be unchanged when new values are burned.
- *
- * @note This function is not threadsafe, if calling code updates
- * efuse values from multiple tasks then this is caller's
- * responsibility to serialise.
- *
- * After burning new efuses, the read registers are updated to match
- * the new efuse values.
- */
-void esp_efuse_burn_new_values(void);
-
-/* @brief Reset efuse write registers
- *
- * Efuse write registers are written to zero, to negate
- * any changes that have been staged here.
- */
-void esp_efuse_reset(void);
-
-/* @brief Disable BASIC ROM Console via efuse
- *
- * By default, if booting from flash fails the ESP32 will boot a
- * BASIC console in ROM.
- *
- * Call this function (from bootloader or app) to permanently
- * disable the console on this chip.
- */
-void esp_efuse_disable_basic_rom_console(void);
-
-/* @brief Encode one or more sets of 6 byte sequences into
- * 8 bytes suitable for 3/4 Coding Scheme.
- *
- * This function is only useful if the CODING_SCHEME efuse
- * is set to value 1 for 3/4 Coding Scheme.
- *
- * @param[in] in_bytes Pointer to a sequence of bytes to encode for 3/4 Coding Scheme. Must have length in_bytes_len. After being written to hardware, these bytes will read back as little-endian words.
- * @param[out] out_words Pointer to array of words suitable for writing to efuse write registers. Array must contain 2 words (8 bytes) for every 6 bytes in in_bytes_len. Can be a pointer to efuse write registers.
- * @param in_bytes_len. Length of array pointed to by in_bytes, in bytes. Must be a multiple of 6.
- *
- * @return ESP_ERR_INVALID_ARG if either pointer is null or in_bytes_len is not a multiple of 6. ESP_OK otherwise.
- */
-esp_err_t esp_efuse_apply_34_encoding(const uint8_t *in_bytes, uint32_t *out_words, size_t in_bytes_len);
-
-/* @brief Write random data to efuse key block write registers
- *
- * @note Caller is responsible for ensuring efuse
- * block is empty and not write protected, before calling.
- *
- * @note Behaviour depends on coding scheme: a 256-bit key is
- * generated and written for Coding Scheme "None", a 192-bit key
- * is generated, extended to 256-bits by the Coding Scheme,
- * and then writtten for 3/4 Coding Scheme.
- *
- * @note This function does not burn the new values, caller should
- * call esp_efuse_burn_new_values() when ready to do this.
- *
- * @param blk_wdata0_reg Address of the first data write register
- * in the block
- */
-void esp_efuse_write_random_key(uint32_t blk_wdata0_reg);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif /* __ESP_EFUSE_H */
-

components/bootloader_support/include/esp_image_format.h

@@ -55,6 +55,19 @@ typedef enum {
 
 #define ESP_IMAGE_HEADER_MAGIC 0xE9
 
+/**
+ * @brief ESP chip ID
+ *
+ */
+typedef enum {
+    ESP_CHIP_ID_ESP32 = 0x0000,  /*!< chip ID: ESP32 */
+    ESP_CHIP_ID_INVALID = 0xFFFF /*!< Invalid chip ID (we defined it to make sure the esp_chip_id_t is 2 bytes size) */
+} __attribute__((packed)) esp_chip_id_t;
+
+/** @cond */
+_Static_assert(sizeof(esp_chip_id_t) == 2, "esp_chip_id_t should be 16 bit");
+/** @endcond */
+
 /* Main header of binary image */
 typedef struct {
     uint8_t magic;
@@ -71,8 +84,9 @@ typedef struct {
     uint8_t wp_pin;
     /* Drive settings for the SPI flash pins (read by ROM bootloader) */
     uint8_t spi_pin_drv[3];
-    /* Reserved bytes in ESP32 additional header space, currently unused */
-    uint8_t reserved[11];
+    esp_chip_id_t chip_id; /*!< Chip identification number */
+    uint8_t min_chip_rev;  /*!< Minimum chip revision supported by image */
+    uint8_t reserved[8];   /*!< Reserved bytes in additional header space, currently unused */
     /* If 1, a SHA256 digest "simple hash" (of the entire image) is appended after the checksum. Included in image length. This digest
      * is separate to secure boot and only used for detecting corruption. For secure boot signed images, the signature
      * is appended after this (and the simple hash is included in the signed data). */
@@ -89,6 +103,25 @@ typedef struct {
     uint32_t data_len;
 } esp_image_segment_header_t;
 
+#define ESP_APP_DESC_MAGIC_WORD 0xABCD5432 /*!< The magic word for the esp_app_desc structure that is in DROM. */
+
+/**
+ * @brief Description about application.
+ */
+typedef struct {
+    uint32_t magic_word;        /*!< Magic word ESP_APP_DESC_MAGIC_WORD */
+    uint32_t secure_version;    /*!< Secure version */
+    uint32_t reserv1[2];        /*!< --- */
+    char version[32];           /*!< Application version */
+    char project_name[32];      /*!< Project name */
+    char time[16];              /*!< Compile time */
+    char date[16];              /*!< Compile date*/
+    char idf_ver[32];           /*!< Version IDF */
+    uint8_t app_elf_sha256[32]; /*!< sha256 of elf file */
+    uint32_t reserv2[20];       /*!< --- */
+} esp_app_desc_t;
+_Static_assert(sizeof(esp_app_desc_t) == 256, "esp_app_desc_t should be 256 bytes");
+
 #define ESP_IMAGE_MAX_SEGMENTS 16
 
 /* Structure to hold on-flash image metadata */

components/bootloader_support/include/esp_secure_boot.h

@@ -46,6 +46,25 @@ static inline bool esp_secure_boot_enabled(void) {
     return REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_RD_ABS_DONE_0;
 }
 
+/** @brief Generate secure digest from bootloader image
+ *
+ * @important This function is intended to be called from bootloader code only.
+ *
+ * If secure boot is not yet enabled for bootloader, this will:
+ *     1) generate the secure boot key and burn it on EFUSE
+ *        (without enabling R/W protection)
+ *     2) generate the digest from bootloader and save it
+ *        to flash address 0x0
+ *
+ * If first boot gets interrupted after calling this function
+ * but before esp_secure_boot_permanently_enable() is called, then
+ * the key burned on EFUSE will not be regenerated, unless manually
+ * done using espefuse.py tool
+ *
+ * @return ESP_OK if secure boot digest is generated
+ * successfully or found to be already present
+ */
+esp_err_t esp_secure_boot_generate_digest(void);
 
 /** @brief Enable secure boot if it is not already enabled.
  *
@@ -54,9 +73,13 @@ static inline bool esp_secure_boot_enabled(void) {
  *
  * @important This function is intended to be called from bootloader code only.
  *
+ * @important This will enable r/w protection of secure boot key on EFUSE,
+ * therefore it is to be ensured that esp_secure_boot_generate_digest()
+ * is called before this
+ *
  * If secure boot is not yet enabled for bootloader, this will
- * generate the secure boot digest and enable secure boot by blowing
- * the EFUSE_RD_ABS_DONE_0 efuse.
+ *     1) enable R/W protection of secure boot key on EFUSE
+ *     2) enable secure boot by blowing the EFUSE_RD_ABS_DONE_0 efuse.
  *
  * This function does not verify secure boot of the bootloader (the
  * ROM bootloader does this.)
@@ -64,7 +87,6 @@ static inline bool esp_secure_boot_enabled(void) {
  * Will fail if efuses have been part-burned in a way that indicates
  * secure boot should not or could not be correctly enabled.
  *
- *
  * @return ESP_ERR_INVALID_STATE if efuse state doesn't allow
  * secure boot to be enabled cleanly. ESP_OK if secure boot
  * is enabled on this chip from now on.

components/bootloader_support/include_bootloader/bootloader_flash.h

@@ -30,6 +30,13 @@
    bootloader_support components only.
 */
 
+/**
+ * @brief Get number of free pages
+ *
+ * @return Number of free pages
+ */
+uint32_t bootloader_mmap_get_free_pages();
+
 /**
  * @brief Map a region of flash to data memory
  *

components/bootloader_support/src/bootloader_clock.c

@@ -31,14 +31,14 @@ void bootloader_clock_configure()
     /* Set CPU to 80MHz. Keep other clocks unmodified. */
     int cpu_freq_mhz = 80;
 
-    /* On ESP32 rev 0, switching to 80MHz if clock was previously set to
+    /* On ESP32 rev 0, switching to 80/160 MHz if clock was previously set to
      * 240 MHz may cause the chip to lock up (see section 3.5 of the errata
-     * document). For rev. 0, switch to 240 instead if it was chosen in
-     * menuconfig.
+     * document). For rev. 0, switch to 240 instead if it has been enabled
+     * previously.
      */
     uint32_t chip_ver_reg = REG_READ(EFUSE_BLK0_RDATA3_REG);
     if ((chip_ver_reg & EFUSE_RD_CHIP_VER_REV1_M) == 0 &&
-            CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ == 240) {
+            DPORT_REG_GET_FIELD(DPORT_CPU_PER_CONF_REG, DPORT_CPUPERIOD_SEL) == DPORT_CPUPERIOD_SEL_240) {
         cpu_freq_mhz = 240;
     }
 

components/bootloader_support/src/bootloader_common.c

@@ -27,8 +27,14 @@
 #include "bootloader_flash.h"
 #include "bootloader_common.h"
 #include "soc/gpio_periph.h"
+#include "soc/efuse_reg.h"
+#include "soc/rtc.h"
+#include "soc/spi_reg.h"
+#include "soc/efuse_reg.h"
+#include "soc/apb_ctrl_reg.h"
 #include "esp_image_format.h"
 #include "bootloader_sha.h"
+#include "sys/param.h"
 
 #define ESP_PARTITION_HASH_LEN 32 /* SHA-256 digest length */
 
@@ -39,9 +45,14 @@ uint32_t bootloader_common_ota_select_crc(const esp_ota_select_entry_t *s)
     return crc32_le(UINT32_MAX, (uint8_t*)&s->ota_seq, 4);
 }
 
+bool bootloader_common_ota_select_invalid(const esp_ota_select_entry_t *s)
+{
+    return s->ota_seq == UINT32_MAX || s->ota_state == ESP_OTA_IMG_INVALID || s->ota_state == ESP_OTA_IMG_ABORTED;
+}
+
 bool bootloader_common_ota_select_valid(const esp_ota_select_entry_t *s)
 {
-    return s->ota_seq != UINT32_MAX && s->crc == bootloader_common_ota_select_crc(s);
+    return bootloader_common_ota_select_invalid(s) == false && s->crc == bootloader_common_ota_select_crc(s);
 }
 
 esp_comm_gpio_hold_t bootloader_common_check_long_hold_gpio(uint32_t num_pin, uint32_t delay_sec)
@@ -192,3 +203,125 @@ esp_err_t bootloader_common_get_sha256_of_partition (uint32_t address, uint32_t
 
     return ESP_OK;
 }
+
+int bootloader_common_select_otadata(const esp_ota_select_entry_t *two_otadata, bool *valid_two_otadata, bool max)
+{
+    if (two_otadata == NULL || valid_two_otadata == NULL) {
+        return -1;
+    }
+    int active_otadata = -1;
+    if (valid_two_otadata[0] && valid_two_otadata[1]) {
+        int condition = (max == true) ? MAX(two_otadata[0].ota_seq, two_otadata[1].ota_seq) : MIN(two_otadata[0].ota_seq, two_otadata[1].ota_seq);
+        if (condition == two_otadata[0].ota_seq) {
+            active_otadata = 0;
+        } else {
+            active_otadata = 1;
+        }
+        ESP_LOGD(TAG, "Both OTA copies are valid");
+    } else {
+        for (int i = 0; i < 2; ++i) {
+            if (valid_two_otadata[i]) {
+                active_otadata = i;
+                ESP_LOGD(TAG, "Only otadata[%d] is valid", i);
+                break;
+            }
+        }
+    }
+    return active_otadata;
+}
+
+int bootloader_common_get_active_otadata(esp_ota_select_entry_t *two_otadata)
+{
+    if (two_otadata == NULL) {
+        return -1;
+    }
+    bool valid_two_otadata[2];
+    valid_two_otadata[0] = bootloader_common_ota_select_valid(&two_otadata[0]);
+    valid_two_otadata[1] = bootloader_common_ota_select_valid(&two_otadata[1]);
+    return bootloader_common_select_otadata(two_otadata, valid_two_otadata, true);
+}
+
+esp_err_t bootloader_common_get_partition_description(const esp_partition_pos_t *partition, esp_app_desc_t *app_desc)
+{
+    if (partition == NULL || app_desc == NULL || partition->offset == 0) {
+        return ESP_ERR_INVALID_ARG;
+    }
+
+    const uint8_t *image = bootloader_mmap(partition->offset, partition->size);
+    if (image == NULL) {
+        ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", partition->offset, partition->size);
+        return ESP_FAIL;
+    }
+
+    memcpy(app_desc, image + sizeof(esp_image_header_t) + sizeof(esp_image_segment_header_t), sizeof(esp_app_desc_t));
+    bootloader_munmap(image);
+
+    if (app_desc->magic_word != ESP_APP_DESC_MAGIC_WORD) {
+        return ESP_ERR_NOT_FOUND;
+    }
+
+    return ESP_OK;
+}
+
+void bootloader_common_vddsdio_configure()
+{
+#if CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V
+    rtc_vddsdio_config_t cfg = rtc_vddsdio_get_config();
+    if (cfg.enable == 1 && cfg.tieh == RTC_VDDSDIO_TIEH_1_8V) {    // VDDSDIO regulator is enabled @ 1.8V
+        cfg.drefh = 3;
+        cfg.drefm = 3;
+        cfg.drefl = 3;
+        cfg.force = 1;
+        rtc_vddsdio_set_config(cfg);
+        ets_delay_us(10); // wait for regulator to become stable
+    }
+#endif // CONFIG_BOOTLOADER_VDDSDIO_BOOST
+}
+
+#ifdef CONFIG_IDF_TARGET_ESP32
+uint8_t bootloader_common_get_chip_revision(void)
+{
+    uint8_t eco_bit0, eco_bit1, eco_bit2;
+    eco_bit0 = (REG_READ(EFUSE_BLK0_RDATA3_REG) & 0xF000) >> 15;
+    eco_bit1 = (REG_READ(EFUSE_BLK0_RDATA5_REG) & 0x100000) >> 20;
+    eco_bit2 = (REG_READ(APB_CTRL_DATE_REG) & 0x80000000) >> 31;
+    uint32_t combine_value = (eco_bit2 << 2) | (eco_bit1 << 1) | eco_bit0;
+    uint8_t chip_ver = 0;
+    switch (combine_value) {
+    case 0:
+        chip_ver = 0;
+        break;
+    case 1:
+        chip_ver = 1;
+        break;
+    case 3:
+        chip_ver = 2;
+        break;
+    case 7:
+        chip_ver = 3;
+        break;
+    default:
+        chip_ver = 0;
+        break;
+    }
+    return chip_ver;
+}
+#endif
+
+esp_err_t bootloader_common_check_chip_validity(const esp_image_header_t* img_hdr, esp_image_type type)
+{
+    esp_err_t err = ESP_OK;
+    esp_chip_id_t chip_id = CONFIG_IDF_FIRMWARE_CHIP_ID;
+    if (chip_id != img_hdr->chip_id) {
+        ESP_LOGE(TAG, "mismatch chip ID, expected %d, found %d", chip_id, img_hdr->chip_id);
+        err = ESP_FAIL;
+    }
+    uint8_t revision = bootloader_common_get_chip_revision();
+    if (revision < img_hdr->min_chip_rev) {
+        ESP_LOGE(TAG, "can't run on lower chip revision, expected %d, found %d", revision, img_hdr->min_chip_rev);
+        err = ESP_FAIL;
+    } else if (revision != img_hdr->min_chip_rev) {
+        ESP_LOGI(TAG, "chip revision: %d, min. %s chip revision: %d", revision, type == ESP_IMAGE_BOOTLOADER ? "bootloader" : "application", img_hdr->min_chip_rev);
+    }
+    return err;
+}

components/bootloader_support/src/bootloader_flash.c

@@ -25,6 +25,11 @@ static const char *TAG = "bootloader_mmap";
 
 static spi_flash_mmap_handle_t map;
 
+uint32_t bootloader_mmap_get_free_pages()
+{
+    return spi_flash_mmap_get_free_pages(SPI_FLASH_MMAP_DATA);
+}
+
 const void *bootloader_mmap(uint32_t src_addr, uint32_t size)
 {
     if (map) {
@@ -91,12 +96,22 @@ static const char *TAG = "bootloader_flash";
 */
 #define MMU_BLOCK0_VADDR  0x3f400000
 #define MMU_BLOCK50_VADDR 0x3f720000
+#define MMU_FREE_PAGES    ((MMU_BLOCK50_VADDR - MMU_BLOCK0_VADDR) / FLASH_BLOCK_SIZE)
 
 static bool mapped;
 
 // Current bootloader mapping (ab)used for bootloader_read()
 static uint32_t current_read_mapping = UINT32_MAX;
 
+uint32_t bootloader_mmap_get_free_pages()
+{
+    /**
+     * Allow mapping up to 50 of the 51 available MMU blocks (last one used for reads)
+     * Since, bootloader_mmap function below assumes it to be 0x320000 (50 pages), we can safely do this.
+     */
+    return MMU_FREE_PAGES;
+}
+
 const void *bootloader_mmap(uint32_t src_addr, uint32_t size)
 {
     if (mapped) {

components/bootloader_support/src/bootloader_flash_config.c

@@ -0,0 +1,165 @@
+// Copyright 2018 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <stdbool.h>
+#include <assert.h>
+#include "string.h"
+#include "sdkconfig.h"
+#include "esp_err.h"
+#include "esp_log.h"
+#include "rom/gpio.h"
+#include "rom/spi_flash.h"
+#include "rom/efuse.h"
+#include "soc/gpio_periph.h"
+#include "soc/efuse_reg.h"
+#include "soc/spi_reg.h"
+#include "soc/spi_pins.h"
+#include "flash_qio_mode.h"
+#include "bootloader_flash_config.h"
+
+void bootloader_flash_update_id()
+{
+    g_rom_flashchip.device_id = bootloader_read_flash_id();
+}
+
+void IRAM_ATTR bootloader_flash_cs_timing_config()
+{
+    SET_PERI_REG_MASK(SPI_USER_REG(0), SPI_CS_HOLD_M | SPI_CS_SETUP_M);
+    SET_PERI_REG_BITS(SPI_CTRL2_REG(0), SPI_HOLD_TIME_V, 1, SPI_HOLD_TIME_S);
+    SET_PERI_REG_BITS(SPI_CTRL2_REG(0), SPI_SETUP_TIME_V, 0, SPI_SETUP_TIME_S);
+    SET_PERI_REG_MASK(SPI_USER_REG(1), SPI_CS_HOLD_M | SPI_CS_SETUP_M);
+    SET_PERI_REG_BITS(SPI_CTRL2_REG(1), SPI_HOLD_TIME_V, 1, SPI_HOLD_TIME_S);
+    SET_PERI_REG_BITS(SPI_CTRL2_REG(1), SPI_SETUP_TIME_V, 0, SPI_SETUP_TIME_S);
+}
+
+void IRAM_ATTR bootloader_flash_clock_config(const esp_image_header_t* pfhdr)
+{
+    uint32_t spi_clk_div = 0;
+    switch (pfhdr->spi_speed) {
+        case ESP_IMAGE_SPI_SPEED_80M:
+            spi_clk_div = 1;
+            break;
+        case ESP_IMAGE_SPI_SPEED_40M:
+            spi_clk_div = 2;
+            break;
+        case ESP_IMAGE_SPI_SPEED_26M:
+            spi_clk_div = 3;
+            break;
+        case ESP_IMAGE_SPI_SPEED_20M:
+            spi_clk_div = 4;
+            break;
+        default:
+            break;
+    }
+    esp_rom_spiflash_config_clk(spi_clk_div, 0);
+}
+
+void IRAM_ATTR bootloader_flash_gpio_config(const esp_image_header_t* pfhdr)
+{
+    uint32_t drv = 2;
+    if (pfhdr->spi_speed == ESP_IMAGE_SPI_SPEED_80M) {
+        drv = 3;
+    }
+
+    uint32_t chip_ver = REG_GET_FIELD(EFUSE_BLK0_RDATA3_REG, EFUSE_RD_CHIP_VER_PKG);
+    uint32_t pkg_ver = chip_ver & 0x7;
+
+    if (pkg_ver == EFUSE_RD_CHIP_VER_PKG_ESP32D2WDQ5) {
+        // For ESP32D2WD the SPI pins are already configured
+        // flash clock signal should come from IO MUX.
+        PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CLK_U, FUNC_SD_CLK_SPICLK);
+        SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, drv, FUN_DRV_S);
+    } else if (pkg_ver == EFUSE_RD_CHIP_VER_PKG_ESP32PICOD2) {
+        // For ESP32PICOD2 the SPI pins are already configured
+        // flash clock signal should come from IO MUX.
+        PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CLK_U, FUNC_SD_CLK_SPICLK);
+        SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, drv, FUN_DRV_S);
+    } else if (pkg_ver == EFUSE_RD_CHIP_VER_PKG_ESP32PICOD4) {
+        // For ESP32PICOD4 the SPI pins are already configured
+        // flash clock signal should come from IO MUX.
+        PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CLK_U, FUNC_SD_CLK_SPICLK);
+        SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, drv, FUN_DRV_S);
+    } else {
+        const uint32_t spiconfig = ets_efuse_get_spiconfig();
+        if (spiconfig == EFUSE_SPICONFIG_SPI_DEFAULTS) {
+            gpio_matrix_out(SPI_IOMUX_PIN_NUM_CS, SPICS0_OUT_IDX, 0, 0);
+            gpio_matrix_out(SPI_IOMUX_PIN_NUM_MISO, SPIQ_OUT_IDX, 0, 0);
+            gpio_matrix_in(SPI_IOMUX_PIN_NUM_MISO, SPIQ_IN_IDX, 0);
+            gpio_matrix_out(SPI_IOMUX_PIN_NUM_MOSI, SPID_OUT_IDX, 0, 0);
+            gpio_matrix_in(SPI_IOMUX_PIN_NUM_MOSI, SPID_IN_IDX, 0);
+            gpio_matrix_out(SPI_IOMUX_PIN_NUM_WP, SPIWP_OUT_IDX, 0, 0);
+            gpio_matrix_in(SPI_IOMUX_PIN_NUM_WP, SPIWP_IN_IDX, 0);
+            gpio_matrix_out(SPI_IOMUX_PIN_NUM_HD, SPIHD_OUT_IDX, 0, 0);
+            gpio_matrix_in(SPI_IOMUX_PIN_NUM_HD, SPIHD_IN_IDX, 0);
+            //select pin function gpio
+            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_DATA0_U, PIN_FUNC_GPIO);
+            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_DATA1_U, PIN_FUNC_GPIO);
+            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_DATA2_U, PIN_FUNC_GPIO);
+            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_DATA3_U, PIN_FUNC_GPIO);
+            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CMD_U, PIN_FUNC_GPIO);
+            // flash clock signal should come from IO MUX.
+            // set drive ability for clock
+            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CLK_U, FUNC_SD_CLK_SPICLK);
+            SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, drv, FUN_DRV_S);
+
+            uint32_t flash_id = g_rom_flashchip.device_id;
+            if (flash_id == FLASH_ID_GD25LQ32C) {
+                // Set drive ability for 1.8v flash in 80Mhz.
+                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_DATA0_U, FUN_DRV, 3, FUN_DRV_S);
+                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_DATA1_U, FUN_DRV, 3, FUN_DRV_S);
+                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_DATA2_U, FUN_DRV, 3, FUN_DRV_S);
+                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_DATA3_U, FUN_DRV, 3, FUN_DRV_S);
+                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CMD_U,   FUN_DRV, 3, FUN_DRV_S);
+                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U,   FUN_DRV, 3, FUN_DRV_S);
+            }
+        }
+    }
+}
+
+void IRAM_ATTR bootloader_flash_dummy_config(const esp_image_header_t* pfhdr)
+{
+    int spi_cache_dummy = 0;
+    uint32_t modebit = READ_PERI_REG(SPI_CTRL_REG(0));
+    if (modebit & SPI_FASTRD_MODE) {
+        if (modebit & SPI_FREAD_QIO) {    //SPI mode is QIO
+            spi_cache_dummy = SPI0_R_QIO_DUMMY_CYCLELEN;
+        } else if (modebit & SPI_FREAD_DIO) {    //SPI mode is DIO
+            spi_cache_dummy = SPI0_R_DIO_DUMMY_CYCLELEN;
+            SET_PERI_REG_BITS(SPI_USER1_REG(0), SPI_USR_ADDR_BITLEN_V, SPI0_R_DIO_ADDR_BITSLEN, SPI_USR_ADDR_BITLEN_S);
+        } else if(modebit & (SPI_FREAD_QUAD | SPI_FREAD_DUAL))  {    //SPI mode is QOUT or DIO
+            spi_cache_dummy = SPI0_R_FAST_DUMMY_CYCLELEN;
+        }
+    }
+
+    extern uint8_t g_rom_spiflash_dummy_len_plus[];
+    switch (pfhdr->spi_speed) {
+        case ESP_IMAGE_SPI_SPEED_80M:
+            g_rom_spiflash_dummy_len_plus[0] = ESP_ROM_SPIFLASH_DUMMY_LEN_PLUS_80M;
+            g_rom_spiflash_dummy_len_plus[1] = ESP_ROM_SPIFLASH_DUMMY_LEN_PLUS_80M;
+            break;
+        case ESP_IMAGE_SPI_SPEED_40M:
+            g_rom_spiflash_dummy_len_plus[0] = ESP_ROM_SPIFLASH_DUMMY_LEN_PLUS_40M;
+            g_rom_spiflash_dummy_len_plus[1] = ESP_ROM_SPIFLASH_DUMMY_LEN_PLUS_40M;
+            break;
+        case ESP_IMAGE_SPI_SPEED_26M:
+        case ESP_IMAGE_SPI_SPEED_20M:
+            g_rom_spiflash_dummy_len_plus[0] = ESP_ROM_SPIFLASH_DUMMY_LEN_PLUS_20M;
+            g_rom_spiflash_dummy_len_plus[1] = ESP_ROM_SPIFLASH_DUMMY_LEN_PLUS_20M;
+            break;
+        default:
+            break;
+    }
+
+    SET_PERI_REG_BITS(SPI_USER1_REG(0), SPI_USR_DUMMY_CYCLELEN_V, spi_cache_dummy + g_rom_spiflash_dummy_len_plus[0],
+            SPI_USR_DUMMY_CYCLELEN_S);
+}

components/bootloader_support/src/bootloader_init.c

@@ -33,12 +33,10 @@
 #include "soc/cpu.h"
 #include "soc/rtc.h"
 #include "soc/dport_reg.h"
-#include "soc/io_mux_reg.h"
 #include "soc/efuse_reg.h"
 #include "soc/rtc_cntl_reg.h"
 #include "soc/timer_group_reg.h"
-#include "soc/gpio_reg.h"
-#include "soc/gpio_sig_map.h"
+#include "soc/gpio_periph.h"
 #include "soc/rtc_wdt.h"
 
 #include "sdkconfig.h"
@@ -50,6 +48,8 @@
 #include "bootloader_random.h"
 #include "bootloader_config.h"
 #include "bootloader_clock.h"
+#include "bootloader_common.h"
+#include "bootloader_flash_config.h"
 
 #include "flash_qio_mode.h"
 
@@ -63,8 +63,7 @@ static const char* TAG = "boot";
 static esp_err_t bootloader_main();
 static void print_flash_info(const esp_image_header_t* pfhdr);
 static void update_flash_config(const esp_image_header_t* pfhdr);
-static void vddsdio_configure();
-static void flash_gpio_configure(const esp_image_header_t* pfhdr);
+static void bootloader_init_flash_configure(const esp_image_header_t* pfhdr);
 static void uart_console_configure(void);
 static void wdt_reset_check(void);
 
@@ -119,7 +118,7 @@ esp_err_t bootloader_init()
 
 static esp_err_t bootloader_main()
 {
-    vddsdio_configure();
+    bootloader_common_vddsdio_configure();
     /* Read and keep flash ID, for further use. */
     g_rom_flashchip.device_id = bootloader_read_flash_id();
     esp_image_header_t fhdr;
@@ -127,7 +126,15 @@ static esp_err_t bootloader_main()
         ESP_LOGE(TAG, "failed to load bootloader header!");
         return ESP_FAIL;
     }
-    flash_gpio_configure(&fhdr);
+
+    /* Check chip ID and minimum chip revision that supported by this image */
+    uint8_t revision = bootloader_common_get_chip_revision();
+    ESP_LOGI(TAG, "Chip Revision: %d", revision);
+    if (bootloader_common_check_chip_validity(&fhdr, ESP_IMAGE_BOOTLOADER) != ESP_OK) {
+        return ESP_FAIL;
+    }
+
+    bootloader_init_flash_configure(&fhdr);
 #if (CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ == 240)
     //Check if ESP32 is rated for a CPU frequency of 160MHz only
     if (REG_GET_BIT(EFUSE_BLK0_RDATA3_REG, EFUSE_RD_CHIP_CPU_FREQ_RATED) &&
@@ -287,128 +294,15 @@ static void print_flash_info(const esp_image_header_t* phdr)
 #endif
 }
 
-static void vddsdio_configure()
-{
-#if CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V
-    rtc_vddsdio_config_t cfg = rtc_vddsdio_get_config();
-    if (cfg.enable == 1 && cfg.tieh == RTC_VDDSDIO_TIEH_1_8V) {    // VDDSDIO regulator is enabled @ 1.8V
-        cfg.drefh = 3;
-        cfg.drefm = 3;
-        cfg.drefl = 3;
-        cfg.force = 1;
-        rtc_vddsdio_set_config(cfg);
-        ets_delay_us(10); // wait for regulator to become stable
-    }
-#endif // CONFIG_BOOTLOADER_VDDSDIO_BOOST
-}
-
-#define FLASH_CLK_IO      6
-#define FLASH_CS_IO       11
-#define FLASH_SPIQ_IO     7
-#define FLASH_SPID_IO     8
-#define FLASH_SPIWP_IO    10
-#define FLASH_SPIHD_IO    9
-#define FLASH_IO_MATRIX_DUMMY_40M   1
-#define FLASH_IO_MATRIX_DUMMY_80M   2
-#define FLASH_IO_DRIVE_GD_WITH_1V8PSRAM    3
-
 /*
  * Bootloader reads SPI configuration from bin header, so that
  * the burning configuration can be different with compiling configuration.
  */
-static void IRAM_ATTR flash_gpio_configure(const esp_image_header_t* pfhdr)
+static void IRAM_ATTR bootloader_init_flash_configure(const esp_image_header_t* pfhdr)
 {
-    int spi_cache_dummy = 0;
-    int drv = 2;
-    switch (pfhdr->spi_mode) {
-        case ESP_IMAGE_SPI_MODE_QIO:
-            spi_cache_dummy = SPI0_R_DIO_DUMMY_CYCLELEN;
-            break;
-        case ESP_IMAGE_SPI_MODE_DIO:
-            spi_cache_dummy = SPI0_R_DIO_DUMMY_CYCLELEN;   //qio 3
-            break;
-        case ESP_IMAGE_SPI_MODE_QOUT:
-        case ESP_IMAGE_SPI_MODE_DOUT:
-        default:
-            spi_cache_dummy = SPI0_R_FAST_DUMMY_CYCLELEN;
-            break;
-    }
-
-    /* dummy_len_plus values defined in ROM for SPI flash configuration */
-    extern uint8_t g_rom_spiflash_dummy_len_plus[];
-    switch (pfhdr->spi_speed) {
-        case ESP_IMAGE_SPI_SPEED_80M:
-            g_rom_spiflash_dummy_len_plus[0] = FLASH_IO_MATRIX_DUMMY_80M;
-            g_rom_spiflash_dummy_len_plus[1] = FLASH_IO_MATRIX_DUMMY_80M;
-            SET_PERI_REG_BITS(SPI_USER1_REG(0), SPI_USR_DUMMY_CYCLELEN_V, spi_cache_dummy + FLASH_IO_MATRIX_DUMMY_80M,
-                    SPI_USR_DUMMY_CYCLELEN_S);  //DUMMY
-            drv = 3;
-            break;
-        case ESP_IMAGE_SPI_SPEED_40M:
-            g_rom_spiflash_dummy_len_plus[0] = FLASH_IO_MATRIX_DUMMY_40M;
-            g_rom_spiflash_dummy_len_plus[1] = FLASH_IO_MATRIX_DUMMY_40M;
-            SET_PERI_REG_BITS(SPI_USER1_REG(0), SPI_USR_DUMMY_CYCLELEN_V, spi_cache_dummy + FLASH_IO_MATRIX_DUMMY_40M,
-                    SPI_USR_DUMMY_CYCLELEN_S);  //DUMMY
-            break;
-        default:
-            break;
-    }
-
-    uint32_t chip_ver = REG_GET_FIELD(EFUSE_BLK0_RDATA3_REG, EFUSE_RD_CHIP_VER_PKG);
-    uint32_t pkg_ver = chip_ver & 0x7;
-
-    if (pkg_ver == EFUSE_RD_CHIP_VER_PKG_ESP32D2WDQ5) {
-        // For ESP32D2WD the SPI pins are already configured
-        // flash clock signal should come from IO MUX.
-        PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CLK_U, FUNC_SD_CLK_SPICLK);
-        SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, drv, FUN_DRV_S);
-    } else if (pkg_ver == EFUSE_RD_CHIP_VER_PKG_ESP32PICOD2) {
-        // For ESP32PICOD2 the SPI pins are already configured
-        // flash clock signal should come from IO MUX.
-        PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CLK_U, FUNC_SD_CLK_SPICLK);
-        SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, drv, FUN_DRV_S);
-    } else if (pkg_ver == EFUSE_RD_CHIP_VER_PKG_ESP32PICOD4) {
-        // For ESP32PICOD4 the SPI pins are already configured
-        // flash clock signal should come from IO MUX.
-        PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CLK_U, FUNC_SD_CLK_SPICLK);
-        SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, drv, FUN_DRV_S);
-    } else {
-        const uint32_t spiconfig = ets_efuse_get_spiconfig();
-        if (spiconfig == EFUSE_SPICONFIG_SPI_DEFAULTS) {
-            gpio_matrix_out(FLASH_CS_IO, SPICS0_OUT_IDX, 0, 0);
-            gpio_matrix_out(FLASH_SPIQ_IO, SPIQ_OUT_IDX, 0, 0);
-            gpio_matrix_in(FLASH_SPIQ_IO, SPIQ_IN_IDX, 0);
-            gpio_matrix_out(FLASH_SPID_IO, SPID_OUT_IDX, 0, 0);
-            gpio_matrix_in(FLASH_SPID_IO, SPID_IN_IDX, 0);
-            gpio_matrix_out(FLASH_SPIWP_IO, SPIWP_OUT_IDX, 0, 0);
-            gpio_matrix_in(FLASH_SPIWP_IO, SPIWP_IN_IDX, 0);
-            gpio_matrix_out(FLASH_SPIHD_IO, SPIHD_OUT_IDX, 0, 0);
-            gpio_matrix_in(FLASH_SPIHD_IO, SPIHD_IN_IDX, 0);
-            //select pin function gpio
-            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_DATA0_U, PIN_FUNC_GPIO);
-            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_DATA1_U, PIN_FUNC_GPIO);
-            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_DATA2_U, PIN_FUNC_GPIO);
-            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_DATA3_U, PIN_FUNC_GPIO);
-            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CMD_U, PIN_FUNC_GPIO);
-            // flash clock signal should come from IO MUX.
-            // set drive ability for clock
-            PIN_FUNC_SELECT(PERIPHS_IO_MUX_SD_CLK_U, FUNC_SD_CLK_SPICLK);
-            SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, drv, FUN_DRV_S);
-
-            #if CONFIG_SPIRAM_TYPE_ESPPSRAM32
-            uint32_t flash_id = g_rom_flashchip.device_id;
-            if (flash_id == FLASH_ID_GD25LQ32C) {
-                // Set drive ability for 1.8v flash in 80Mhz.
-                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_DATA0_U, FUN_DRV, 3, FUN_DRV_S);
-                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_DATA1_U, FUN_DRV, 3, FUN_DRV_S);
-                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_DATA2_U, FUN_DRV, 3, FUN_DRV_S);
-                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_DATA3_U, FUN_DRV, 3, FUN_DRV_S);
-                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CMD_U, FUN_DRV, 3, FUN_DRV_S);
-                SET_PERI_REG_BITS(PERIPHS_IO_MUX_SD_CLK_U, FUN_DRV, 3, FUN_DRV_S);
-            }
-            #endif
-        }
-    }
+    bootloader_flash_gpio_config(pfhdr);
+    bootloader_flash_dummy_config(pfhdr);
+    bootloader_flash_cs_timing_config();
 }
 
 static void uart_console_configure(void)
@@ -442,10 +336,18 @@ static void uart_console_configure(void)
         // (arrays should be optimized away by the compiler)
         const uint32_t tx_idx_list[3] = { U0TXD_OUT_IDX, U1TXD_OUT_IDX, U2TXD_OUT_IDX };
         const uint32_t rx_idx_list[3] = { U0RXD_IN_IDX, U1RXD_IN_IDX, U2RXD_IN_IDX };
+        const uint32_t uart_reset[3] = { DPORT_UART_RST, DPORT_UART1_RST, DPORT_UART2_RST };
         const uint32_t tx_idx = tx_idx_list[uart_num];
         const uint32_t rx_idx = rx_idx_list[uart_num];
+
+        PIN_INPUT_ENABLE(GPIO_PIN_MUX_REG[uart_rx_gpio]);
+        gpio_pad_pullup(uart_rx_gpio);
+
         gpio_matrix_out(uart_tx_gpio, tx_idx, 0, 0);
         gpio_matrix_in(uart_rx_gpio, rx_idx, 0);
+
+        DPORT_SET_PERI_REG_MASK(DPORT_PERIP_RST_EN_REG, uart_reset[uart_num]);
+        DPORT_CLEAR_PERI_REG_MASK(DPORT_PERIP_RST_EN_REG, uart_reset[uart_num]);
     }
 #endif // CONFIG_CONSOLE_UART_CUSTOM
 

components/bootloader_support/src/bootloader_random.c

@@ -114,17 +114,18 @@ void bootloader_random_enable(void)
 
 void bootloader_random_disable(void)
 {
-    /* Disable i2s clock */
-    DPORT_CLEAR_PERI_REG_MASK(DPORT_PERIP_CLK_EN_REG, DPORT_I2S0_CLK_EN);
-
-
     /* Reset some i2s configuration (possibly redundant as we reset entire
        I2S peripheral further down). */
+    CLEAR_PERI_REG_MASK(I2S_CONF_REG(0), I2S_RX_START);
+    SET_PERI_REG_MASK(I2S_CONF_REG(0), I2S_RX_RESET);
+    CLEAR_PERI_REG_MASK(I2S_CONF_REG(0), I2S_RX_RESET);
     CLEAR_PERI_REG_MASK(I2S_CONF2_REG(0), I2S_CAMERA_EN);
     CLEAR_PERI_REG_MASK(I2S_CONF2_REG(0), I2S_LCD_EN);
     CLEAR_PERI_REG_MASK(I2S_CONF2_REG(0), I2S_DATA_ENABLE_TEST_EN);
     CLEAR_PERI_REG_MASK(I2S_CONF2_REG(0), I2S_DATA_ENABLE);
-    CLEAR_PERI_REG_MASK(I2S_CONF_REG(0), I2S_RX_START);
+
+    /* Disable i2s clock */
+    DPORT_CLEAR_PERI_REG_MASK(DPORT_PERIP_CLK_EN_REG, DPORT_I2S0_CLK_EN);
 
     /* Restore SYSCON mode registers */
     CLEAR_PERI_REG_MASK(SENS_SAR_READ_CTRL_REG, SENS_SAR1_DIG_FORCE);

components/bootloader_support/src/bootloader_utility.c

@@ -51,12 +51,15 @@
 #include "bootloader_common.h"
 #include "bootloader_utility.h"
 #include "bootloader_sha.h"
+#include "esp_efuse.h"
 
 static const char* TAG = "boot";
 
 /* Reduce literal size for some generic string literals */
 #define MAP_ERR_MSG "Image contains multiple %s segments. Only the last one will be mapped."
 
+static bool ota_has_initial_contents;
+
 static void load_image(const esp_image_metadata_t* image_data);
 static void unpack_load_app(const esp_image_metadata_t *data);
 static void set_cache_and_start_app(uint32_t drom_addr,
@@ -67,6 +70,34 @@ static void set_cache_and_start_app(uint32_t drom_addr,
     uint32_t irom_size,
     uint32_t entry_addr);
 
+// Read ota_info partition and fill array from two otadata structures.
+static esp_err_t read_otadata(const esp_partition_pos_t *ota_info, esp_ota_select_entry_t *two_otadata)
+{
+    const esp_ota_select_entry_t *ota_select_map;
+    if (ota_info->offset == 0) {
+        return ESP_ERR_NOT_FOUND;
+    }
+
+    // partition table has OTA data partition
+    if (ota_info->size < 2 * SPI_SEC_SIZE) {
+        ESP_LOGE(TAG, "ota_info partition size %d is too small (minimum %d bytes)", ota_info->size, sizeof(esp_ota_select_entry_t));
+        return ESP_FAIL; // can't proceed
+    }
+
+    ESP_LOGD(TAG, "OTA data offset 0x%x", ota_info->offset);
+    ota_select_map = bootloader_mmap(ota_info->offset, ota_info->size);
+    if (!ota_select_map) {
+        ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", ota_info->offset, ota_info->size);
+        return ESP_FAIL; // can't proceed
+    }
+
+    memcpy(&two_otadata[0], ota_select_map, sizeof(esp_ota_select_entry_t));
+    memcpy(&two_otadata[1], (uint8_t *)ota_select_map + SPI_SEC_SIZE, sizeof(esp_ota_select_entry_t));
+    bootloader_munmap(ota_select_map);
+
+    return ESP_OK;
+}
+
 bool bootloader_utility_load_partition_table(bootloader_state_t* bs)
 {
     const esp_partition_info_t *partitions;
@@ -136,6 +167,12 @@ bool bootloader_utility_load_partition_table(bootloader_state_t* bs)
             case PART_SUBTYPE_DATA_NVS_KEYS:
                 partition_usage = "NVS keys";
                 break;
+            case PART_SUBTYPE_DATA_EFUSE_EM:
+                partition_usage = "efuse";
+#ifdef CONFIG_EFUSE_SECURE_VERSION_EMULATE
+                esp_efuse_init(partition->pos.offset, partition->pos.size);
+#endif
+                break;
             default:
                 partition_usage = "Unknown data";
                 break;
@@ -192,73 +229,157 @@ static void log_invalid_app_partition(int index)
     }
 }
 
-int bootloader_utility_get_selected_boot_partition(const bootloader_state_t *bs)
+static esp_err_t write_otadata(esp_ota_select_entry_t *otadata, uint32_t offset, bool write_encrypted)
 {
-    esp_ota_select_entry_t sa,sb;
-    const esp_ota_select_entry_t *ota_select_map;
+    esp_err_t err = bootloader_flash_erase_sector(offset / FLASH_SECTOR_SIZE);
+    if (err == ESP_OK) {
+        err = bootloader_flash_write(offset, otadata, sizeof(esp_ota_select_entry_t), write_encrypted);
+    }
+    if (err != ESP_OK) {
+        ESP_LOGE(TAG, "Error in write_otadata operation. err = 0x%x", err);
+    }
+    return err;
+}
 
-    if (bs->ota_info.offset != 0) {
-        // partition table has OTA data partition
-        if (bs->ota_info.size < 2 * SPI_SEC_SIZE) {
-            ESP_LOGE(TAG, "ota_info partition size %d is too small (minimum %d bytes)", bs->ota_info.size, sizeof(esp_ota_select_entry_t));
-            return INVALID_INDEX; // can't proceed
-        }
+static bool check_anti_rollback(const esp_partition_pos_t *partition)
+{
+#ifdef CONFIG_APP_ANTI_ROLLBACK
+    esp_app_desc_t app_desc;
+    esp_err_t err = bootloader_common_get_partition_description(partition, &app_desc);
+    return err == ESP_OK && esp_efuse_check_secure_version(app_desc.secure_version) == true;
+#else
+    return true;
+#endif
+}
 
-        ESP_LOGD(TAG, "OTA data offset 0x%x", bs->ota_info.offset);
-        ota_select_map = bootloader_mmap(bs->ota_info.offset, bs->ota_info.size);
-        if (!ota_select_map) {
-            ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", bs->ota_info.offset, bs->ota_info.size);
-            return INVALID_INDEX; // can't proceed
-        }
-        memcpy(&sa, ota_select_map, sizeof(esp_ota_select_entry_t));
-        memcpy(&sb, (uint8_t *)ota_select_map + SPI_SEC_SIZE, sizeof(esp_ota_select_entry_t));
-        bootloader_munmap(ota_select_map);
+#ifdef CONFIG_APP_ANTI_ROLLBACK
+static void update_anti_rollback(const esp_partition_pos_t *partition)
+{
+    esp_app_desc_t app_desc;
+    esp_err_t err = bootloader_common_get_partition_description(partition, &app_desc);
+    if (err == ESP_OK) {
+        esp_efuse_update_secure_version(app_desc.secure_version);
+    }
+}
 
-        ESP_LOGD(TAG, "OTA sequence values A 0x%08x B 0x%08x", sa.ota_seq, sb.ota_seq);
-        if ((sa.ota_seq == UINT32_MAX && sb.ota_seq == UINT32_MAX) || (bs->app_count == 0)) {
-            ESP_LOGD(TAG, "OTA sequence numbers both empty (all-0xFF) or partition table does not have bootable ota_apps (app_count=%d)", bs->app_count);
-            if (bs->factory.offset != 0) {
-                ESP_LOGI(TAG, "Defaulting to factory image");
-                return FACTORY_INDEX;
+static int get_active_otadata_with_check_anti_rollback(const bootloader_state_t *bs, esp_ota_select_entry_t *two_otadata)
+{
+    uint32_t ota_seq;
+    uint32_t ota_slot;
+    bool valid_otadata[2];
+
+    valid_otadata[0] = bootloader_common_ota_select_valid(&two_otadata[0]);
+    valid_otadata[1] = bootloader_common_ota_select_valid(&two_otadata[1]);
+
+    bool sec_ver_valid_otadata[2] = { 0 };
+    for (int i = 0; i < 2; ++i) {
+        if (valid_otadata[i] == true) {
+            ota_seq = two_otadata[i].ota_seq - 1; // Raw OTA sequence number. May be more than # of OTA slots
+            ota_slot = ota_seq % bs->app_count; // Actual OTA partition selection
+            if (check_anti_rollback(&bs->ota[ota_slot]) == false) {
+                // invalid. This otadata[i] will not be selected as active.
+                ESP_LOGD(TAG, "OTA slot %d has an app with secure_version, this version is smaller than in the device. This OTA slot will not be selected.", ota_slot);
             } else {
-                ESP_LOGI(TAG, "No factory image, trying OTA 0");
-                return 0;
-            }
-        } else  {
-            bool ota_valid = false;
-            const char *ota_msg;
-            int ota_seq; // Raw OTA sequence number. May be more than # of OTA slots
-            if(bootloader_common_ota_select_valid(&sa) && bootloader_common_ota_select_valid(&sb)) {
-                ota_valid = true;
-                ota_msg = "Both OTA values";
-                ota_seq = MAX(sa.ota_seq, sb.ota_seq) - 1;
-            } else if(bootloader_common_ota_select_valid(&sa)) {
-                ota_valid = true;
-                ota_msg = "Only OTA sequence A is";
-                ota_seq = sa.ota_seq - 1;
-            } else if(bootloader_common_ota_select_valid(&sb)) {
-                ota_valid = true;
-                ota_msg = "Only OTA sequence B is";
-                ota_seq = sb.ota_seq - 1;
-            }
-
-            if (ota_valid) {
-                int ota_slot = ota_seq % bs->app_count; // Actual OTA partition selection
-                ESP_LOGD(TAG, "%s valid. Mapping seq %d -> OTA slot %d", ota_msg, ota_seq, ota_slot);
-                return ota_slot;
-            } else if (bs->factory.offset != 0) {
-                ESP_LOGE(TAG, "ota data partition invalid, falling back to factory");
-                return FACTORY_INDEX;
-            } else {
-                ESP_LOGE(TAG, "ota data partition invalid and no factory, will try all partitions");
-                return FACTORY_INDEX;
+                sec_ver_valid_otadata[i] = true;
             }
         }
     }
 
-    // otherwise, start from factory app partition and let the search logic
-    // proceed from there
-    return FACTORY_INDEX;
+    return bootloader_common_select_otadata(two_otadata, sec_ver_valid_otadata, true);
+}
+#endif
+
+int bootloader_utility_get_selected_boot_partition(const bootloader_state_t *bs)
+{
+    esp_ota_select_entry_t otadata[2];
+    int boot_index = FACTORY_INDEX;
+
+    if (bs->ota_info.offset == 0) {
+        return FACTORY_INDEX;
+    }
+
+    if (read_otadata(&bs->ota_info, otadata) != ESP_OK) {
+        return INVALID_INDEX;
+    }
+    ota_has_initial_contents = false;
+
+    ESP_LOGD(TAG, "otadata[0]: sequence values 0x%08x", otadata[0].ota_seq);
+    ESP_LOGD(TAG, "otadata[1]: sequence values 0x%08x", otadata[1].ota_seq);
+
+#ifdef CONFIG_APP_ROLLBACK_ENABLE
+    bool write_encrypted = esp_flash_encryption_enabled();
+    for (int i = 0; i < 2; ++i) {
+        if (otadata[i].ota_state == ESP_OTA_IMG_PENDING_VERIFY) {
+            ESP_LOGD(TAG, "otadata[%d] is marking as ABORTED", i);
+            otadata[i].ota_state = ESP_OTA_IMG_ABORTED;
+            write_otadata(&otadata[i], bs->ota_info.offset + FLASH_SECTOR_SIZE * i, write_encrypted);
+        }
+    }
+#endif
+
+#ifndef CONFIG_APP_ANTI_ROLLBACK
+    if ((bootloader_common_ota_select_invalid(&otadata[0]) &&
+         bootloader_common_ota_select_invalid(&otadata[1])) ||
+         bs->app_count == 0) {
+        ESP_LOGD(TAG, "OTA sequence numbers both empty (all-0xFF) or partition table does not have bootable ota_apps (app_count=%d)", bs->app_count);
+        if (bs->factory.offset != 0) {
+            ESP_LOGI(TAG, "Defaulting to factory image");
+            boot_index = FACTORY_INDEX;
+        } else {
+            ESP_LOGI(TAG, "No factory image, trying OTA 0");
+            boot_index = 0;
+            // Try to boot from ota_0.
+            if ((otadata[0].ota_seq == UINT32_MAX || otadata[0].crc != bootloader_common_ota_select_crc(&otadata[0])) &&
+                (otadata[1].ota_seq == UINT32_MAX || otadata[1].crc != bootloader_common_ota_select_crc(&otadata[1]))) {
+                // Factory is not found and both otadata are initial(0xFFFFFFFF) or incorrect crc.
+                // will set correct ota_seq.
+                ota_has_initial_contents = true;
+            }
+        }
+    } else {
+        int active_otadata = bootloader_common_get_active_otadata(otadata);
+#else
+    ESP_LOGI(TAG, "Enabled a check secure version of app for anti rollback");
+    ESP_LOGI(TAG, "Secure version (from eFuse) = %d", esp_efuse_read_secure_version());
+    // When CONFIG_APP_ANTI_ROLLBACK is enabled factory partition should not be in partition table, only two ota_app are there.
+    if ((otadata[0].ota_seq == UINT32_MAX || otadata[0].crc != bootloader_common_ota_select_crc(&otadata[0])) &&
+        (otadata[1].ota_seq == UINT32_MAX || otadata[1].crc != bootloader_common_ota_select_crc(&otadata[1]))) {
+        ESP_LOGI(TAG, "otadata[0..1] in initial state");
+        // both otadata are initial(0xFFFFFFFF) or incorrect crc.
+        // will set correct ota_seq.
+        ota_has_initial_contents = true;
+    } else {
+        int active_otadata = get_active_otadata_with_check_anti_rollback(bs, otadata);
+#endif
+        if (active_otadata != -1) {
+            ESP_LOGD(TAG, "Active otadata[%d]", active_otadata);
+            uint32_t ota_seq = otadata[active_otadata].ota_seq - 1; // Raw OTA sequence number. May be more than # of OTA slots
+            boot_index = ota_seq % bs->app_count; // Actual OTA partition selection
+            ESP_LOGD(TAG, "Mapping seq %d -> OTA slot %d", ota_seq, boot_index);
+#ifdef CONFIG_APP_ROLLBACK_ENABLE
+            if (otadata[active_otadata].ota_state == ESP_OTA_IMG_NEW) {
+                ESP_LOGD(TAG, "otadata[%d] is selected as new and marked PENDING_VERIFY state", active_otadata);
+                otadata[active_otadata].ota_state = ESP_OTA_IMG_PENDING_VERIFY;
+                write_otadata(&otadata[active_otadata], bs->ota_info.offset + FLASH_SECTOR_SIZE * active_otadata, write_encrypted);
+            }
+#endif // CONFIG_APP_ROLLBACK_ENABLE
+
+#ifdef CONFIG_APP_ANTI_ROLLBACK
+            if(otadata[active_otadata].ota_state == ESP_OTA_IMG_VALID) {
+                update_anti_rollback(&bs->ota[boot_index]);
+            }
+#endif // CONFIG_APP_ANTI_ROLLBACK
+
+        } else if (bs->factory.offset != 0) {
+            ESP_LOGE(TAG, "ota data partition invalid, falling back to factory");
+            boot_index = FACTORY_INDEX;
+        } else {
+            ESP_LOGE(TAG, "ota data partition invalid and no factory, will try all partitions");
+            boot_index = FACTORY_INDEX;
+        }
+    }
+
+    return boot_index;
 }
 
 /* Return true if a partition has a valid app image that was successfully loaded */
@@ -279,6 +400,26 @@ static bool try_load_partition(const esp_partition_pos_t *partition, esp_image_m
     return false;
 }
 
+// ota_has_initial_contents flag is set if factory does not present in partition table and
+// otadata has initial content(0xFFFFFFFF), then set actual ota_seq.
+static void set_actual_ota_seq(const bootloader_state_t *bs, int index)
+{
+    if (index > FACTORY_INDEX && ota_has_initial_contents == true) {
+        esp_ota_select_entry_t otadata;
+        memset(&otadata, 0xFF, sizeof(otadata));
+        otadata.ota_seq = index + 1;
+        otadata.ota_state = ESP_OTA_IMG_VALID;
+        otadata.crc = bootloader_common_ota_select_crc(&otadata);
+
+        bool write_encrypted = esp_flash_encryption_enabled();
+        write_otadata(&otadata, bs->ota_info.offset + FLASH_SECTOR_SIZE * 0, write_encrypted);
+        ESP_LOGI(TAG, "Set actual ota_seq=%d in otadata[0]", otadata.ota_seq);
+#ifdef CONFIG_APP_ANTI_ROLLBACK
+        update_anti_rollback(&bs->ota[index]);
+#endif
+    }
+}
+
 #define TRY_LOG_FORMAT "Trying partition index %d offs 0x%x size 0x%x"
 
 void bootloader_utility_load_boot_image(const bootloader_state_t *bs, int start_index)
@@ -303,7 +444,8 @@ void bootloader_utility_load_boot_image(const bootloader_state_t *bs, int start_
             continue;
         }
         ESP_LOGD(TAG, TRY_LOG_FORMAT, index, part.offset, part.size);
-        if (try_load_partition(&part, &image_data)) {
+        if (check_anti_rollback(&part) && try_load_partition(&part, &image_data)) {
+            set_actual_ota_seq(bs, index);
             load_image(&image_data);
         }
         log_invalid_app_partition(index);
@@ -316,7 +458,8 @@ void bootloader_utility_load_boot_image(const bootloader_state_t *bs, int start_
             continue;
         }
         ESP_LOGD(TAG, TRY_LOG_FORMAT, index, part.offset, part.size);
-        if (try_load_partition(&part, &image_data)) {
+        if (check_anti_rollback(&part) && try_load_partition(&part, &image_data)) {
+            set_actual_ota_seq(bs, index);
             load_image(&image_data);
         }
         log_invalid_app_partition(index);
@@ -335,24 +478,71 @@ void bootloader_utility_load_boot_image(const bootloader_state_t *bs, int start_
 // Copy loaded segments to RAM, set up caches for mapped segments, and start application.
 static void load_image(const esp_image_metadata_t* image_data)
 {
+    /**
+     * Rough steps for a first boot, when encryption and secure boot are both disabled:
+     *   1) Generate secure boot key and write to EFUSE.
+     *   2) Write plaintext digest based on plaintext bootloader
+     *   3) Generate flash encryption key and write to EFUSE.
+     *   4) Encrypt flash in-place including bootloader, then digest,
+     *      then app partitions and other encrypted partitions
+     *   5) Burn EFUSE to enable flash encryption (FLASH_CRYPT_CNT)
+     *   6) Burn EFUSE to enable secure boot (ABS_DONE_0)
+     *
+     * If power failure happens during Step 1, probably the next boot will continue from Step 2.
+     * There is some small chance that EFUSEs will be part-way through being written so will be
+     * somehow corrupted here. Thankfully this window of time is very small, but if that's the
+     * case, one has to use the espefuse tool to manually set the remaining bits and enable R/W
+     * protection. Once the relevant EFUSE bits are set and R/W protected, Step 1 will be skipped
+     * successfully on further reboots.
+     *
+     * If power failure happens during Step 2, Step 1 will be skipped and Step 2 repeated:
+     * the digest will get re-written on the next boot.
+     *
+     * If power failure happens during Step 3, it's possible that EFUSE was partially written
+     * with the generated flash encryption key, though the time window for that would again
+     * be very small. On reboot, Step 1 will be skipped and Step 2 repeated, though, Step 3
+     * may fail due to the above mentioned reason, in which case, one has to use the espefuse
+     * tool to manually set the remaining bits and enable R/W protection. Once the relevant EFUSE
+     * bits are set and R/W protected, Step 3 will be skipped successfully on further reboots.
+     *
+     * If power failure happens after start of 4 and before end of 5, the next boot will fail
+     * (bootloader header is encrypted and flash encryption isn't enabled yet, so it looks like
+     * noise to the ROM bootloader). The check in the ROM is pretty basic so if the first byte of
+     * ciphertext happens to be the magic byte E9 then it may try to boot, but it will definitely
+     * crash (no chance that the remaining ciphertext will look like a valid bootloader image).
+     * Only solution is to reflash with all plaintext and the whole process starts again: skips
+     * Step 1, repeats Step 2, skips Step 3, etc.
+     *
+     * If power failure happens after 5 but before 6, the device will reboot with flash
+     * encryption on and will regenerate an encrypted digest in Step 2. This should still
+     * be valid as the input data for the digest is read via flash cache (so will be decrypted)
+     * and the code in secure_boot_generate() tells bootloader_flash_write() to encrypt the data
+     * on write if flash encryption is enabled. Steps 3 - 5 are skipped (encryption already on),
+     * then Step 6 enables secure boot.
+     */
+
 #if defined(CONFIG_SECURE_BOOT_ENABLED) || defined(CONFIG_FLASH_ENCRYPTION_ENABLED)
     esp_err_t err;
 #endif
+
 #ifdef CONFIG_SECURE_BOOT_ENABLED
-    /* Generate secure digest from this bootloader to protect future
-       modifications */
-    ESP_LOGI(TAG, "Checking secure boot...");
-    err = esp_secure_boot_permanently_enable();
+    /* Steps 1 & 2 (see above for full description):
+     *   1) Generate secure boot EFUSE key
+     *   2) Compute digest of plaintext bootloader
+     */
+    err = esp_secure_boot_generate_digest();
     if (err != ESP_OK) {
-        ESP_LOGE(TAG, "Bootloader digest generation failed (%d). SECURE BOOT IS NOT ENABLED.", err);
-        /* Allow booting to continue, as the failure is probably
-           due to user-configured EFUSEs for testing...
-        */
+        ESP_LOGE(TAG, "Bootloader digest generation for secure boot failed (%d).", err);
+        return;
     }
 #endif
 
 #ifdef CONFIG_FLASH_ENCRYPTION_ENABLED
-    /* encrypt flash */
+    /* Steps 3, 4 & 5 (see above for full description):
+     *   3) Generate flash encryption EFUSE key
+     *   4) Encrypt flash contents
+     *   5) Burn EFUSE to enable flash encryption
+     */
     ESP_LOGI(TAG, "Checking flash encryption...");
     bool flash_encryption_enabled = esp_flash_encryption_enabled();
     err = esp_flash_encrypt_check_and_update();
@@ -360,7 +550,24 @@ static void load_image(const esp_image_metadata_t* image_data)
         ESP_LOGE(TAG, "Flash encryption check failed (%d).", err);
         return;
     }
+#endif
 
+#ifdef CONFIG_SECURE_BOOT_ENABLED
+    /* Step 6 (see above for full description):
+     *   6) Burn EFUSE to enable secure boot
+     */
+    ESP_LOGI(TAG, "Checking secure boot...");
+    err = esp_secure_boot_permanently_enable();
+    if (err != ESP_OK) {
+        ESP_LOGE(TAG, "FAILED TO ENABLE SECURE BOOT (%d).", err);
+        /* Panic here as secure boot is not properly enabled
+           due to one of the reasons in above function
+        */
+        abort();
+    }
+#endif
+
+#ifdef CONFIG_FLASH_ENCRYPTION_ENABLED
     if (!flash_encryption_enabled && esp_flash_encryption_enabled()) {
         /* Flash encryption was just enabled for the first time,
            so issue a system reset to ensure flash encryption

components/bootloader_support/src/efuse.c

@@ -1,114 +0,0 @@
-// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-#include "esp_efuse.h"
-#include "esp_log.h"
-#include <string.h>
-#include "bootloader_random.h"
-
-#define EFUSE_CONF_WRITE 0x5A5A /* efuse_pgm_op_ena, force no rd/wr disable */
-#define EFUSE_CONF_READ 0x5AA5 /* efuse_read_op_ena, release force */
-
-#define EFUSE_CMD_PGM 0x02
-#define EFUSE_CMD_READ 0x01
-
-static const char *TAG = "efuse";
-
-void esp_efuse_burn_new_values(void)
-{
-    REG_WRITE(EFUSE_CONF_REG, EFUSE_CONF_WRITE);
-    REG_WRITE(EFUSE_CMD_REG,  EFUSE_CMD_PGM);
-    while (REG_READ(EFUSE_CMD_REG) != 0) {
-    }
-    REG_WRITE(EFUSE_CONF_REG, EFUSE_CONF_READ);
-    REG_WRITE(EFUSE_CMD_REG,  EFUSE_CMD_READ);
-    while (REG_READ(EFUSE_CMD_REG) != 0) {
-    }
-    esp_efuse_reset();
-}
-
-void esp_efuse_reset(void)
-{
-    REG_WRITE(EFUSE_CONF_REG, EFUSE_CONF_READ);
-    const uint32_t block_start[4] = { EFUSE_BLK0_WDATA0_REG, EFUSE_BLK1_WDATA0_REG,
-                                      EFUSE_BLK2_WDATA0_REG, EFUSE_BLK3_WDATA0_REG };
-    const uint32_t block_end[4] = { EFUSE_BLK0_WDATA6_REG, EFUSE_BLK1_WDATA7_REG,
-                                    EFUSE_BLK2_WDATA7_REG, EFUSE_BLK3_WDATA7_REG };
-    for (int i = 0; i < 4; i++) {
-      for (uint32_t r = block_start[i]; r <= block_end[i]; r+= 4) {
-        REG_WRITE(r, 0);
-      }
-    }
-}
-
-void esp_efuse_disable_basic_rom_console(void)
-{
-    if ((REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_RD_CONSOLE_DEBUG_DISABLE) == 0) {
-        ESP_EARLY_LOGI(TAG, "Disable BASIC ROM Console fallback via efuse...");
-        esp_efuse_reset();
-        REG_WRITE(EFUSE_BLK0_WDATA6_REG, EFUSE_RD_CONSOLE_DEBUG_DISABLE);
-        esp_efuse_burn_new_values();
-    }
-}
-
-esp_err_t esp_efuse_apply_34_encoding(const uint8_t *in_bytes, uint32_t *out_words, size_t in_bytes_len)
-{
-    if (in_bytes == NULL || out_words == NULL || in_bytes_len % 6 != 0) {
-        return ESP_ERR_INVALID_ARG;
-    }
-
-    while (in_bytes_len > 0) {
-        uint8_t out[8];
-        uint8_t xor = 0;
-        uint8_t mul = 0;
-        for (int i = 0; i < 6; i++) {
-            xor ^= in_bytes[i];
-            mul += (i + 1) * __builtin_popcount(in_bytes[i]);
-        }
-
-        memcpy(out, in_bytes, 6); // Data bytes
-        out[6] = xor;
-        out[7] = mul;
-
-        memcpy(out_words, out, 8);
-
-        in_bytes_len -= 6;
-        in_bytes += 6;
-        out_words += 2;
-    }
-
-    return ESP_OK;
-}
-
-void esp_efuse_write_random_key(uint32_t blk_wdata0_reg)
-{
-    uint32_t buf[8];
-    uint8_t raw[24];
-    uint32_t coding_scheme = REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_CODING_SCHEME_M;
-
-    if (coding_scheme == EFUSE_CODING_SCHEME_VAL_NONE) {
-        bootloader_fill_random(buf, sizeof(buf));
-    } else { // 3/4 Coding Scheme
-        bootloader_fill_random(raw, sizeof(raw));
-        esp_err_t r = esp_efuse_apply_34_encoding(raw, buf, sizeof(raw));
-        assert(r == ESP_OK);
-    }
-
-    ESP_LOGV(TAG, "Writing random values to address 0x%08x", blk_wdata0_reg);
-    for (int i = 0; i < 8; i++) {
-        ESP_LOGV(TAG, "EFUSE_BLKx_WDATA%d_REG = 0x%08x", i, buf[i]);
-        REG_WRITE(blk_wdata0_reg + 4*i, buf[i]);
-    }
-    bzero(buf, sizeof(buf));
-    bzero(raw, sizeof(raw));
-}

components/bootloader_support/src/esp_image_format.c

@@ -24,6 +24,7 @@
 #include <bootloader_random.h>
 #include <bootloader_sha.h>
 #include "bootloader_util.h"
+#include "bootloader_common.h"
 
 /* Checking signatures as part of verifying images is necessary:
    - Always if secure boot is enabled
@@ -280,6 +281,9 @@ static esp_err_t verify_image_header(uint32_t src_addr, const esp_image_header_t
         }
         err = ESP_ERR_IMAGE_INVALID;
     }
+    if (bootloader_common_check_chip_validity(image, ESP_IMAGE_APPLICATION) != ESP_OK) {
+        err = ESP_ERR_IMAGE_INVALID;
+    }
     if (!silent) {
         if (image->spi_mode > ESP_IMAGE_SPI_MODE_SLOW_READ) {
             ESP_LOGW(TAG, "image at 0x%x has invalid SPI mode %d", src_addr, image->spi_mode);
@@ -368,24 +372,22 @@ static esp_err_t process_segment(int index, uint32_t flash_addr, esp_image_segme
     }
 #endif // BOOTLOADER_BUILD
 
-#ifndef BOOTLOADER_BUILD
-    uint32_t free_page_count = spi_flash_mmap_get_free_pages(SPI_FLASH_MMAP_DATA);
-    ESP_LOGD(TAG, "free data page_count 0x%08x",free_page_count);
-    uint32_t offset_page = 0;
-    while (data_len >= free_page_count * SPI_FLASH_MMU_PAGE_SIZE) {
-        offset_page = ((data_addr & MMAP_ALIGNED_MASK) != 0)?1:0;
-        err = process_segment_data(load_addr, data_addr, (free_page_count - offset_page) * SPI_FLASH_MMU_PAGE_SIZE, do_load, sha_handle, checksum);
+    uint32_t free_page_count = bootloader_mmap_get_free_pages();
+    ESP_LOGD(TAG, "free data page_count 0x%08x", free_page_count);
+
+    int32_t data_len_remain = data_len;
+    while (data_len_remain > 0) {
+        uint32_t offset_page = ((data_addr & MMAP_ALIGNED_MASK) != 0) ? 1 : 0;
+        /* Data we could map in case we are not aligned to PAGE boundary is one page size lesser. */
+        data_len = MIN(data_len_remain, ((free_page_count - offset_page) * SPI_FLASH_MMU_PAGE_SIZE));
+        err = process_segment_data(load_addr, data_addr, data_len, do_load, sha_handle, checksum);
         if (err != ESP_OK) {
             return err;
         }
-        data_addr += (free_page_count - offset_page) * SPI_FLASH_MMU_PAGE_SIZE;
-        data_len -= (free_page_count - offset_page) * SPI_FLASH_MMU_PAGE_SIZE;
-    }
-#endif
-    err = process_segment_data(load_addr, data_addr, data_len, do_load, sha_handle, checksum);
-    if (err != ESP_OK) {
-        return err;
+        data_addr += data_len;
+        data_len_remain -= data_len;
     }
+
     return ESP_OK;
 
 err:

components/bootloader_support/src/flash_encrypt.c

@@ -163,7 +163,7 @@ static esp_err_t encrypt_flash_contents(uint32_t flash_crypt_cnt, bool flash_cry
 
     /* If the last flash_crypt_cnt bit is burned or write-disabled, the
        device can't re-encrypt itself. */
-    if (flash_crypt_wr_dis || flash_crypt_cnt == 0xFF) {
+    if (flash_crypt_wr_dis) {
         ESP_LOGE(TAG, "Cannot re-encrypt data (FLASH_CRYPT_CNT 0x%02x write disabled %d", flash_crypt_cnt, flash_crypt_wr_dis);
         return ESP_FAIL;
     }
@@ -200,11 +200,19 @@ static esp_err_t encrypt_flash_contents(uint32_t flash_crypt_cnt, bool flash_cry
     ESP_LOGD(TAG, "All flash regions checked for encryption pass");
 
     /* Set least significant 0-bit in flash_crypt_cnt */
-    int ffs_inv = __builtin_ffs((~flash_crypt_cnt) & 0xFF);
-    /* ffs_inv shouldn't be zero, as zero implies flash_crypt_cnt == 0xFF */
+    int ffs_inv = __builtin_ffs((~flash_crypt_cnt) & EFUSE_RD_FLASH_CRYPT_CNT);
+    /* ffs_inv shouldn't be zero, as zero implies flash_crypt_cnt == EFUSE_RD_FLASH_CRYPT_CNT (0x7F) */
     uint32_t new_flash_crypt_cnt = flash_crypt_cnt + (1 << (ffs_inv - 1));
     ESP_LOGD(TAG, "FLASH_CRYPT_CNT 0x%x -> 0x%x", flash_crypt_cnt, new_flash_crypt_cnt);
     REG_SET_FIELD(EFUSE_BLK0_WDATA0_REG, EFUSE_FLASH_CRYPT_CNT, new_flash_crypt_cnt);
+
+#ifdef CONFIG_FLASH_ENCRYPTION_DISABLE_PLAINTEXT
+    ESP_LOGI(TAG, "Write protecting FLASH_CRYPT_CNT efuse...");
+    REG_SET_BIT(EFUSE_BLK0_WDATA0_REG, EFUSE_WR_DIS_FLASH_CRYPT_CNT);
+#else
+    ESP_LOGW(TAG, "Not disabling FLASH_CRYPT_CNT - plaintext flashing is still possible");
+#endif
+
     esp_efuse_burn_new_values();
 
     ESP_LOGI(TAG, "Flash encryption completed");
@@ -225,18 +233,18 @@ static esp_err_t encrypt_bootloader()
             return err;
         }
 
-        if (esp_secure_boot_enabled()) {
-            /* If secure boot is enabled and bootloader was plaintext, also
-               need to encrypt secure boot IV+digest.
-            */
-            ESP_LOGD(TAG, "Encrypting secure bootloader IV & digest...");
-            err = esp_flash_encrypt_region(FLASH_OFFS_SECURE_BOOT_IV_DIGEST,
-                                           FLASH_SECTOR_SIZE);
-            if (err != ESP_OK) {
-                ESP_LOGE(TAG, "Failed to encrypt bootloader IV & digest in place: 0x%x", err);
-                return err;
-            }
+#ifdef CONFIG_SECURE_BOOT_ENABLED
+        /* If secure boot is enabled and bootloader was plaintext, also
+         * need to encrypt secure boot IV+digest.
+         */
+        ESP_LOGD(TAG, "Encrypting secure bootloader IV & digest...");
+        err = esp_flash_encrypt_region(FLASH_OFFS_SECURE_BOOT_IV_DIGEST,
+                                       FLASH_SECTOR_SIZE);
+        if (err != ESP_OK) {
+            ESP_LOGE(TAG, "Failed to encrypt bootloader IV & digest in place: 0x%x", err);
+            return err;
         }
+#endif
     }
     else {
         ESP_LOGW(TAG, "no valid bootloader was found");

components/bootloader_support/src/secure_boot.c

@@ -36,6 +36,12 @@
 #include "esp_flash_encrypt.h"
 #include "esp_efuse.h"
 
+/* The following API implementations are used only when called
+ * from the bootloader code.
+ */
+
+#ifdef BOOTLOADER_BUILD
+
 static const char* TAG = "secure_boot";
 
 /**
@@ -95,18 +101,15 @@ static bool secure_boot_generate(uint32_t image_len){
 /* Burn values written to the efuse write registers */
 static inline void burn_efuses()
 {
-#ifdef CONFIG_SECURE_BOOT_TEST_MODE
-    ESP_LOGE(TAG, "SECURE BOOT TEST MODE. Not really burning any efuses! NOT SECURE");
-#else
     esp_efuse_burn_new_values();
-#endif
 }
 
-esp_err_t esp_secure_boot_permanently_enable(void) {
+esp_err_t esp_secure_boot_generate_digest(void)
+{
     esp_err_t err;
-    if (esp_secure_boot_enabled())
-    {
-        ESP_LOGI(TAG, "bootloader secure boot is already enabled, continuing..");
+    if (esp_secure_boot_enabled()) {
+        ESP_LOGI(TAG, "bootloader secure boot is already enabled."
+                      " No need to generate digest. continuing..");
         return ESP_OK;
     }
 
@@ -124,6 +127,7 @@ esp_err_t esp_secure_boot_permanently_enable(void) {
         return err;
     }
 
+    /* Generate secure boot key and keep in EFUSE */
     uint32_t dis_reg = REG_READ(EFUSE_BLK0_RDATA0_REG);
     bool efuse_key_read_protected = dis_reg & EFUSE_RD_DIS_BLK2;
     bool efuse_key_write_protected = dis_reg & EFUSE_WR_DIS_BLK2;
@@ -140,16 +144,11 @@ esp_err_t esp_secure_boot_permanently_enable(void) {
         ESP_LOGI(TAG, "Generating new secure boot key...");
         esp_efuse_write_random_key(EFUSE_BLK2_WDATA0_REG);
         burn_efuses();
-        ESP_LOGI(TAG, "Read & write protecting new key...");
-        REG_WRITE(EFUSE_BLK0_WDATA0_REG, EFUSE_WR_DIS_BLK2 | EFUSE_RD_DIS_BLK2);
-        burn_efuses();
-        efuse_key_read_protected = true;
-        efuse_key_write_protected = true;
-
     } else {
         ESP_LOGW(TAG, "Using pre-loaded secure boot key in EFUSE block 2");
     }
 
+    /* Generate secure boot digest using programmed key in EFUSE */
     ESP_LOGI(TAG, "Generating secure boot digest...");
     uint32_t image_len = bootloader_data.image_len;
     if(bootloader_data.image.hash_appended) {
@@ -162,7 +161,28 @@ esp_err_t esp_secure_boot_permanently_enable(void) {
     }
     ESP_LOGI(TAG, "Digest generation complete.");
 
-#ifndef CONFIG_SECURE_BOOT_TEST_MODE
+    return ESP_OK;
+}
+
+esp_err_t esp_secure_boot_permanently_enable(void)
+{
+    if (esp_secure_boot_enabled()) {
+        ESP_LOGI(TAG, "bootloader secure boot is already enabled, continuing..");
+        return ESP_OK;
+    }
+
+    uint32_t dis_reg = REG_READ(EFUSE_BLK0_RDATA0_REG);
+    bool efuse_key_read_protected = dis_reg & EFUSE_RD_DIS_BLK2;
+    bool efuse_key_write_protected = dis_reg & EFUSE_WR_DIS_BLK2;
+    if (efuse_key_read_protected == false
+        && efuse_key_write_protected == false) {
+        ESP_LOGI(TAG, "Read & write protecting new key...");
+        REG_WRITE(EFUSE_BLK0_WDATA0_REG, EFUSE_WR_DIS_BLK2 | EFUSE_RD_DIS_BLK2);
+        burn_efuses();
+        efuse_key_read_protected = true;
+        efuse_key_write_protected = true;
+    }
+
     if (!efuse_key_read_protected) {
         ESP_LOGE(TAG, "Pre-loaded key is not read protected. Refusing to blow secure boot efuse.");
         return ESP_ERR_INVALID_STATE;
@@ -171,7 +191,6 @@ esp_err_t esp_secure_boot_permanently_enable(void) {
         ESP_LOGE(TAG, "Pre-loaded key is not write protected. Refusing to blow secure boot efuse.");
         return ESP_ERR_INVALID_STATE;
     }
-#endif
 
     ESP_LOGI(TAG, "blowing secure boot efuse...");
     ESP_LOGD(TAG, "before updating, EFUSE_BLK0_RDATA6 %x", REG_READ(EFUSE_BLK0_RDATA6_REG));
@@ -200,11 +219,9 @@ esp_err_t esp_secure_boot_permanently_enable(void) {
         ESP_LOGI(TAG, "secure boot is now enabled for bootloader image");
         return ESP_OK;
     } else {
-#ifdef CONFIG_SECURE_BOOT_TEST_MODE
-        ESP_LOGE(TAG, "secure boot not enabled due to test mode");
-#else
         ESP_LOGE(TAG, "secure boot not enabled for bootloader image, EFUSE_RD_ABS_DONE_0 is probably write protected!");
-#endif
         return ESP_ERR_INVALID_STATE;
     }
 }
+
+#endif // #ifdef BOOTLOADER_BUILD

components/bootloader_support/src/secure_boot_signatures.c

@@ -21,12 +21,7 @@
 
 #include "uECC.h"
 
-#ifdef BOOTLOADER_BUILD
-#include "rom/sha.h"
-typedef SHA_CTX sha_context;
-#else
-#include "hwcrypto/sha.h"
-#endif
+#include <sys/param.h>
 
 static const char* TAG = "secure_boot";
 
@@ -37,6 +32,9 @@ extern const uint8_t signature_verification_key_end[] asm("_binary_signature_ver
 
 #define DIGEST_LEN 32
 
+/* Mmap source address mask */
+#define MMAP_ALIGNED_MASK 0x0000FFFF
+
 esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
 {
     uint8_t digest[DIGEST_LEN];
@@ -45,26 +43,44 @@ esp_err_t esp_secure_boot_verify_signature(uint32_t src_addr, uint32_t length)
 
     ESP_LOGD(TAG, "verifying signature src_addr 0x%x length 0x%x", src_addr, length);
 
-    data = bootloader_mmap(src_addr, length + sizeof(esp_secure_boot_sig_block_t));
-    if(data == NULL) {
-        ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", src_addr, length+sizeof(esp_secure_boot_sig_block_t));
-        return ESP_FAIL;
+    bootloader_sha256_handle_t handle = bootloader_sha256_start();
+
+    uint32_t free_page_count = bootloader_mmap_get_free_pages();
+    ESP_LOGD(TAG, "free data page_count 0x%08x", free_page_count);
+
+    int32_t data_len_remain = length;
+    uint32_t data_addr = src_addr;
+    while (data_len_remain > 0) {
+        uint32_t offset_page = ((data_addr & MMAP_ALIGNED_MASK) != 0) ? 1 : 0;
+        /* Data we could map in case we are not aligned to PAGE boundary is one page size lesser. */
+        uint32_t data_len = MIN(data_len_remain, ((free_page_count - offset_page) * SPI_FLASH_MMU_PAGE_SIZE));
+        data = (const uint8_t *) bootloader_mmap(data_addr, data_len);
+        if(!data) {
+            ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", data_addr, data_len);
+            bootloader_sha256_finish(handle, NULL);
+            return ESP_FAIL;
+        }
+        bootloader_sha256_data(handle, data, data_len);
+        bootloader_munmap(data);
+
+        data_addr += data_len;
+        data_len_remain -= data_len;
     }
 
-    // Calculate digest of main image
-#ifdef BOOTLOADER_BUILD
-    bootloader_sha256_handle_t handle = bootloader_sha256_start();
-    bootloader_sha256_data(handle, data, length);
+    /* Done! Get the digest */
     bootloader_sha256_finish(handle, digest);
-#else
-    /* Use thread-safe esp-idf SHA function */
-    esp_sha(SHA2_256, data, length, digest);
-#endif
 
-    // Map the signature block and verify the signature
-    sigblock = (const esp_secure_boot_sig_block_t *)(data + length);
+    // Map the signature block
+    sigblock = (const esp_secure_boot_sig_block_t *) bootloader_mmap(src_addr + length, sizeof(esp_secure_boot_sig_block_t));
+    if(!sigblock) {
+        ESP_LOGE(TAG, "bootloader_mmap(0x%x, 0x%x) failed", src_addr + length, sizeof(esp_secure_boot_sig_block_t));
+        return ESP_FAIL;
+    }
+    // Verify the signature
     esp_err_t err = esp_secure_boot_verify_signature_block(sigblock, digest);
-    bootloader_munmap(data);
+    // Unmap
+    bootloader_munmap(sigblock);
+
     return err;
 }
 

components/bt/CMakeLists.txt

@@ -11,6 +11,7 @@ if(CONFIG_BT_ENABLED)
             bluedroid/bta/av/include
             bluedroid/bta/dm/include
             bluedroid/bta/gatt/include
+            bluedroid/bta/hf_client/include
             bluedroid/bta/hh/include
             bluedroid/bta/jv/include
             bluedroid/bta/sdp/include
@@ -93,6 +94,14 @@ if(CONFIG_BT_ENABLED)
                    "bluedroid/bta/jv/bta_jv_api.c"
                    "bluedroid/bta/jv/bta_jv_cfg.c"
                    "bluedroid/bta/jv/bta_jv_main.c"
+                   "bluedroid/bta/hf_client/bta_hf_client_act.c"
+                   "bluedroid/bta/hf_client/bta_hf_client_api.c"
+                   "bluedroid/bta/hf_client/bta_hf_client_at.c"
+                   "bluedroid/bta/hf_client/bta_hf_client_cmd.c"
+                   "bluedroid/bta/hf_client/bta_hf_client_main.c"
+                   "bluedroid/bta/hf_client/bta_hf_client_rfc.c"
+                   "bluedroid/bta/hf_client/bta_hf_client_sco.c"
+                   "bluedroid/bta/hf_client/bta_hf_client_sdp.c"
                    "bluedroid/bta/sdp/bta_sdp.c"
                    "bluedroid/bta/sdp/bta_sdp_act.c"
                    "bluedroid/bta/sdp/bta_sdp_api.c"
@@ -122,6 +131,8 @@ if(CONFIG_BT_ENABLED)
                    "bluedroid/btc/profile/std/a2dp/btc_a2dp_source.c"
                    "bluedroid/btc/profile/std/a2dp/btc_av.c"
                    "bluedroid/btc/profile/std/avrc/btc_avrc.c"
+                   "bluedroid/btc/profile/std/hf_client/btc_hf_client.c"
+                   "bluedroid/btc/profile/std/hf_client/bta_hf_client_co.c"
                    "bluedroid/btc/profile/std/gap/btc_gap_ble.c"
                    "bluedroid/btc/profile/std/gap/btc_gap_bt.c"
                    "bluedroid/btc/profile/std/gatt/btc_gatt_common.c"
@@ -272,7 +283,7 @@ if(CONFIG_BT_ENABLED)
 endif()
 
 # requirements can't depend on config
-set(COMPONENT_PRIV_REQUIRES nvs_flash)
+set(COMPONENT_PRIV_REQUIRES nvs_flash nimble)
 
 register_component()
 
@@ -281,6 +292,6 @@ if(CONFIG_BT_ENABLED)
         component_compile_options(-Wno-implicit-fallthrough -Wno-unused-const-variable)
     endif()
 
-    target_link_libraries(bt "-L${CMAKE_CURRENT_LIST_DIR}/lib")
-    target_link_libraries(bt btdm_app)
+    target_link_libraries(${COMPONENT_TARGET} "-L${CMAKE_CURRENT_LIST_DIR}/lib")
+    target_link_libraries(${COMPONENT_TARGET} btdm_app)
 endif()

components/bt/bluedroid/api/esp_bt_main.c

@@ -119,7 +119,7 @@ esp_err_t esp_bluedroid_init(void)
     future_t **future_p;
 
     if (esp_bt_controller_get_status() != ESP_BT_CONTROLLER_STATUS_ENABLED) {
-        LOG_ERROR("Conroller not initialised\n");
+        LOG_ERROR("Controller not initialised\n");
         return ESP_ERR_INVALID_STATE;
     }
 

components/bt/bluedroid/api/esp_gap_ble_api.c

@@ -449,6 +449,73 @@ esp_err_t esp_ble_gap_config_scan_rsp_data_raw(uint8_t *raw_data, uint32_t raw_d
 
 }
 
+esp_err_t esp_ble_gap_add_duplicate_scan_exceptional_device(esp_ble_duplicate_exceptional_info_type_t type, esp_duplicate_info_t device_info)
+{
+    btc_msg_t msg;
+    btc_ble_gap_args_t arg;
+
+    if (esp_bluedroid_get_status() != ESP_BLUEDROID_STATUS_ENABLED) {
+        return ESP_ERR_INVALID_STATE;
+    }
+    if (!device_info && type <= ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_MESH_LINK_ID) {
+        return ESP_ERR_INVALID_SIZE;
+    }
+    msg.sig = BTC_SIG_API_CALL;
+    msg.pid = BTC_PID_GAP_BLE;
+    msg.act = BTC_GAP_BLE_UPDATE_DUPLICATE_SCAN_EXCEPTIONAL_LIST;
+    arg.update_duplicate_exceptional_list.subcode = ESP_BLE_DUPLICATE_EXCEPTIONAL_LIST_ADD;
+    arg.update_duplicate_exceptional_list.info_type = type;
+    if (device_info) {
+        memcpy(arg.update_duplicate_exceptional_list.device_info, device_info, sizeof(esp_bd_addr_t));
+    }
+
+    return (btc_transfer_context(&msg, &arg, sizeof(btc_ble_gap_args_t), NULL)
+                == BT_STATUS_SUCCESS ? ESP_OK : ESP_FAIL);
+}
+
+esp_err_t esp_ble_gap_remove_duplicate_scan_exceptional_device(esp_ble_duplicate_exceptional_info_type_t type, esp_duplicate_info_t device_info)
+{
+    btc_msg_t msg;
+    btc_ble_gap_args_t arg;
+
+    if (esp_bluedroid_get_status() != ESP_BLUEDROID_STATUS_ENABLED) {
+        return ESP_ERR_INVALID_STATE;
+    }
+    if (!device_info && type <= ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_MESH_LINK_ID) {
+        return ESP_ERR_INVALID_SIZE;
+    }
+    msg.sig = BTC_SIG_API_CALL;
+    msg.pid = BTC_PID_GAP_BLE;
+    msg.act = BTC_GAP_BLE_UPDATE_DUPLICATE_SCAN_EXCEPTIONAL_LIST;
+    arg.update_duplicate_exceptional_list.subcode = ESP_BLE_DUPLICATE_EXCEPTIONAL_LIST_REMOVE;
+    arg.update_duplicate_exceptional_list.info_type = type;
+    if (device_info) {
+        memcpy(arg.update_duplicate_exceptional_list.device_info, device_info, sizeof(esp_bd_addr_t));
+    }
+
+    return (btc_transfer_context(&msg, &arg, sizeof(btc_ble_gap_args_t), NULL)
+                == BT_STATUS_SUCCESS ? ESP_OK : ESP_FAIL);
+}
+
+esp_err_t esp_ble_gap_clean_duplicate_scan_exceptional_list(esp_duplicate_scan_exceptional_list_type_t list_type)
+{
+    btc_msg_t msg;
+    btc_ble_gap_args_t arg;
+
+    if (esp_bluedroid_get_status() != ESP_BLUEDROID_STATUS_ENABLED) {
+        return ESP_ERR_INVALID_STATE;
+    }
+
+    msg.sig = BTC_SIG_API_CALL;
+    msg.pid = BTC_PID_GAP_BLE;
+    msg.act = BTC_GAP_BLE_UPDATE_DUPLICATE_SCAN_EXCEPTIONAL_LIST;
+    arg.update_duplicate_exceptional_list.subcode = ESP_BLE_DUPLICATE_EXCEPTIONAL_LIST_CLEAN;
+    arg.update_duplicate_exceptional_list.info_type = list_type;
+
+    return (btc_transfer_context(&msg, &arg, sizeof(btc_ble_gap_args_t), NULL)
+                == BT_STATUS_SUCCESS ? ESP_OK : ESP_FAIL);
+}
+
 #if (SMP_INCLUDED == TRUE)
 esp_err_t esp_ble_gap_set_security_param(esp_ble_sm_param_t param_type,
         void *value, uint8_t len)
@@ -598,6 +665,29 @@ esp_err_t esp_ble_get_bond_device_list(int *dev_num, esp_ble_bond_dev_t *dev_lis
 
     return (ret == BT_STATUS_SUCCESS ? ESP_OK : ESP_FAIL);
 }
+
+esp_err_t esp_ble_oob_req_reply(esp_bd_addr_t bd_addr, uint8_t *TK, uint8_t len)
+{
+    if(len != ESP_BT_OCTET16_LEN) {
+        return ESP_ERR_INVALID_ARG;
+    }
+
+    btc_msg_t msg;
+    btc_ble_gap_args_t arg;
+
+    ESP_BLUEDROID_STATUS_CHECK(ESP_BLUEDROID_STATUS_ENABLED);
+
+    msg.sig = BTC_SIG_API_CALL;
+    msg.pid = BTC_PID_GAP_BLE;
+    msg.act = BTC_GAP_BLE_OOB_REQ_REPLY_EVT;
+    memcpy(arg.oob_req_reply.bd_addr, bd_addr, ESP_BD_ADDR_LEN);
+    arg.oob_req_reply.len = len;
+    arg.oob_req_reply.p_value = TK;
+
+    return (btc_transfer_context(&msg, &arg, sizeof(btc_ble_gap_args_t), btc_gap_ble_arg_deep_copy)
+            == BT_STATUS_SUCCESS ? ESP_OK : ESP_FAIL);
+}
+
 #endif /* #if (SMP_INCLUDED == TRUE) */
 
 esp_err_t esp_ble_gap_disconnect(esp_bd_addr_t remote_device)

components/bt/bluedroid/api/include/api/esp_gap_ble_api.h

@@ -54,6 +54,7 @@ typedef uint8_t esp_ble_key_type_t;
 #define ESP_LE_AUTH_NO_BOND                 0x00                                     /*!< 0*/                     /* relate to BTM_LE_AUTH_NO_BOND in stack/btm_api.h */
 #define ESP_LE_AUTH_BOND                    0x01                                     /*!< 1 << 0 */               /* relate to BTM_LE_AUTH_BOND in stack/btm_api.h */
 #define ESP_LE_AUTH_REQ_MITM                (1 << 2)                                 /*!< 1 << 2 */               /* relate to BTM_LE_AUTH_REQ_MITM in stack/btm_api.h */
+#define ESP_LE_AUTH_REQ_BOND_MITM           (ESP_LE_AUTH_BOND | ESP_LE_AUTH_REQ_MITM)/*!< 0101*/
 #define ESP_LE_AUTH_REQ_SC_ONLY             (1 << 3)                                 /*!< 1 << 3 */               /* relate to BTM_LE_AUTH_REQ_SC_ONLY in stack/btm_api.h */
 #define ESP_LE_AUTH_REQ_SC_BOND             (ESP_LE_AUTH_BOND | ESP_LE_AUTH_REQ_SC_ONLY)            /*!< 1001 */  /* relate to BTM_LE_AUTH_REQ_SC_BOND in stack/btm_api.h */
 #define ESP_LE_AUTH_REQ_SC_MITM             (ESP_LE_AUTH_REQ_MITM | ESP_LE_AUTH_REQ_SC_ONLY)        /*!< 1100 */  /* relate to BTM_LE_AUTH_REQ_SC_MITM in stack/btm_api.h */
@@ -63,6 +64,9 @@ typedef uint8_t   esp_ble_auth_req_t;         /*!< combination of the above bit
 #define ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_DISABLE 0
 #define ESP_BLE_ONLY_ACCEPT_SPECIFIED_AUTH_ENABLE  1
 
+#define ESP_BLE_OOB_DISABLE 0
+#define ESP_BLE_OOB_ENABLE  1
+
 /* relate to BTM_IO_CAP_xxx in stack/btm_api.h */
 #define ESP_IO_CAP_OUT                      0   /*!< DisplayOnly */         /* relate to BTM_IO_CAP_OUT in stack/btm_api.h */
 #define ESP_IO_CAP_IO                       1   /*!< DisplayYesNo */        /* relate to BTM_IO_CAP_IO in stack/btm_api.h */
@@ -161,6 +165,7 @@ typedef enum {
     ESP_GAP_BLE_GET_BOND_DEV_COMPLETE_EVT,                  /*!< When get the bond device list complete, the event comes */
     ESP_GAP_BLE_READ_RSSI_COMPLETE_EVT,                     /*!< When read the rssi complete, the event comes */
     ESP_GAP_BLE_UPDATE_WHITELIST_COMPLETE_EVT,              /*!< When add or remove whitelist complete, the event comes */
+    ESP_GAP_BLE_UPDATE_DUPLICATE_EXCEPTIONAL_LIST_COMPLETE_EVT,  /*!< When update duplicate exceptional list complete, the event comes */
     ESP_GAP_BLE_EVT_MAX,
 } esp_gap_ble_cb_event_t;
 /// This is the old name, just for backwards compatibility
@@ -262,14 +267,26 @@ typedef enum {
 
 typedef enum {
     ESP_BLE_SM_PASSKEY = 0,
+    /* Authentication requirements of local device */
     ESP_BLE_SM_AUTHEN_REQ_MODE,
+    /* The IO capability of local device */
     ESP_BLE_SM_IOCAP_MODE,
+    /* Initiator Key Distribution/Generation */
     ESP_BLE_SM_SET_INIT_KEY,
+    /* Responder Key Distribution/Generation */
     ESP_BLE_SM_SET_RSP_KEY,
+    /* Maximum Encryption key size to support */
     ESP_BLE_SM_MAX_KEY_SIZE,
+    /* Minimum Encryption key size requirement from Peer */
+    ESP_BLE_SM_MIN_KEY_SIZE,
+    /* Set static Passkey */
     ESP_BLE_SM_SET_STATIC_PASSKEY,
+    /* Reset static Passkey */
     ESP_BLE_SM_CLEAR_STATIC_PASSKEY,
+    /* Accept only specified SMP Authentication requirement */
     ESP_BLE_SM_ONLY_ACCEPT_SPECIFIED_SEC_AUTH,
+    /* Enable/Disable OOB support */
+    ESP_BLE_SM_OOB_SUPPORT,
     ESP_BLE_SM_MAX_PARAM,
 } esp_ble_sm_param_t;
 
@@ -552,6 +569,7 @@ typedef enum {
     ESP_GAP_SEARCH_DISC_CMPL_EVT           = 4,      /*!< Discovery complete. */
     ESP_GAP_SEARCH_DI_DISC_CMPL_EVT        = 5,      /*!< Discovery complete. */
     ESP_GAP_SEARCH_SEARCH_CANCEL_CMPL_EVT  = 6,      /*!< Search cancelled */
+    ESP_GAP_SEARCH_INQ_DISCARD_NUM_EVT     = 7,      /*!< The number of pkt discarded by flow control */
 } esp_gap_search_evt_t;
 
 /**
@@ -570,6 +588,34 @@ typedef enum{
     ESP_BLE_WHITELIST_REMOVE     = 0X00,    /*!< remove mac from whitelist */
     ESP_BLE_WHITELIST_ADD        = 0X01,    /*!< add address to whitelist */
 }esp_ble_wl_opration_t;
+
+typedef enum {
+    ESP_BLE_DUPLICATE_EXCEPTIONAL_LIST_ADD      = 0,  /*!< Add device info into duplicate scan exceptional list */
+    ESP_BLE_DUPLICATE_EXCEPTIONAL_LIST_REMOVE,        /*!< Remove device info from duplicate scan exceptional list */
+    ESP_BLE_DUPLICATE_EXCEPTIONAL_LIST_CLEAN,         /*!< Clean duplicate scan exceptional list */
+} esp_bt_duplicate_exceptional_subcode_type_t;
+
+#define BLE_BIT(n) (1UL<<(n))
+
+typedef enum {
+    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_ADV_ADDR       = 0,  /*!< BLE advertising address , device info will be added into ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_ADDR_LIST */
+    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_MESH_LINK_ID,        /*!< BLE mesh link ID, it is for BLE mesh, device info will be added into ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_MESH_LINK_ID_LIST */
+    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_MESH_BEACON_TYPE,    /*!< BLE mesh beacon AD type, the format is | Len | 0x2B | Beacon Type | Beacon Data | */
+    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_MESH_PROV_SRV_ADV,   /*!< BLE mesh provisioning service uuid, the format is | 0x02 | 0x01 | flags | 0x03 | 0x03 | 0x1827 | .... |` */
+    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_INFO_MESH_PROXY_SRV_ADV,  /*!< BLE mesh adv with proxy service uuid, the format is | 0x02 | 0x01 | flags | 0x03 | 0x03 | 0x1828 | .... |` */
+} esp_ble_duplicate_exceptional_info_type_t;
+
+typedef enum {
+    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_ADDR_LIST                  = BLE_BIT(0),             /*!< duplicate scan exceptional addr list */
+    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_MESH_LINK_ID_LIST          = BLE_BIT(1),             /*!< duplicate scan exceptional mesh link ID list */
+    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_MESH_BEACON_TYPE_LIST      = BLE_BIT(2),             /*!< duplicate scan exceptional mesh beacon type list */
+    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_MESH_PROV_SRV_ADV_LIST     = BLE_BIT(3),             /*!< duplicate scan exceptional mesh adv with provisioning service uuid */
+    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_MESH_PROXY_SRV_ADV_LIST    = BLE_BIT(4),             /*!< duplicate scan exceptional mesh adv with provisioning service uuid */
+    ESP_BLE_DUPLICATE_SCAN_EXCEPTIONAL_ALL_LIST                   = 0xFFFF,                 /*!< duplicate scan exceptional all list */
+} esp_duplicate_scan_exceptional_list_type_t;
+
+typedef uint8_t esp_duplicate_info_t[ESP_BD_ADDR_LEN];
+
 /**
  * @brief Gap callback parameters union
  */
@@ -607,6 +653,7 @@ typedef union {
         int num_resps;                              /*!< Scan result number */
         uint8_t adv_data_len;                       /*!< Adv data length */
         uint8_t scan_rsp_len;                       /*!< Scan response length */
+        uint32_t num_dis;                          /*!< The number of discard packets */
     } scan_rst;                                     /*!< Event parameter of ESP_GAP_BLE_SCAN_RESULT_EVT */
     /**
      * @brief ESP_GAP_BLE_ADV_DATA_RAW_SET_COMPLETE_EVT
@@ -715,6 +762,15 @@ typedef union {
         esp_bt_status_t status;                     /*!< Indicate the add or remove whitelist operation success status */
         esp_ble_wl_opration_t wl_opration;          /*!< The value is ESP_BLE_WHITELIST_ADD if add address to whitelist operation success, ESP_BLE_WHITELIST_REMOVE if remove address from the whitelist operation success */
     } update_whitelist_cmpl;                        /*!< Event parameter of ESP_GAP_BLE_UPDATE_WHITELIST_COMPLETE_EVT */
+    /**
+     * @brief ESP_GAP_BLE_UPDATE_DUPLICATE_EXCEPTIONAL_LIST_COMPLETE_EVT
+     */
+    struct ble_update_duplicate_exceptional_list_cmpl_evt_param {
+        esp_bt_status_t status;                     /*!< Indicate update duplicate scan exceptional list operation success status */
+        uint8_t         subcode;                    /*!< Define in esp_bt_duplicate_exceptional_subcode_type_t */
+        uint16_t         length;                     /*!< The length of device_info */
+        esp_duplicate_info_t device_info;           /*!< device information, when subcode is ESP_BLE_DUPLICATE_EXCEPTIONAL_LIST_CLEAN, the value is invalid */
+    } update_duplicate_exceptional_list_cmpl;       /*!< Event parameter of ESP_GAP_BLE_UPDATE_DUPLICATE_EXCEPTIONAL_LIST_COMPLETE_EVT */
 } esp_ble_gap_cb_param_t;
 
 /**
@@ -1007,6 +1063,45 @@ esp_err_t esp_ble_gap_config_scan_rsp_data_raw(uint8_t *raw_data, uint32_t raw_d
  */
 esp_err_t esp_ble_gap_read_rssi(esp_bd_addr_t remote_addr);
 
+/**
+ * @brief           This function is called to add a device info into the duplicate scan exceptional list.
+ *
+ *
+ * @param[in]       type: device info type, it is defined in esp_ble_duplicate_exceptional_info_type_t
+ *                  when type is MESH_BEACON_TYPE, MESH_PROV_SRV_ADV or MESH_PROXY_SRV_ADV , device_info is invalid.
+ * @param[in]       device_info: the device information.
+ * @return
+ *                  - ESP_OK : success
+ *                  - other  : failed
+ */
+esp_err_t esp_ble_gap_add_duplicate_scan_exceptional_device(esp_ble_duplicate_exceptional_info_type_t type, esp_duplicate_info_t device_info);
+
+/**
+ * @brief           This function is called to remove a device info from the duplicate scan exceptional list.
+ *
+ *
+ * @param[in]       type: device info type, it is defined in esp_ble_duplicate_exceptional_info_type_t
+ *                  when type is MESH_BEACON_TYPE, MESH_PROV_SRV_ADV or MESH_PROXY_SRV_ADV , device_info is invalid.
+ * @param[in]       device_info: the device information.
+ * @return
+ *                  - ESP_OK : success
+ *                  - other  : failed
+ */
+esp_err_t esp_ble_gap_remove_duplicate_scan_exceptional_device(esp_ble_duplicate_exceptional_info_type_t type, esp_duplicate_info_t device_info);
+
+/**
+ * @brief           This function is called to clean the duplicate scan exceptional list.
+ *                  This API will delete all device information in the duplicate scan exceptional list.
+ *
+ *
+ * @param[in]       list_type: duplicate scan exceptional list type, the value can be one or more of esp_duplicate_scan_exceptional_list_type_t.
+ *
+ * @return
+ *                  - ESP_OK : success
+ *                  - other  : failed
+ */
+esp_err_t esp_ble_gap_clean_duplicate_scan_exceptional_list(esp_duplicate_scan_exceptional_list_type_t list_type);
+
 #if (SMP_INCLUDED == TRUE)
 /**
 * @brief             Set a GAP security parameter value. Overrides the default value.
@@ -1066,7 +1161,7 @@ esp_err_t esp_ble_passkey_reply(esp_bd_addr_t bd_addr, bool accept, uint32_t pas
 
 
 /**
-* @brief           Reply the confirm value to the peer device in the legacy connection stage.
+* @brief           Reply the confirm value to the peer device in the secure connection stage.
 *
 * @param[in]       bd_addr : BD address of the peer device
 * @param[in]       accept : numbers to compare are the same or different.
@@ -1115,6 +1210,20 @@ int esp_ble_get_bond_device_num(void);
 */
 esp_err_t esp_ble_get_bond_device_list(int *dev_num, esp_ble_bond_dev_t *dev_list);
 
+/**
+* @brief           This function is called to provide the OOB data for
+*                  SMP in response to ESP_GAP_BLE_OOB_REQ_EVT
+*
+* @param[in]       bd_addr: BD address of the peer device.
+* @param[in]       TK: TK value, the TK value shall be a 128-bit random number
+* @param[in]       len: length of tk, should always be 128-bit
+*
+* @return          - ESP_OK : success
+*                  - other  : failed
+*
+*/
+esp_err_t esp_ble_oob_req_reply(esp_bd_addr_t bd_addr, uint8_t *TK, uint8_t len);
+
 #endif /* #if (SMP_INCLUDED == TRUE) */
 
 /**

components/bt/bluedroid/bta/av/bta_av_aact.c

@@ -1293,9 +1293,10 @@ void bta_av_setconfig_rsp (tBTA_AV_SCB *p_scb, tBTA_AV_DATA *p_data)
             /* if SBC is used by the SNK as INT, discover req is not sent in bta_av_config_ind.
                        * call disc_res now */
             /* this is called in A2DP SRC path only, In case of SINK we don't need it  */
-            if (local_sep == AVDT_TSEP_SRC)
+            if (local_sep == AVDT_TSEP_SRC) {
                 p_scb->p_cos->disc_res(p_scb->hndl, num, num, 0, p_scb->peer_addr,
                                        UUID_SERVCLASS_AUDIO_SOURCE);
+            }
         } else {
             /* we do not know the peer device and it is using non-SBC codec
              * we need to know all the SEPs on SNK */

components/bt/bluedroid/bta/av/bta_av_act.c

@@ -829,10 +829,11 @@ void bta_av_rc_msg(tBTA_AV_CB *p_cb, tBTA_AV_DATA *p_data)
             if (p_data->rc_msg.msg.pass.op_id == AVRC_ID_VENDOR) {
                 p_data->rc_msg.msg.hdr.ctype = BTA_AV_RSP_NOT_IMPL;
 #if (AVRC_METADATA_INCLUDED == TRUE)
-                if (p_cb->features & BTA_AV_FEAT_METADATA)
+                if (p_cb->features & BTA_AV_FEAT_METADATA) {
                     p_data->rc_msg.msg.hdr.ctype =
                         bta_av_group_navi_supported(p_data->rc_msg.msg.pass.pass_len,
                                                     p_data->rc_msg.msg.pass.p_pass_data, is_inquiry);
+                }
 #endif
             } else {
                 p_data->rc_msg.msg.hdr.ctype = bta_av_op_supported(p_data->rc_msg.msg.pass.op_id, is_inquiry);
@@ -890,7 +891,9 @@ void bta_av_rc_msg(tBTA_AV_CB *p_cb, tBTA_AV_DATA *p_data)
                 evt = bta_av_proc_meta_cmd (&rc_rsp, &p_data->rc_msg, &ctype);
             } else
 #endif
+            {
                 evt = BTA_AV_VENDOR_CMD_EVT;
+            }
         }
         /* else if configured to support vendor specific and it's a response */
         else if ((p_cb->features & BTA_AV_FEAT_VENDOR) &&
@@ -902,7 +905,9 @@ void bta_av_rc_msg(tBTA_AV_CB *p_cb, tBTA_AV_DATA *p_data)
                 evt = BTA_AV_META_MSG_EVT;
             } else
 #endif
+            {
                 evt = BTA_AV_VENDOR_RSP_EVT;
+            }
 
         }
         /* else if not configured to support vendor specific and it's a command */

components/bt/bluedroid/bta/av/bta_av_main.c

@@ -1268,7 +1268,7 @@ BOOLEAN bta_av_hdl_event(BT_HDR *p_msg)
 ** Returns          char *
 **
 *******************************************************************************/
-static char *bta_av_st_code(UINT8 state)
+UNUSED_ATTR static char *bta_av_st_code(UINT8 state)
 {
     switch (state) {
     case BTA_AV_INIT_ST: return "INIT";

components/bt/bluedroid/bta/av/bta_av_ssm.c

@@ -28,6 +28,7 @@
 #include <string.h>
 #include "bta/bta_av_co.h"
 #include "bta_av_int.h"
+#include "osi/osi.h"
 
 /*****************************************************************************
 ** Constants and types
@@ -564,7 +565,7 @@ void bta_av_set_scb_sst_incoming (tBTA_AV_SCB *p_scb)
 ** Returns          char *
 **
 *******************************************************************************/
-static char *bta_av_sst_code(UINT8 state)
+UNUSED_ATTR static char *bta_av_sst_code(UINT8 state)
 {
     switch (state) {
     case BTA_AV_INIT_SST: return "INIT";

components/bt/bluedroid/bta/dm/bta_dm_act.c

@@ -127,6 +127,7 @@ static void bta_dm_remove_sec_dev_entry(BD_ADDR remote_bd_addr);
 #endif  ///SMP_INCLUDED == TRUE
 static void bta_dm_observe_results_cb(tBTM_INQ_RESULTS *p_inq, UINT8 *p_eir);
 static void bta_dm_observe_cmpl_cb(void *p_result);
+static void bta_dm_observe_discard_cb (uint32_t num_dis);
 static void bta_dm_delay_role_switch_cback(TIMER_LIST_ENT *p_tle);
 extern void sdpu_uuid16_to_uuid128(UINT16 uuid16, UINT8 *p_uuid128);
 static void bta_dm_disable_timer_cback(TIMER_LIST_ENT *p_tle);
@@ -635,13 +636,15 @@ void bta_dm_set_visibility(tBTA_DM_MSG *p_data)
 
     /* set modes for Discoverability and connectability if not ignore */
     if (p_data->set_visibility.disc_mode != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) {
-        if ((p_data->set_visibility.disc_mode & BTA_DM_LE_IGNORE) == BTA_DM_LE_IGNORE)
+        if ((p_data->set_visibility.disc_mode & BTA_DM_LE_IGNORE) == BTA_DM_LE_IGNORE) {
             p_data->set_visibility.disc_mode =
                 ((p_data->set_visibility.disc_mode & ~BTA_DM_LE_IGNORE) | le_disc_mode);
+        }
 
-        if ((p_data->set_visibility.disc_mode & BTA_DM_IGNORE) == BTA_DM_IGNORE)
+        if ((p_data->set_visibility.disc_mode & BTA_DM_IGNORE) == BTA_DM_IGNORE) {
             p_data->set_visibility.disc_mode =
                 ((p_data->set_visibility.disc_mode & ~BTA_DM_IGNORE) | disc_mode);
+        }
 
         BTM_SetDiscoverability(p_data->set_visibility.disc_mode,
                                bta_dm_cb.inquiry_scan_window,
@@ -649,13 +652,15 @@ void bta_dm_set_visibility(tBTA_DM_MSG *p_data)
     }
 
     if (p_data->set_visibility.conn_mode != (BTA_DM_IGNORE | BTA_DM_LE_IGNORE)) {
-        if ((p_data->set_visibility.conn_mode & BTA_DM_LE_IGNORE) == BTA_DM_LE_IGNORE)
+        if ((p_data->set_visibility.conn_mode & BTA_DM_LE_IGNORE) == BTA_DM_LE_IGNORE) {
             p_data->set_visibility.conn_mode =
                 ((p_data->set_visibility.conn_mode & ~BTA_DM_LE_IGNORE) | le_conn_mode);
+        }
 
-        if ((p_data->set_visibility.conn_mode & BTA_DM_IGNORE) == BTA_DM_IGNORE)
+        if ((p_data->set_visibility.conn_mode & BTA_DM_IGNORE) == BTA_DM_IGNORE) {
             p_data->set_visibility.conn_mode =
                 ((p_data->set_visibility.conn_mode & ~BTA_DM_IGNORE) | conn_mode);
+        }
 
         BTM_SetConnectability(p_data->set_visibility.conn_mode,
                               bta_dm_cb.page_scan_window,
@@ -1150,6 +1155,21 @@ void bta_dm_loc_oob(tBTA_DM_MSG *p_data)
     BTM_ReadLocalOobData();
 }
 
+/*******************************************************************************
+**
+** Function         bta_dm_oob_reply
+**
+** Description      This function is called to provide the OOB data for
+**                  SMP in response to BLE OOB request.
+**
+** Returns          void
+**
+*******************************************************************************/
+void bta_dm_oob_reply(tBTA_DM_MSG *p_data)
+{
+    BTM_BleOobDataReply(p_data->oob_reply.bd_addr, BTM_SUCCESS, p_data->oob_reply.len, p_data->oob_reply.value);
+}
+
 /*******************************************************************************
 **
 ** Function         bta_dm_ci_io_req_act
@@ -1885,10 +1905,12 @@ void bta_dm_disc_result (tBTA_DM_MSG *p_data)
 
 #if BLE_INCLUDED == TRUE && BTA_GATT_INCLUDED == TRUE
     /* if any BR/EDR service discovery has been done, report the event */
-    if ((bta_dm_search_cb.services & ((BTA_ALL_SERVICE_MASK | BTA_USER_SERVICE_MASK ) & ~BTA_BLE_SERVICE_MASK)))
-#endif
+    if ((bta_dm_search_cb.services & ((BTA_ALL_SERVICE_MASK | BTA_USER_SERVICE_MASK ) & ~BTA_BLE_SERVICE_MASK))) {
         bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT, &p_data->disc_result.result);
-
+    }
+#else
+    bta_dm_search_cb.p_search_cback(BTA_DM_DISC_RES_EVT, &p_data->disc_result.result);
+#endif
     tBTA_DM_MSG *p_msg = (tBTA_DM_MSG *) osi_malloc(sizeof(tBTA_DM_MSG));
 
     /* send a message to change state */
@@ -2154,9 +2176,10 @@ static void bta_dm_find_services ( BD_ADDR bd_addr)
                         }
 
                         /* last one? clear the BLE service bit if all discovery has been done */
-                        if (bta_dm_search_cb.uuid_to_search == 0)
+                        if (bta_dm_search_cb.uuid_to_search == 0) {
                             bta_dm_search_cb.services_to_search &=
                                 (tBTA_SERVICE_MASK)(~(BTA_SERVICE_ID_TO_SERVICE_MASK(bta_dm_search_cb.service_index)));
+                        }
 
                     } else
 #endif
@@ -3639,11 +3662,11 @@ static char *bta_dm_get_remname(void)
     char *p_temp;
 
     /* If the name isn't already stored, try retrieving from BTM */
-    if (*p_name == '\0')
+    if (*p_name == '\0') {
         if ((p_temp = BTM_SecReadDevName(bta_dm_search_cb.peer_bdaddr)) != NULL) {
             p_name = p_temp;
         }
-
+    }
     return p_name;
 }
 #endif  ///SDP_INCLUDED == TRUE || SMP_INCLUDED == TRUE
@@ -4258,6 +4281,28 @@ static void bta_dm_observe_cmpl_cb (void *p_result)
     }
 }
 
+/*******************************************************************************
+**
+** Function         bta_dm_observe_discard_cb
+**
+** Description      Callback for BLE Observe lost
+**
+**
+** Returns          void
+**
+*******************************************************************************/
+static void bta_dm_observe_discard_cb (uint32_t num_dis)
+{
+    tBTA_DM_SEARCH  data;
+
+    APPL_TRACE_DEBUG("bta_dm_observe_discard_cb");
+
+    data.inq_dis.num_dis = num_dis;
+    if (bta_dm_search_cb.p_scan_cback) {
+        bta_dm_search_cb.p_scan_cback(BTA_DM_INQ_DISCARD_NUM_EVT, &data);
+    }
+}
+
 #if (SMP_INCLUDED == TRUE)
 /*******************************************************************************
 **
@@ -4592,14 +4637,25 @@ void bta_dm_ble_set_scan_params(tBTA_DM_MSG *p_data)
 *******************************************************************************/
 void bta_dm_ble_set_scan_fil_params(tBTA_DM_MSG *p_data)
 {
-    BTM_BleSetScanFilterParams (p_data->ble_set_scan_fil_params.client_if,
+    tBTA_STATUS status = BTA_FAILURE;
+
+    if (BTM_BleSetScanFilterParams (p_data->ble_set_scan_fil_params.client_if,
                                 p_data->ble_set_scan_fil_params.scan_int,
                                 p_data->ble_set_scan_fil_params.scan_window,
                                 p_data->ble_set_scan_fil_params.scan_mode,
                                 p_data->ble_set_scan_fil_params.addr_type_own,
                                 p_data->ble_set_scan_fil_params.scan_duplicate_filter,
                                 p_data->ble_set_scan_fil_params.scan_filter_policy,
-                                p_data->ble_set_scan_fil_params.scan_param_setup_cback);
+                                p_data->ble_set_scan_fil_params.scan_param_setup_cback) == BTM_SUCCESS) {
+        status = BTA_SUCCESS;
+
+    } else {
+        APPL_TRACE_ERROR("%s(), fail to set scan params.", __func__);
+    }
+    if (p_data->ble_set_scan_fil_params.scan_param_setup_cback != NULL) {
+        p_data->ble_set_scan_fil_params.scan_param_setup_cback(p_data->ble_set_scan_fil_params.client_if, status);
+    }
+
 }
 
 
@@ -4789,7 +4845,7 @@ void bta_dm_ble_scan (tBTA_DM_MSG *p_data)
         bta_dm_search_cb.p_scan_cback = p_data->ble_scan.p_cback;
 
         if ((status = BTM_BleScan(TRUE, p_data->ble_scan.duration,
-                                     bta_dm_observe_results_cb, bta_dm_observe_cmpl_cb)) != BTM_CMD_STARTED) {
+                                     bta_dm_observe_results_cb, bta_dm_observe_cmpl_cb, bta_dm_observe_discard_cb)) != BTM_CMD_STARTED) {
             APPL_TRACE_WARNING(" %s start scan failed. status=0x%x\n", __FUNCTION__, status);
         }
 
@@ -4799,7 +4855,7 @@ void bta_dm_ble_scan (tBTA_DM_MSG *p_data)
         }
     } else {
         bta_dm_search_cb.p_scan_cback = NULL;
-        status = BTM_BleScan(FALSE, 0, NULL, NULL);
+        status = BTM_BleScan(FALSE, 0, NULL, NULL, NULL);
 
         if (status != BTM_CMD_STARTED){
             APPL_TRACE_WARNING(" %s stop scan failed, status=0x%x\n", __FUNCTION__, status);
@@ -4842,7 +4898,8 @@ void bta_dm_ble_set_adv_params (tBTA_DM_MSG *p_data)
 *******************************************************************************/
 void bta_dm_ble_set_adv_params_all  (tBTA_DM_MSG *p_data)
 {
-    if (BTM_BleSetAdvParamsStartAdv(p_data->ble_set_adv_params_all.adv_int_min,
+    tBTA_STATUS status = BTA_FAILURE;
+    if (BTM_BleSetAdvParamsAll(p_data->ble_set_adv_params_all.adv_int_min,
                                 p_data->ble_set_adv_params_all.adv_int_max,
                                 p_data->ble_set_adv_params_all.adv_type,
                                 p_data->ble_set_adv_params_all.addr_type_own,
@@ -4850,10 +4907,36 @@ void bta_dm_ble_set_adv_params_all  (tBTA_DM_MSG *p_data)
                                 p_data->ble_set_adv_params_all.channel_map,
                                 p_data->ble_set_adv_params_all.adv_filter_policy,
                                 p_data->ble_set_adv_params_all.p_start_adv_cback) == BTM_SUCCESS) {
-        APPL_TRACE_DEBUG("%s(), success to start ble adv.", __func__);
+        APPL_TRACE_DEBUG("%s(), success to set ble adv params.", __func__);
     } else {
-        APPL_TRACE_ERROR("%s(), fail to start ble adv.", __func__);
+        APPL_TRACE_ERROR("%s(), fail to set ble adv params.", __func__);
+        if(p_data->ble_set_adv_params_all.p_start_adv_cback) {
+            (*p_data->ble_set_adv_params_all.p_start_adv_cback)(status);
+        }
+        return;
     }
+    if(BTM_BleStartAdv() == BTM_SUCCESS) {
+        status = BTA_SUCCESS;
+    }
+    if(p_data->ble_set_adv_params_all.p_start_adv_cback) {
+        (*p_data->ble_set_adv_params_all.p_start_adv_cback)(status);
+    }
+}
+
+/*******************************************************************************
+**
+** Function         bta_dm_ble_update_duplicate_exceptional_list
+**
+** Description      This function is to update duplicate scan exceptional list
+**
+**
+*******************************************************************************/
+void bta_dm_ble_update_duplicate_exceptional_list(tBTA_DM_MSG *p_data)
+{
+    BTM_UpdateBleDuplicateExceptionalList(p_data->ble_duplicate_exceptional_list.subcode,
+                                          p_data->ble_duplicate_exceptional_list.type,
+                                          p_data->ble_duplicate_exceptional_list.device_info,
+                                          p_data->ble_duplicate_exceptional_list.exceptional_list_cb);
 }
 
 /*******************************************************************************
@@ -4879,6 +4962,29 @@ void bta_dm_ble_set_adv_config (tBTA_DM_MSG *p_data)
     }
 }
 
+/*******************************************************************************
+**
+** Function         bta_dm_ble_set_long_adv
+**
+** Description      This function set the long ADV data
+**
+** Parameters:
+**
+*******************************************************************************/
+void bta_dm_ble_set_long_adv (tBTA_DM_MSG *p_data)
+{
+    tBTA_STATUS status = BTA_FAILURE;
+
+    if (BTM_BleWriteLongAdvData(p_data->ble_set_long_adv_data.adv_data,
+                                p_data->ble_set_long_adv_data.adv_data_len) == BTM_SUCCESS) {
+        status = BTA_SUCCESS;
+    }
+
+    if (p_data->ble_set_adv_data.p_adv_data_cback) {
+        (*p_data->ble_set_adv_data.p_adv_data_cback)(status);
+    }
+}
+
 /*******************************************************************************
 **
 ** Function         bta_dm_ble_set_adv_config_raw
@@ -4994,16 +5100,17 @@ void bta_dm_ble_set_data_length(tBTA_DM_MSG *p_data)
 *******************************************************************************/
 void bta_dm_ble_broadcast (tBTA_DM_MSG *p_data)
 {
-    tBTM_STATUS status = 0;
+    tBTA_STATUS status = BTA_FAILURE;
     BOOLEAN start = p_data->ble_observe.start;
 
-    status = BTM_BleBroadcast(start, p_data->ble_observe.p_stop_adv_cback);
+    if (BTM_BleBroadcast(start, p_data->ble_observe.p_stop_adv_cback) == BTM_SUCCESS) {
+        status = BTA_SUCCESS;
+    } else {
+        APPL_TRACE_ERROR("%s failed\n", __FUNCTION__);
+    }
 
     if (p_data->ble_observe.p_stop_adv_cback){
-        if (status != BTM_SUCCESS){
-            APPL_TRACE_WARNING("%s, %s, status=0x%x\n", __func__,\
-                    (start == TRUE) ? "start adv failed" : "stop adv failed", status);
-        }
+        (*p_data->ble_observe.p_stop_adv_cback)(status);
     }
 
 }
@@ -5142,9 +5249,10 @@ void bta_dm_ble_setup_storage (tBTA_DM_MSG *p_data)
                                              p_data->ble_set_storage.ref_value);
     }
 
-    if (BTM_CMD_STARTED != btm_status)
+    if (BTM_CMD_STARTED != btm_status) {
         bta_ble_scan_setup_cb(BTM_BLE_BATCH_SCAN_CFG_STRG_EVT, p_data->ble_set_storage.ref_value,
                               btm_status);
+    }
 }
 
 /*******************************************************************************
@@ -5172,9 +5280,10 @@ void bta_dm_ble_enable_batch_scan (tBTA_DM_MSG *p_data)
                                             p_data->ble_enable_scan.ref_value);
     }
 
-    if (BTM_CMD_STARTED != btm_status)
+    if (BTM_CMD_STARTED != btm_status) {
         bta_ble_scan_setup_cb(BTM_BLE_BATCH_SCAN_ENABLE_EVT, p_data->ble_enable_scan.ref_value,
                               btm_status);
+    }
 }
 
 /*******************************************************************************
@@ -5198,9 +5307,10 @@ void bta_dm_ble_disable_batch_scan (tBTA_DM_MSG *p_data)
         btm_status = BTM_BleDisableBatchScan(p_data->ble_disable_scan.ref_value);
     }
 
-    if (BTM_CMD_STARTED != btm_status)
+    if (BTM_CMD_STARTED != btm_status) {
         bta_ble_scan_setup_cb(BTM_BLE_BATCH_SCAN_DISABLE_EVT, p_data->ble_enable_scan.ref_value,
                               btm_status);
+    }
 }
 
 /*******************************************************************************
@@ -5224,9 +5334,10 @@ void bta_dm_ble_read_scan_reports(tBTA_DM_MSG *p_data)
                                             p_data->ble_read_reports.ref_value);
     }
 
-    if (BTM_CMD_STARTED != btm_status)
+    if (BTM_CMD_STARTED != btm_status) {
         bta_ble_scan_setup_cb(BTM_BLE_BATCH_SCAN_READ_REPTS_EVT, p_data->ble_enable_scan.ref_value,
                               btm_status);
+    }
 }
 
 /*******************************************************************************
@@ -5356,10 +5467,11 @@ void bta_dm_cfg_filter_cond (tBTA_DM_MSG *p_data)
         }
     }
 
-    if (p_data->ble_cfg_filter_cond.p_filt_cfg_cback)
+    if (p_data->ble_cfg_filter_cond.p_filt_cfg_cback) {
         p_data->ble_cfg_filter_cond.p_filt_cfg_cback(BTA_DM_BLE_PF_CONFIG_EVT,
                 p_data->ble_cfg_filter_cond.cond_type, 0, status,
                 p_data->ble_cfg_filter_cond.ref_value);
+    }
     return;
 }
 
@@ -5390,9 +5502,10 @@ void bta_dm_enable_scan_filter(tBTA_DM_MSG *p_data)
         return;
     }
 
-    if (p_data->ble_enable_scan_filt.p_filt_status_cback)
+    if (p_data->ble_enable_scan_filt.p_filt_status_cback) {
         p_data->ble_enable_scan_filt.p_filt_status_cback (BTA_DM_BLE_PF_ENABLE_EVT,
                 p_data->ble_enable_scan_filt.ref_value, status);
+    }
 
 }
 
@@ -5426,9 +5539,10 @@ void bta_dm_scan_filter_param_setup (tBTA_DM_MSG *p_data)
         }
     }
 
-    if (p_data->ble_scan_filt_param_setup.p_filt_param_cback)
+    if (p_data->ble_scan_filt_param_setup.p_filt_param_cback) {
         p_data->ble_scan_filt_param_setup.p_filt_param_cback (BTA_DM_BLE_PF_ENABLE_EVT, 0,
                 p_data->ble_scan_filt_param_setup.ref_value, status);
+    }
 
     return;
 }
@@ -5738,6 +5852,8 @@ void bta_dm_proc_open_evt(tBTA_GATTC_OPEN *p_data)
                      ((p2[0]) << 24) + ((p2[1]) << 16) + ((p2[2]) << 8) + (p2[3]),
                      ((p2[4]) << 8) + p2[5]);
 
+    UNUSED(p1);
+    UNUSED(p2);
     APPL_TRACE_DEBUG("BTA_GATTC_OPEN_EVT conn_id = %d client_if=%d status = %d" ,
                      p_data->conn_id,
                      p_data->client_if,

components/bt/bluedroid/bta/dm/bta_dm_api.c

@@ -510,6 +510,36 @@ void BTA_DmLocalOob(void)
         bta_sys_sendmsg(p_msg);
     }
 }
+
+/*******************************************************************************
+**
+** Function         BTA_DmOobReply
+**
+**                  This function is called to provide the OOB data for
+**                  SMP in response to BTM_LE_OOB_REQ_EVT
+**
+** Parameters:      bd_addr     - Address of the peer device
+**                  len         - length of simple pairing Randomizer  C
+**                  p_value     - simple pairing Randomizer  C.
+**
+** Returns          void
+**
+*******************************************************************************/
+void BTA_DmOobReply(BD_ADDR bd_addr, UINT8 len, UINT8 *p_value)
+{
+    tBTA_DM_API_OOB_REPLY    *p_msg;
+
+    if ((p_msg = (tBTA_DM_API_OOB_REPLY *) osi_malloc(sizeof(tBTA_DM_API_OOB_REPLY))) != NULL) {
+        p_msg->hdr.event = BTA_DM_API_OOB_REPLY_EVT;
+        if(p_value == NULL || len > BT_OCTET16_LEN) {
+            return;
+        }
+        memcpy(p_msg->bd_addr, bd_addr, BD_ADDR_LEN);
+        p_msg->len = len;
+        memcpy(p_msg->value, p_value, len);
+        bta_sys_sendmsg(p_msg);
+    }
+}
 #endif /* BTM_OOB_INCLUDED */
 /*******************************************************************************
 **
@@ -1192,16 +1222,46 @@ void BTA_DmBleSetAdvConfigRaw (UINT8 *p_raw_adv, UINT32 raw_adv_len,
     tBTA_DM_API_SET_ADV_CONFIG_RAW  *p_msg;
 
     if ((p_msg = (tBTA_DM_API_SET_ADV_CONFIG_RAW *)
-                 osi_malloc(sizeof(tBTA_DM_API_SET_ADV_CONFIG_RAW))) != NULL) {
+                 osi_malloc(sizeof(tBTA_DM_API_SET_ADV_CONFIG_RAW) + raw_adv_len)) != NULL) {
         p_msg->hdr.event = BTA_DM_API_BLE_SET_ADV_CONFIG_RAW_EVT;
         p_msg->p_adv_data_cback = p_adv_data_cback;
-        p_msg->p_raw_adv = p_raw_adv;
+        p_msg->p_raw_adv = (UINT8 *)(p_msg + 1);
+        memcpy(p_msg->p_raw_adv, p_raw_adv, raw_adv_len);
         p_msg->raw_adv_len = raw_adv_len;
 
         bta_sys_sendmsg(p_msg);
     }
 }
 
+/*******************************************************************************
+**
+** Function         BTA_DmBleSetLongAdv
+**
+** Description      This function is called to set long Advertising data
+**
+** Parameters       adv_data : long advertising data.
+**                  adv_data_len : long advertising data length.
+**                  p_adv_data_cback : set long adv data complete callback.
+**
+** Returns          None
+**
+*******************************************************************************/
+void BTA_DmBleSetLongAdv (UINT8 *adv_data, UINT32 adv_data_len,
+                            tBTA_SET_ADV_DATA_CMPL_CBACK *p_adv_data_cback)
+{
+    tBTA_DM_API_SET_LONG_ADV  *p_msg;
+
+    if ((p_msg = (tBTA_DM_API_SET_LONG_ADV *)
+                 osi_malloc(sizeof(tBTA_DM_API_SET_LONG_ADV))) != NULL) {
+        p_msg->hdr.event = BTA_DM_API_BLE_SET_LONG_ADV_EVT;
+        p_msg->p_adv_data_cback = p_adv_data_cback;
+        p_msg->adv_data = adv_data;
+        p_msg->adv_data_len = adv_data_len;
+
+        bta_sys_sendmsg(p_msg);
+    }
+}
+
 /*******************************************************************************
 **
 ** Function         BTA_DmBleSetScanRsp
@@ -1248,16 +1308,45 @@ void BTA_DmBleSetScanRspRaw (UINT8 *p_raw_scan_rsp, UINT32 raw_scan_rsp_len,
     tBTA_DM_API_SET_ADV_CONFIG_RAW  *p_msg;
 
     if ((p_msg = (tBTA_DM_API_SET_ADV_CONFIG_RAW *)
-                 osi_malloc(sizeof(tBTA_DM_API_SET_ADV_CONFIG_RAW))) != NULL) {
+                 osi_malloc(sizeof(tBTA_DM_API_SET_ADV_CONFIG_RAW) + raw_scan_rsp_len)) != NULL) {
         p_msg->hdr.event = BTA_DM_API_BLE_SET_SCAN_RSP_RAW_EVT;
         p_msg->p_adv_data_cback = p_scan_rsp_data_cback;
-        p_msg->p_raw_adv = p_raw_scan_rsp;
+        p_msg->p_raw_adv = (UINT8 *)(p_msg + 1);
+        memcpy(p_msg->p_raw_adv, p_raw_scan_rsp, raw_scan_rsp_len);
         p_msg->raw_adv_len = raw_scan_rsp_len;
 
         bta_sys_sendmsg(p_msg);
     }
 }
 
+/*******************************************************************************
+**
+** Function         BTA_DmUpdateDuplicateExceptionalList
+**
+** Description      This function is called to update duplicate scan exceptional list
+**
+** Parameters       subcode : add, remove or clean duplicate scan exceptional list.
+**                  type : device info type.
+**                  device_info:  device info
+**                  p_update_duplicate_ignore_list_cback :  update complete callback.
+**
+** Returns          None
+**
+*******************************************************************************/
+void BTA_DmUpdateDuplicateExceptionalList(UINT8 subcode, UINT32 type, BD_ADDR device_info, tBTA_UPDATE_DUPLICATE_EXCEPTIONAL_LIST_CMPL_CBACK p_update_duplicate_exceptional_list_cback)
+{
+    tBTA_DM_API_UPDATE_DUPLICATE_EXCEPTIONAL_LIST *p_msg;
+    if ((p_msg = (tBTA_DM_API_UPDATE_DUPLICATE_EXCEPTIONAL_LIST *)osi_malloc(sizeof(tBTA_DM_API_UPDATE_DUPLICATE_EXCEPTIONAL_LIST))) != NULL) {
+        p_msg->hdr.event = BTA_DM_API_UPDATE_DUPLICATE_EXCEPTIONAL_LIST_EVT;
+        p_msg->subcode = subcode;
+        p_msg->type = type;
+        p_msg->exceptional_list_cb = p_update_duplicate_exceptional_list_cback;
+        memcpy(p_msg->device_info, device_info, sizeof(BD_ADDR));
+
+        bta_sys_sendmsg(p_msg);
+    }
+}
+
 /*******************************************************************************
 **
 ** Function         BTA_DmBleSetStorageParams

components/bt/bluedroid/bta/dm/bta_dm_co.c

@@ -35,6 +35,9 @@
 #define BTM_BLE_ONLY_ACCEPT_SPECIFIED_SEC_AUTH_DISABLE 0
 #define BTM_BLE_ONLY_ACCEPT_SPECIFIED_SEC_AUTH_ENABLE  1
 
+#define BTM_BLE_OOB_DISABLE  0
+#define BTM_BLE_OOB_ENABLE   1
+
 tBTE_APPL_CFG bte_appl_cfg = {
 #if SMP_INCLUDED == TRUE
     BTA_LE_AUTH_REQ_SC_MITM_BOND, // Authentication requirements
@@ -45,7 +48,9 @@ tBTE_APPL_CFG bte_appl_cfg = {
     BTM_BLE_INITIATOR_KEY_SIZE,
     BTM_BLE_RESPONDER_KEY_SIZE,
     BTM_BLE_MAX_KEY_SIZE,
-    BTM_BLE_ONLY_ACCEPT_SPECIFIED_SEC_AUTH_DISABLE
+    BTM_BLE_MIN_KEY_SIZE,
+    BTM_BLE_ONLY_ACCEPT_SPECIFIED_SEC_AUTH_DISABLE,
+    BTM_BLE_OOB_DISABLE,
 };
 #endif
 
@@ -338,12 +343,16 @@ void bta_dm_co_ble_io_req(BD_ADDR bd_addr,  tBTA_IO_CAP *p_io_cap,
      * If the answer can not be obtained right away,
      * set *p_oob_data to BTA_OOB_UNKNOWN and call bta_dm_ci_io_req() when the answer is available */
 
-    *p_oob_data = FALSE;
+    *p_oob_data = bte_appl_cfg.oob_support;
 
     /* *p_auth_req by default is FALSE for devices with NoInputNoOutput; TRUE for other devices. */
 
     *p_auth_req = bte_appl_cfg.ble_auth_req | (bte_appl_cfg.ble_auth_req & BTA_LE_AUTH_REQ_MITM) | ((*p_auth_req) & BTA_LE_AUTH_REQ_MITM);
 
+    if (*p_oob_data == BTM_BLE_OOB_ENABLE) {
+        *p_auth_req = (*p_auth_req)&(~BTA_LE_AUTH_REQ_SC_ONLY);
+    }
+
     if (bte_appl_cfg.ble_io_cap <= 4) {
         *p_io_cap = bte_appl_cfg.ble_io_cap;
     }
@@ -399,7 +408,7 @@ void bta_dm_co_ble_set_rsp_key_req(UINT8 rsp_key)
 void bta_dm_co_ble_set_max_key_size(UINT8 ble_key_size)
 {
 #if (SMP_INCLUDED == TRUE)
-    if(ble_key_size >= BTM_BLE_MIN_KEY_SIZE && ble_key_size <= BTM_BLE_MAX_KEY_SIZE) {
+    if(ble_key_size >= bte_appl_cfg.ble_min_key_size && ble_key_size <= BTM_BLE_MAX_KEY_SIZE) {
         bte_appl_cfg.ble_max_key_size = ble_key_size;
     } else {
         APPL_TRACE_ERROR("%s error:Invalid key size value, key_size =%d",__func__, ble_key_size);
@@ -407,6 +416,17 @@ void bta_dm_co_ble_set_max_key_size(UINT8 ble_key_size)
 #endif  ///SMP_INCLUDED == TRUE
 }
 
+void bta_dm_co_ble_set_min_key_size(UINT8 ble_key_size)
+{
+#if (SMP_INCLUDED == TRUE)
+    if(ble_key_size >= BTM_BLE_MIN_KEY_SIZE && ble_key_size <= bte_appl_cfg.ble_max_key_size) {
+        bte_appl_cfg.ble_min_key_size = ble_key_size;
+    } else {
+        APPL_TRACE_ERROR("%s error:Invalid key size value, key_size =%d",__func__, ble_key_size);
+    }
+#endif  ///SMP_INCLUDED == TRUE
+}
+
 void bta_dm_co_ble_set_accept_auth_enable(UINT8 enable)
 {
 #if (SMP_INCLUDED == TRUE)
@@ -433,5 +453,16 @@ UINT8 bta_dm_co_ble_get_auth_req(void)
     return 0;
 }
 
+void bta_dm_co_ble_oob_support(UINT8 enable)
+{
+#if (SMP_INCLUDED == TRUE)
+    if (enable) {
+        bte_appl_cfg.oob_support = BTM_BLE_OOB_ENABLE;
+    } else {
+        bte_appl_cfg.oob_support = BTM_BLE_OOB_DISABLE;
+    }
+#endif  ///SMP_INCLUDED == TRUE
+}
+
 #endif
 

components/bt/bluedroid/bta/dm/bta_dm_main.c

@@ -82,6 +82,7 @@ const tBTA_DM_ACTION bta_dm_action[BTA_DM_MAX_EVT] = {
 #endif  ///SMP_INCLUDED == TRUE
 #if (BTM_OOB_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
     bta_dm_loc_oob,                         /* BTA_DM_API_LOC_OOB_EVT */
+    bta_dm_oob_reply,                       /* BTA_DM_API_OOB_REPLY_EVT */
     bta_dm_ci_io_req_act,                   /* BTA_DM_CI_IO_REQ_EVT */
     bta_dm_ci_rmt_oob_act,                  /* BTA_DM_CI_RMT_OOB_EVT */
 #endif /* BTM_OOB_INCLUDED */
@@ -130,6 +131,7 @@ const tBTA_DM_ACTION bta_dm_action[BTA_DM_MAX_EVT] = {
     bta_dm_ble_set_scan_rsp_raw,            /* BTA_DM_API_BLE_SET_SCAN_RSP_RAW_EVT */
     bta_dm_ble_broadcast,                   /* BTA_DM_API_BLE_BROADCAST_EVT */
     bta_dm_ble_set_data_length,             /* BTA_DM_API_SET_DATA_LENGTH_EVT */
+    bta_dm_ble_set_long_adv,                /* BTA_DM_API_BLE_SET_LONG_ADV_EVT */
 #if BLE_ANDROID_CONTROLLER_SCAN_FILTER == TRUE
     bta_dm_cfg_filter_cond,                 /* BTA_DM_API_CFG_FILTER_COND_EVT */
     bta_dm_scan_filter_param_setup,         /* BTA_DM_API_SCAN_FILTER_SETUP_EVT */
@@ -157,6 +159,7 @@ const tBTA_DM_ACTION bta_dm_action[BTA_DM_MAX_EVT] = {
     bta_dm_update_white_list,               /* BTA_DM_API_UPDATE_WHITE_LIST_EVT */
     bta_dm_ble_read_adv_tx_power,           /* BTA_DM_API_BLE_READ_ADV_TX_POWER_EVT */
     bta_dm_ble_read_rssi,                   /* BTA_DM_API_BLE_READ_RSSI_EVT */
+    bta_dm_ble_update_duplicate_exceptional_list,/* BTA_DM_API_UPDATE_DUPLICATE_EXCEPTIONAL_LIST_EVT */
 };
 
 

components/bt/bluedroid/bta/dm/bta_dm_pm.c

@@ -1038,9 +1038,10 @@ static void bta_dm_pm_hid_check(BOOLEAN bScoActive)
             bta_dm_pm_set_sniff_policy( bta_dm_find_peer_device(bta_dm_conn_srvcs.conn_srvc[j].peer_bdaddr), bScoActive);
 
             /* if we had disabled link policy, seems like the hid device stop retrying SNIFF after a few tries. force sniff if needed */
-            if (!bScoActive)
+            if (!bScoActive) {
                 bta_dm_pm_set_mode(bta_dm_conn_srvcs.conn_srvc[j].peer_bdaddr, BTA_DM_PM_NO_ACTION,
                                    BTA_DM_PM_RESTART);
+            }
         }
     }
 

components/bt/bluedroid/bta/dm/include/bta_dm_int.h

@@ -79,6 +79,7 @@ enum {
 #endif  ///SMP_INCLUDED == TRUE
 #if (BTM_OOB_INCLUDED == TRUE && SMP_INCLUDED == TRUE)
     BTA_DM_API_LOC_OOB_EVT,
+    BTA_DM_API_OOB_REPLY_EVT,
     BTA_DM_CI_IO_REQ_EVT,
     BTA_DM_CI_RMT_OOB_EVT,
 #endif /* BTM_OOB_INCLUDED */
@@ -127,7 +128,7 @@ enum {
     BTA_DM_API_BLE_SET_SCAN_RSP_RAW_EVT,
     BTA_DM_API_BLE_BROADCAST_EVT,
     BTA_DM_API_SET_DATA_LENGTH_EVT,
-
+    BTA_DM_API_BLE_SET_LONG_ADV_EVT,
 #if BLE_ANDROID_CONTROLLER_SCAN_FILTER == TRUE
     BTA_DM_API_CFG_FILTER_COND_EVT,
     BTA_DM_API_SCAN_FILTER_SETUP_EVT,
@@ -155,6 +156,7 @@ enum {
     BTA_DM_API_UPDATE_WHITE_LIST_EVT,
     BTA_DM_API_BLE_READ_ADV_TX_POWER_EVT,
     BTA_DM_API_BLE_READ_RSSI_EVT,
+    BTA_DM_API_UPDATE_DUPLICATE_EXCEPTIONAL_LIST_EVT,
     BTA_DM_MAX_EVT
 };
 
@@ -193,6 +195,14 @@ typedef struct {
     tBTA_ADD_WHITELIST_CBACK *add_wl_cb;
 }tBTA_DM_API_UPDATE_WHITE_LIST;
 
+typedef struct {
+    BT_HDR    hdr;
+    UINT8     subcode;
+    UINT32    type;
+    BD_ADDR   device_info;
+    tBTA_UPDATE_DUPLICATE_EXCEPTIONAL_LIST_CMPL_CBACK *exceptional_list_cb;
+}tBTA_DM_API_UPDATE_DUPLICATE_EXCEPTIONAL_LIST;
+
 typedef struct {
     BT_HDR       hdr;
     tBTA_CMPL_CB *read_tx_power_cb;
@@ -298,6 +308,14 @@ typedef struct {
     BT_HDR      hdr;
 } tBTA_DM_API_LOC_OOB;
 
+/* data type for BTA_DM_API_OOB_REPLY_EVT */
+typedef struct {
+    BT_HDR      hdr;
+    BD_ADDR bd_addr;
+    UINT8       len;
+    UINT8       value[BT_OCTET16_LEN];
+} tBTA_DM_API_OOB_REPLY;
+
 /* data type for BTA_DM_API_CONFIRM_EVT */
 typedef struct {
     BT_HDR      hdr;
@@ -648,6 +666,13 @@ typedef struct {
     tBTA_SET_ADV_DATA_CMPL_CBACK    *p_adv_data_cback;
 } tBTA_DM_API_SET_ADV_CONFIG_RAW;
 
+typedef struct {
+    BT_HDR                  hdr;
+    UINT8                   *adv_data;
+    UINT8                   adv_data_len;
+    tBTA_SET_ADV_DATA_CMPL_CBACK    *p_adv_data_cback;
+} tBTA_DM_API_SET_LONG_ADV;
+
 typedef struct {
     BT_HDR                  hdr;
     UINT8                   batch_scan_full_max;
@@ -780,6 +805,7 @@ typedef union {
     tBTA_DM_API_PIN_REPLY pin_reply;
 
     tBTA_DM_API_LOC_OOB     loc_oob;
+    tBTA_DM_API_OOB_REPLY   oob_reply;
     tBTA_DM_API_CONFIRM     confirm;
     tBTA_DM_API_KEY_REQ     key_req;
     tBTA_DM_CI_IO_REQ       ci_io_req;
@@ -827,6 +853,7 @@ typedef union {
     tBTA_DM_API_BLE_ADV_PARAMS_ALL      ble_set_adv_params_all;
     tBTA_DM_API_SET_ADV_CONFIG          ble_set_adv_data;
     tBTA_DM_API_SET_ADV_CONFIG_RAW      ble_set_adv_data_raw;
+    tBTA_DM_API_SET_LONG_ADV            ble_set_long_adv_data;
 #if BLE_ANDROID_CONTROLLER_SCAN_FILTER == TRUE
     tBTA_DM_API_SCAN_FILTER_PARAM_SETUP ble_scan_filt_param_setup;
     tBTA_DM_API_CFG_FILTER_COND         ble_cfg_filter_cond;
@@ -848,6 +875,7 @@ typedef union {
     tBTA_DM_API_TRACK_ADVERTISER        ble_track_advert;
     tBTA_DM_API_ENERGY_INFO             ble_energy_info;
     tBTA_DM_API_BLE_DISCONNECT          ble_disconnect;
+    tBTA_DM_API_UPDATE_DUPLICATE_EXCEPTIONAL_LIST ble_duplicate_exceptional_list;
 #endif
 
     tBTA_DM_API_REMOVE_ACL              remove_acl;
@@ -1238,12 +1266,13 @@ extern void bta_dm_ble_config_local_icon (tBTA_DM_MSG *p_data);
 extern void bta_dm_ble_set_adv_params (tBTA_DM_MSG *p_data);
 extern void bta_dm_ble_set_adv_params_all(tBTA_DM_MSG *p_data);
 extern void bta_dm_ble_set_adv_config (tBTA_DM_MSG *p_data);
+extern void bta_dm_ble_set_long_adv (tBTA_DM_MSG *p_data);
 extern void bta_dm_ble_set_adv_config_raw (tBTA_DM_MSG *p_data);
 extern void bta_dm_ble_set_scan_rsp (tBTA_DM_MSG *p_data);
 extern void bta_dm_ble_set_scan_rsp_raw (tBTA_DM_MSG *p_data);
 extern void bta_dm_ble_broadcast (tBTA_DM_MSG *p_data);
 extern void bta_dm_ble_set_data_length(tBTA_DM_MSG *p_data);
-
+extern void bta_dm_ble_update_duplicate_exceptional_list(tBTA_DM_MSG *p_data);
 #if BLE_ANDROID_CONTROLLER_SCAN_FILTER == TRUE
 extern void bta_dm_cfg_filter_cond (tBTA_DM_MSG *p_data);
 extern void bta_dm_scan_filter_param_setup (tBTA_DM_MSG *p_data);
@@ -1267,6 +1296,7 @@ extern void bta_dm_confirm(tBTA_DM_MSG *p_data);
 extern void bta_dm_key_req(tBTA_DM_MSG *p_data);
 #if (BTM_OOB_INCLUDED == TRUE)
 extern void bta_dm_loc_oob(tBTA_DM_MSG *p_data);
+extern void bta_dm_oob_reply(tBTA_DM_MSG *p_data);
 extern void bta_dm_ci_io_req_act(tBTA_DM_MSG *p_data);
 extern void bta_dm_ci_rmt_oob_act(tBTA_DM_MSG *p_data);
 #endif /* BTM_OOB_INCLUDED */

components/bt/bluedroid/bta/gatt/bta_gatt_common.c

@@ -27,4 +27,10 @@
 void BTA_GATT_SetLocalMTU(uint16_t mtu)
 {
     gatt_set_local_mtu(mtu);
-}
+}
+
+uint16_t BTA_GATT_GetLocalMTU(void)
+{
+    return gatt_get_local_mtu();
+}
+

components/bt/bluedroid/bta/gatt/bta_gattc_act.c

@@ -531,7 +531,9 @@ void bta_gattc_init_bk_conn(tBTA_GATTC_API_OPEN *p_data, tBTA_GATTC_RCB *p_clreg
     if (bta_gattc_mark_bg_conn(p_data->client_if, p_data->remote_bda, TRUE, FALSE)) {
         /* always call open to hold a connection */
         if (!GATT_Connect(p_data->client_if, p_data->remote_bda, p_data->remote_addr_type, FALSE, p_data->transport)) {
+#if (!CONFIG_BT_STACK_NO_LOG)
             uint8_t *bda = (uint8_t *)p_data->remote_bda;
+#endif
             status = BTA_GATT_ERROR;
             APPL_TRACE_ERROR("%s unable to connect to remote bd_addr:%02x:%02x:%02x:%02x:%02x:%02x",
                              __func__, bda[0], bda[1], bda[2], bda[3], bda[4], bda[5]);
@@ -674,7 +676,7 @@ void bta_gattc_conn(tBTA_GATTC_CLCB *p_clcb, tBTA_GATTC_DATA *p_data)
                 bta_gattc_reset_discover_st(p_clcb->p_srcb, BTA_GATT_OK);
                 //register service change
                 bta_gattc_register_service_change_notify(p_clcb->bta_conn_id, p_clcb->bda);
-            } else 
+            } else
 #endif
             { /* cache is building */
                 p_clcb->p_srcb->state = BTA_GATTC_SERV_DISC;
@@ -1071,8 +1073,9 @@ void bta_gattc_disc_cmpl(tBTA_GATTC_CLCB *p_clcb, tBTA_GATTC_DATA *p_data)
 *******************************************************************************/
 void bta_gattc_read(tBTA_GATTC_CLCB *p_clcb, tBTA_GATTC_DATA *p_data)
 {
-    if (!bta_gattc_enqueue(p_clcb, p_data))
+    if (!bta_gattc_enqueue(p_clcb, p_data)) {
         return;
+    }
 
     tGATT_READ_PARAM    read_param;
     memset (&read_param, 0 ,sizeof(tGATT_READ_PARAM));
@@ -1140,8 +1143,9 @@ void bta_gattc_read_multi(tBTA_GATTC_CLCB *p_clcb, tBTA_GATTC_DATA *p_data)
 *******************************************************************************/
 void bta_gattc_write(tBTA_GATTC_CLCB *p_clcb, tBTA_GATTC_DATA *p_data)
 {
-    if (!bta_gattc_enqueue(p_clcb, p_data))
+    if (!bta_gattc_enqueue(p_clcb, p_data)) {
         return;
+    }
 
     tBTA_GATT_STATUS    status = BTA_GATT_OK;
     tGATT_VALUE attr;
@@ -1742,7 +1746,7 @@ void bta_gattc_process_api_cache_assoc(tBTA_GATTC_CB *p_cb, tBTA_GATTC_DATA *p_m
     tBTA_GATTC gattc_cb = {0};
     gattc_cb.set_assoc.client_if = p_msg->api_assoc.client_if;
     BOOLEAN state = FALSE;
-    tBTA_GATTC_CLCB *p_assoc_clcb = bta_gattc_find_clcb_by_cif(p_msg->api_assoc.client_if, 
+    tBTA_GATTC_CLCB *p_assoc_clcb = bta_gattc_find_clcb_by_cif(p_msg->api_assoc.client_if,
                                                              p_msg->api_assoc.assoc_addr, BTA_TRANSPORT_LE);
     tBTA_GATTC_RCB *p_clrcb = bta_gattc_cl_get_regcb(p_msg->api_assoc.client_if);
     if (p_assoc_clcb != NULL) {
@@ -1783,7 +1787,7 @@ void bta_gattc_process_api_cache_assoc(tBTA_GATTC_CB *p_cb, tBTA_GATTC_DATA *p_m
     }
 
     return;
- 
+
 }
 void bta_gattc_process_api_cache_get_addr_list(tBTA_GATTC_CB *p_cb, tBTA_GATTC_DATA *p_msg)
 {

components/bt/bluedroid/bta/gatt/bta_gattc_api.c

@@ -178,6 +178,11 @@ void BTA_GATTC_Open(tBTA_GATTC_IF client_if, BD_ADDR remote_bda, tBTA_ADDR_TYPE
 *******************************************************************************/
 void BTA_GATTC_CancelOpen(tBTA_GATTC_IF client_if, BD_ADDR remote_bda, BOOLEAN is_direct)
 {
+    //If the registration callback is NULL, return
+    if(bta_sys_is_register(BTA_ID_GATTC) == FALSE) {
+        return;
+    }
+
     tBTA_GATTC_API_CANCEL_OPEN  *p_buf;
 
     if ((p_buf = (tBTA_GATTC_API_CANCEL_OPEN *) osi_malloc(sizeof(tBTA_GATTC_API_CANCEL_OPEN))) != NULL) {
@@ -925,7 +930,10 @@ void BTA_GATTC_Refresh(BD_ADDR remote_bda, bool erase_flash)
         bta_gattc_cache_reset(remote_bda);
     }
 #endif
-
+    //If the registration callback is NULL, return
+    if(bta_sys_is_register(BTA_ID_GATTC) == FALSE) {
+        return;
+    }
     tBTA_GATTC_API_OPEN  *p_buf;
 
     if ((p_buf = (tBTA_GATTC_API_OPEN *) osi_malloc(sizeof(tBTA_GATTC_API_OPEN))) != NULL) {

components/bt/bluedroid/bta/gatt/bta_gattc_cache.c

@@ -93,7 +93,7 @@ static char *bta_gattc_attr_type[] = {
 };
 /* utility functions */
 
-bool display_cache_attribute(void *data, void *context) 
+bool display_cache_attribute(void *data, void *context)
 {
     //tBTA_GATTC_CACHE_ATTR *p_attr = data;
     //APPL_TRACE_ERROR("\t Attr handle[%d] uuid[0x%04x] type[%s] prop[0x%1x]",
@@ -102,7 +102,7 @@ bool display_cache_attribute(void *data, void *context)
     return true;
 }
 
-bool display_cache_service(void *data, void *context) 
+bool display_cache_service(void *data, void *context)
 {
     tBTA_GATTC_SERVICE    *p_cur_srvc = data;
     APPL_TRACE_API("Service: handle[%d ~ %d] %s[0x%04x] inst[%d]",
@@ -213,9 +213,9 @@ static void bta_gattc_free(void *ptr)
     osi_free(ptr);
 }
 
-void bta_gattc_insert_sec_service_to_cache(list_t *services, tBTA_GATTC_SERVICE *p_new_srvc) 
+void bta_gattc_insert_sec_service_to_cache(list_t *services, tBTA_GATTC_SERVICE *p_new_srvc)
 {
-    // services/p_new_srvc is NULL 
+    // services/p_new_srvc is NULL
     if (!services || !p_new_srvc) {
         APPL_TRACE_ERROR("%s services/p_new_srvc is NULL", __func__);
         return;
@@ -243,7 +243,7 @@ void bta_gattc_insert_sec_service_to_cache(list_t *services, tBTA_GATTC_SERVICE
                     return;
                 }
             }
-        }  
+        }
     }
 }
 
@@ -314,8 +314,9 @@ static tBTA_GATT_STATUS bta_gattc_add_char_to_cache(tBTA_GATTC_SERV *p_srvc_cb,
     /* TODO(jpawlowski): We should use attribute handle, not value handle to refer to characteristic.
        This is just a temporary workaround.
     */
-    if (service->e_handle < value_handle)
+    if (service->e_handle < value_handle) {
         service->e_handle = value_handle;
+    }
 
     tBTA_GATTC_CHARACTERISTIC *characteristic = osi_malloc(sizeof(tBTA_GATTC_CHARACTERISTIC));
     if (!characteristic) {
@@ -554,10 +555,10 @@ void bta_gattc_update_include_service(const list_t *services) {
             if(include_service && !include_service->included_service) {
                 //update
                 include_service->included_service = bta_gattc_find_matching_service(services, include_service->incl_srvc_s_handle);
-                if(!include_service->included_service) { 
+                if(!include_service->included_service) {
                     //not match, free it
                     list_remove(service->included_svc, include_service);
-                    osi_free(include_service);    
+                    osi_free(include_service);
                 }
             }
         }
@@ -980,12 +981,13 @@ void bta_gattc_disc_res_cback (UINT16 conn_id, tGATT_DISC_TYPE disc_type, tGATT_
                                               p_data->value.incl_service.e_handle,
                                               p_data->value.incl_service.service_type);
 
-            if (!pri_srvc)
+            if (!pri_srvc) {
                 bta_gattc_add_srvc_to_list(p_srvc_cb,
                                            p_data->value.incl_service.s_handle,
                                            p_data->value.incl_service.e_handle,
                                            p_data->value.incl_service.service_type,
                                            FALSE);
+            }
             /* add into database */
             bta_gattc_add_attr_to_cache(p_srvc_cb,
                                         p_data->handle,
@@ -1007,8 +1009,8 @@ void bta_gattc_disc_res_cback (UINT16 conn_id, tGATT_DISC_TYPE disc_type, tGATT_
 
         case GATT_DISC_CHAR_DSCPT:
             bta_gattc_add_attr_to_cache(p_srvc_cb,
-                                        p_data->handle, 
-                                        &p_data->type, 
+                                        p_data->handle,
+                                        &p_data->type,
                                         0,
                                         0 /* incl_srvc_s_handle */,
                                         0 /* incl_srvc_e_handle */,
@@ -1023,8 +1025,9 @@ void bta_gattc_disc_cmpl_cback (UINT16 conn_id, tGATT_DISC_TYPE disc_type, tGATT
     tBTA_GATTC_CLCB *p_clcb = bta_gattc_find_clcb_by_conn_id(conn_id);
 
     if ( p_clcb && (status != GATT_SUCCESS || p_clcb->status != GATT_SUCCESS) ) {
-        if (status == GATT_SUCCESS)
+        if (status == GATT_SUCCESS) {
             p_clcb->status = status;
+        }
         bta_gattc_sm_execute(p_clcb, BTA_GATTC_DISCOVER_CMPL_EVT, NULL);
         return;
     }
@@ -1071,15 +1074,17 @@ void bta_gattc_search_service(tBTA_GATTC_CLCB *p_clcb, tBT_UUID *p_uuid)
 {
     tBTA_GATTC          cb_data;
 
-    if (!p_clcb->p_srcb->p_srvc_cache || list_is_empty(p_clcb->p_srcb->p_srvc_cache))
+    if (!p_clcb->p_srcb->p_srvc_cache || list_is_empty(p_clcb->p_srcb->p_srvc_cache)) {
         return;
+    }
 
     for (list_node_t *sn = list_begin(p_clcb->p_srcb->p_srvc_cache);
          sn != list_end(p_clcb->p_srcb->p_srvc_cache); sn = list_next(sn)) {
         tBTA_GATTC_SERVICE *p_cache = list_node(sn);
 
-        if (!bta_gattc_uuid_compare(p_uuid, &p_cache->uuid, FALSE))
+        if (!bta_gattc_uuid_compare(p_uuid, &p_cache->uuid, FALSE)) {
             continue;
+        }
 
 #if (defined BTA_GATT_DEBUG && BTA_GATT_DEBUG == TRUE)
         APPL_TRACE_DEBUG("found service [0x%04x], inst[%d] handle [%d]",
@@ -1087,8 +1092,9 @@ void bta_gattc_search_service(tBTA_GATTC_CLCB *p_clcb, tBT_UUID *p_uuid)
                           p_cache->handle,
                           p_cache->s_handle);
 #endif
-        if (!p_clcb->p_rcb->p_cback)
+        if (!p_clcb->p_rcb->p_cback) {
             continue;
+        }
 
         memset(&cb_data, 0, sizeof(tBTA_GATTC));
 
@@ -1103,8 +1109,9 @@ void bta_gattc_search_service(tBTA_GATTC_CLCB *p_clcb, tBT_UUID *p_uuid)
 }
 
 list_t* bta_gattc_get_services_srcb(tBTA_GATTC_SERV *p_srcb) {
-    if (!p_srcb || !p_srcb->p_srvc_cache || list_is_empty(p_srcb->p_srvc_cache))
+    if (!p_srcb || !p_srcb->p_srvc_cache || list_is_empty(p_srcb->p_srvc_cache)) {
         return NULL;
+    }
 
     return p_srcb->p_srvc_cache;
 }
@@ -1112,8 +1119,9 @@ list_t* bta_gattc_get_services_srcb(tBTA_GATTC_SERV *p_srcb) {
 const list_t* bta_gattc_get_services(UINT16 conn_id) {
     tBTA_GATTC_CLCB *p_clcb = bta_gattc_find_clcb_by_conn_id(conn_id);
 
-    if (p_clcb == NULL )
+    if (p_clcb == NULL ) {
         return NULL;
+    }
 
     tBTA_GATTC_SERV *p_srcb = p_clcb->p_srcb;
 
@@ -1121,63 +1129,68 @@ const list_t* bta_gattc_get_services(UINT16 conn_id) {
 }
 
 tBTA_GATTC_SERVICE*  bta_gattc_find_matching_service(const list_t *services, UINT16 handle) {
-    if (!services || list_is_empty(services))
+    if (!services || list_is_empty(services)) {
         return NULL;
+    }
 
     for (list_node_t *sn = list_begin(services);
          sn != list_end(services); sn = list_next(sn)) {
         tBTA_GATTC_SERVICE *service = list_node(sn);
 
-        if (handle >= service->s_handle && handle <= service->e_handle)
+        if (handle >= service->s_handle && handle <= service->e_handle) {
             return service;
+        }
     }
 
     return NULL;
 }
 
-const tBTA_GATTC_SERVICE*  bta_gattc_get_service_for_handle_srcb(tBTA_GATTC_SERV *p_srcb, UINT16 handle) 
+const tBTA_GATTC_SERVICE*  bta_gattc_get_service_for_handle_srcb(tBTA_GATTC_SERV *p_srcb, UINT16 handle)
 {
     const list_t *services = bta_gattc_get_services_srcb(p_srcb);
 
     return bta_gattc_find_matching_service(services, handle);
 }
 
-const tBTA_GATTC_SERVICE*  bta_gattc_get_service_for_handle(UINT16 conn_id, UINT16 handle) 
+const tBTA_GATTC_SERVICE*  bta_gattc_get_service_for_handle(UINT16 conn_id, UINT16 handle)
 {
     const list_t *services = bta_gattc_get_services(conn_id);
 
     return bta_gattc_find_matching_service(services, handle);
 }
 
-tBTA_GATTC_CHARACTERISTIC*  bta_gattc_get_characteristic_srcb(tBTA_GATTC_SERV *p_srcb, UINT16 handle) 
+tBTA_GATTC_CHARACTERISTIC*  bta_gattc_get_characteristic_srcb(tBTA_GATTC_SERV *p_srcb, UINT16 handle)
 {
     const tBTA_GATTC_SERVICE* service = bta_gattc_get_service_for_handle_srcb(p_srcb, handle);
 
-    if (!service)
+    if (!service) {
         return NULL;
+    }
 
     for (list_node_t *cn = list_begin(service->characteristics);
          cn != list_end(service->characteristics); cn = list_next(cn)) {
         tBTA_GATTC_CHARACTERISTIC *p_char = list_node(cn);
-        if (handle == p_char->handle)
+        if (handle == p_char->handle) {
             return p_char;
+        }
     }
 
     return NULL;
 }
 
-tBTA_GATTC_CHARACTERISTIC*  bta_gattc_get_characteristic(UINT16 conn_id, UINT16 handle) 
+tBTA_GATTC_CHARACTERISTIC*  bta_gattc_get_characteristic(UINT16 conn_id, UINT16 handle)
 {
    tBTA_GATTC_CLCB *p_clcb = bta_gattc_find_clcb_by_conn_id(conn_id);
 
-    if (p_clcb == NULL )
+    if (p_clcb == NULL ) {
         return NULL;
+    }
 
     tBTA_GATTC_SERV *p_srcb = p_clcb->p_srcb;
     return bta_gattc_get_characteristic_srcb(p_srcb, handle);
 }
 
-tBTA_GATTC_DESCRIPTOR*  bta_gattc_get_descriptor_srcb(tBTA_GATTC_SERV *p_srcb, UINT16 handle) 
+tBTA_GATTC_DESCRIPTOR*  bta_gattc_get_descriptor_srcb(tBTA_GATTC_SERV *p_srcb, UINT16 handle)
 {
     const tBTA_GATTC_SERVICE* service = bta_gattc_get_service_for_handle_srcb(p_srcb, handle);
 
@@ -1191,20 +1204,22 @@ tBTA_GATTC_DESCRIPTOR*  bta_gattc_get_descriptor_srcb(tBTA_GATTC_SERV *p_srcb, U
         for (list_node_t *dn = list_begin(p_char->descriptors);
              dn != list_end(p_char->descriptors); dn = list_next(dn)) {
             tBTA_GATTC_DESCRIPTOR *p_desc = list_node(dn);
-            if (handle == p_desc->handle)
+            if (handle == p_desc->handle) {
                 return p_desc;
+            }
         }
     }
 
     return NULL;
 }
 
-tBTA_GATTC_DESCRIPTOR*  bta_gattc_get_descriptor(UINT16 conn_id, UINT16 handle) 
+tBTA_GATTC_DESCRIPTOR*  bta_gattc_get_descriptor(UINT16 conn_id, UINT16 handle)
 {
     tBTA_GATTC_CLCB *p_clcb = bta_gattc_find_clcb_by_conn_id(conn_id);
 
-    if (p_clcb == NULL )
+    if (p_clcb == NULL ) {
         return NULL;
+    }
 
     tBTA_GATTC_SERV *p_srcb = p_clcb->p_srcb;
     return bta_gattc_get_descriptor_srcb(p_srcb, handle);
@@ -1443,7 +1458,7 @@ void bta_gattc_get_db_with_opration(UINT16 conn_id,
                     }
                 }
             }
-            
+
         }
     }
 
@@ -1476,7 +1491,7 @@ static size_t bta_gattc_get_db_size_with_type(list_t *services,
         }
 
         if (type == BTGATT_DB_PRIMARY_SERVICE || type == BTGATT_DB_SECONDARY_SERVICE) {
-            if ((type == BTGATT_DB_PRIMARY_SERVICE && p_cur_srvc->is_primary) || 
+            if ((type == BTGATT_DB_PRIMARY_SERVICE && p_cur_srvc->is_primary) ||
                 (type == BTGATT_DB_SECONDARY_SERVICE && !p_cur_srvc->is_primary)) {
                 // if the current service is the last service in the db, need to ensure the current service start handle is not less than the start_handle.
                 if (!svc_length) {
@@ -1572,10 +1587,11 @@ static size_t bta_gattc_get_db_size_with_type(list_t *services,
 ** Returns          number of elements inside db from start_handle to end_handle
 *******************************************************************************/
 static size_t bta_gattc_get_db_size(list_t *services,
-                                    UINT16 start_handle, UINT16 end_handle) 
+                                    UINT16 start_handle, UINT16 end_handle)
 {
-    if (!services || list_is_empty(services))
+    if (!services || list_is_empty(services)) {
         return 0;
+    }
 
     size_t db_size = 0;
     UINT16 svc_length = list_length(services) - 1;
@@ -1598,9 +1614,10 @@ static size_t bta_gattc_get_db_size(list_t *services,
         } else {
             db_size++;
         }
-        
-        if (!p_cur_srvc->characteristics || list_is_empty(p_cur_srvc->characteristics))
+
+        if (!p_cur_srvc->characteristics || list_is_empty(p_cur_srvc->characteristics)) {
             continue;
+        }
 
         for (list_node_t *cn = list_begin(p_cur_srvc->characteristics);
              cn != list_end(p_cur_srvc->characteristics); cn = list_next(cn)) {
@@ -1657,7 +1674,7 @@ void bta_gattc_get_db_size_handle(UINT16 conn_id, UINT16 start_handle, UINT16 en
         *count = 0;
         return;
     }
-    
+
     tBTA_GATTC_SERV *p_srcb = p_clcb->p_srcb;
     if (!p_srcb->p_srvc_cache || list_is_empty(p_srcb->p_srvc_cache)) {
         *count = 0;
@@ -1676,7 +1693,7 @@ void bta_gattc_get_db_size_with_type_handle(UINT16 conn_id, bt_gatt_db_attribute
         *count = 0;
         return;
     }
-    
+
     tBTA_GATTC_SERV *p_srcb = p_clcb->p_srcb;
     if (!p_srcb->p_srvc_cache || list_is_empty(p_srcb->p_srvc_cache)) {
         *count = 0;
@@ -1694,7 +1711,7 @@ void bta_gattc_get_db_size_with_type_handle(UINT16 conn_id, bt_gatt_db_attribute
         }
     }
     *count = bta_gattc_get_db_size_with_type(p_srcb->p_srvc_cache, type, NULL, start_handle, end_handle);
-    
+
 }
 
 /*******************************************************************************
@@ -1786,8 +1803,9 @@ static void bta_gattc_get_gatt_db_impl(tBTA_GATTC_SERV *p_srvc_cb,
                                           p_char->properties);
                 curr_db_attr++;
 
-                if (!p_char->descriptors || list_is_empty(p_char->descriptors))
+                if (!p_char->descriptors || list_is_empty(p_char->descriptors)) {
                     continue;
+                }
 
                 for (list_node_t *dn = list_begin(p_char->descriptors);
                      dn != list_end(p_char->descriptors); dn = list_next(dn)) {
@@ -1815,8 +1833,9 @@ static void bta_gattc_get_gatt_db_impl(tBTA_GATTC_SERV *p_srvc_cb,
             }
         }
 
-        if (!p_cur_srvc->included_svc || list_is_empty(p_cur_srvc->included_svc))
+        if (!p_cur_srvc->included_svc || list_is_empty(p_cur_srvc->included_svc)) {
             continue;
+        }
 
         for (list_node_t *isn = list_begin(p_cur_srvc->included_svc);
              isn != list_end(p_cur_srvc->included_svc); isn = list_next(isn)) {
@@ -1983,8 +2002,9 @@ void bta_gattc_fill_nv_attr(tBTA_GATTC_NV_ATTR *p_attr, UINT8 type, UINT16 s_han
 *******************************************************************************/
 void bta_gattc_cache_save(tBTA_GATTC_SERV *p_srvc_cb, UINT16 conn_id)
 {
-    if (!p_srvc_cb->p_srvc_cache || list_is_empty(p_srvc_cb->p_srvc_cache))
+    if (!p_srvc_cb->p_srvc_cache || list_is_empty(p_srvc_cb->p_srvc_cache)) {
         return;
+    }
 
     int i = 0;
     size_t db_size = bta_gattc_get_db_size(p_srvc_cb->p_srvc_cache, 0x0000, 0xFFFF);
@@ -2017,8 +2037,9 @@ void bta_gattc_cache_save(tBTA_GATTC_SERV *p_srvc_cb, UINT16 conn_id)
          sn != list_end(p_srvc_cb->p_srvc_cache); sn = list_next(sn)) {
         tBTA_GATTC_SERVICE *p_cur_srvc = list_node(sn);
 
-        if (!p_cur_srvc->characteristics || list_is_empty(p_cur_srvc->characteristics))
+        if (!p_cur_srvc->characteristics || list_is_empty(p_cur_srvc->characteristics)) {
             continue;
+        }
 
         for (list_node_t *cn = list_begin(p_cur_srvc->characteristics);
              cn != list_end(p_cur_srvc->characteristics); cn = list_next(cn)) {
@@ -2034,8 +2055,9 @@ void bta_gattc_cache_save(tBTA_GATTC_SERV *p_srvc_cb, UINT16 conn_id)
                                    0 /* incl_srvc_e_handle */,
                                    FALSE);
 
-            if (!p_char->descriptors || list_is_empty(p_char->descriptors))
+            if (!p_char->descriptors || list_is_empty(p_char->descriptors)) {
                 continue;
+            }
 
             for (list_node_t *dn = list_begin(p_char->descriptors);
                  dn != list_end(p_char->descriptors); dn = list_next(dn)) {
@@ -2053,8 +2075,9 @@ void bta_gattc_cache_save(tBTA_GATTC_SERV *p_srvc_cb, UINT16 conn_id)
             }
         }
 
-        if (!p_cur_srvc->included_svc || list_is_empty(p_cur_srvc->included_svc))
+        if (!p_cur_srvc->included_svc || list_is_empty(p_cur_srvc->included_svc)) {
             continue;
+        }
 
         for (list_node_t *an = list_begin(p_cur_srvc->included_svc);
              an != list_end(p_cur_srvc->included_svc); an = list_next(an)) {

components/bt/bluedroid/bta/gatt/bta_gattc_co.c

@@ -261,14 +261,18 @@ tBTA_GATT_STATUS bta_gattc_co_cache_open(BD_ADDR server_bda, BOOLEAN to_save, UI
 *******************************************************************************/
 tBTA_GATT_STATUS bta_gattc_co_cache_load(tBTA_GATTC_NV_ATTR *attr, UINT8 index)
 {
+#if (!CONFIG_BT_STACK_NO_LOG)
     UINT16              num_attr = 0;
+#endif
     tBTA_GATT_STATUS    status = BTA_GATT_ERROR;
     size_t length = 0;
     // Read the size of memory space required for blob
     nvs_get_blob(cache_env.cache_addr[index].cache_fp, cache_key, NULL, &length);
     // Read previously saved blob if available
     esp_err_t err_code = nvs_get_blob(cache_env.cache_addr[index].cache_fp, cache_key, attr, &length);
+#if (!CONFIG_BT_STACK_NO_LOG)
     num_attr = length / sizeof(tBTA_GATTC_NV_ATTR);
+#endif
     status = (err_code == ESP_OK && length != 0) ? BTA_GATT_OK : BTA_GATT_ERROR;
     APPL_TRACE_DEBUG("%s() - read=%d, status=%d, err_code = %d",
                      __func__, num_attr, status, err_code);
@@ -323,6 +327,9 @@ void bta_gattc_co_cache_save (BD_ADDR server_bda, UINT16 num_attr,
         status = BTA_GATT_ERROR;
     }
 
+#if CONFIG_BT_STACK_NO_LOG
+    (void) status;
+#endif
     APPL_TRACE_DEBUG("%s() wrote hash_key = %x%x%x%x, num_attr = %d, status = %d.", __func__, hash_key[0], hash_key[1], hash_key[2], hash_key[3], num_attr, status);
 }
 

components/bt/bluedroid/bta/gatt/bta_gattc_utils.c

@@ -416,8 +416,9 @@ tBTA_GATTC_SERV *bta_gattc_srcb_alloc(BD_ADDR bda)
 
     if (p_tcb != NULL)
     {
-        if (p_tcb->p_srvc_cache != NULL)
+        if (p_tcb->p_srvc_cache != NULL) {
             list_free(p_tcb->p_srvc_cache);
+        }
         osi_free(p_tcb->p_srvc_list);
         p_tcb->p_srvc_list = NULL;
         //osi_free_and_reset((void **)&p_tcb->p_srvc_list);
@@ -583,8 +584,9 @@ void bta_gattc_clear_notif_registration(tBTA_GATTC_SERV *p_srcb, UINT16 conn_id,
                      * clear boundaries are always around service.
                      */
                     handle = p_clrcb->notif_reg[i].handle;
-                    if (handle >= start_handle && handle <= end_handle)
+                    if (handle >= start_handle && handle <= end_handle) {
                         memset(&p_clrcb->notif_reg[i], 0, sizeof(tBTA_GATTC_NOTIF_REG));
+                    }
                 }
             }
         }
@@ -637,8 +639,9 @@ BOOLEAN bta_gattc_mark_bg_conn (tBTA_GATTC_IF client_if,  BD_ADDR_PTR remote_bda
     }
     if (!add) {
         if (remote_bda_ptr) {
-            // bdstr_t bdstr = {0};
+#if (!CONFIG_BT_STACK_NO_LOG)
             char bdstr[18] = {0};
+#endif
             APPL_TRACE_ERROR("%s unable to find the bg connection mask for: %s", __func__,
                              bdaddr_to_string((bt_bdaddr_t *)remote_bda_ptr, bdstr, sizeof(bdstr)));
         }
@@ -936,8 +939,9 @@ void bta_to_btif_uuid(bt_uuid_t *p_dest, tBT_UUID *p_src)
 
     if (p_src->len == LEN_UUID_16 || p_src->len == LEN_UUID_32)
     {
-        for(i=0; i != 16; ++i)
+        for(i=0; i != 16; ++i) {
             p_dest->uu[i] = base_uuid[i];
+        }
     }
 
     switch (p_src->len)

components/bt/bluedroid/bta/gatt/bta_gatts_act.c

@@ -403,7 +403,7 @@ void bta_gatts_add_char(tBTA_GATTS_SRVC_CB *p_srvc_cb, tBTA_GATTS_DATA *p_msg)
     UINT16          attr_id = 0;
     tBTA_GATTS      cb_data;
 
-    tGATT_ATTR_VAL *p_attr_val = NULL; 
+    tGATT_ATTR_VAL *p_attr_val = NULL;
     tGATTS_ATTR_CONTROL *p_control = NULL;
 
     if(p_msg->api_add_char.attr_val.attr_max_len != 0){
@@ -665,17 +665,18 @@ void bta_gatts_indicate_handle (tBTA_GATTS_CB *p_cb, tBTA_GATTS_DATA *p_msg)
                                     &gatt_if, remote_bda, &transport)) {
             p_rcb = bta_gatts_find_app_rcb_by_app_if(gatt_if);
 
-            if (p_msg->api_indicate.need_confirm)
+            if (p_msg->api_indicate.need_confirm) {
 
                 status = GATTS_HandleValueIndication (p_msg->api_indicate.hdr.layer_specific,
                                                       p_msg->api_indicate.attr_id,
                                                       p_msg->api_indicate.len,
                                                       p_msg->api_indicate.value);
-            else
+            } else {
                 status = GATTS_HandleValueNotification (p_msg->api_indicate.hdr.layer_specific,
                                                         p_msg->api_indicate.attr_id,
                                                         p_msg->api_indicate.len,
                                                         p_msg->api_indicate.value);
+            }
 
             /* if over BR_EDR, inform PM for mode change */
             if (transport == BTA_TRANSPORT_BR_EDR) {
@@ -691,16 +692,23 @@ void bta_gatts_indicate_handle (tBTA_GATTS_CB *p_cb, tBTA_GATTS_DATA *p_msg)
                 p_rcb && p_cb->rcb[p_srvc_cb->rcb_idx].p_cback) {
             cb_data.req_data.status = status;
             cb_data.req_data.conn_id = p_msg->api_indicate.hdr.layer_specific;
+            cb_data.req_data.value = NULL;
+            cb_data.req_data.data_len = 0;
             cb_data.req_data.handle = p_msg->api_indicate.attr_id;
 
-            cb_data.req_data.value = (uint8_t *)osi_malloc(p_msg->api_indicate.len);
-            if (cb_data.req_data.value != NULL){
-                memset(cb_data.req_data.value, 0, p_msg->api_indicate.len);
-                cb_data.req_data.data_len = p_msg->api_indicate.len;
-                memcpy(cb_data.req_data.value, p_msg->api_indicate.value, p_msg->api_indicate.len);
-            }else{
-                cb_data.req_data.data_len = 0;
-                APPL_TRACE_ERROR("%s, malloc failed", __func__);
+            if (p_msg->api_indicate.value && (p_msg->api_indicate.len > 0)) {
+                cb_data.req_data.value = (uint8_t *) osi_malloc(p_msg->api_indicate.len);
+                if (cb_data.req_data.value != NULL) {
+                    memset(cb_data.req_data.value, 0, p_msg->api_indicate.len);
+                    cb_data.req_data.data_len = p_msg->api_indicate.len;
+                    memcpy(cb_data.req_data.value, p_msg->api_indicate.value, p_msg->api_indicate.len);
+                } else {
+                    APPL_TRACE_ERROR("%s, malloc failed", __func__);
+                }
+            } else {
+                if (p_msg->api_indicate.value) {
+                    APPL_TRACE_ERROR("%s, incorrect length", __func__);
+                }
             }
             (*p_rcb->p_cback)(BTA_GATTS_CONF_EVT, &cb_data);
             if (cb_data.req_data.value != NULL) {
@@ -851,13 +859,13 @@ void bta_gatts_send_service_change_indication (tBTA_GATTS_DATA *p_msg)
         memcpy(bd_addr, p_msg->api_send_service_change.remote_bda, BD_ADDR_LEN);
         status = GATT_SendServiceChangeIndication(bd_addr);
     } else {
-        status = GATT_SendServiceChangeIndication(NULL);    
+        status = GATT_SendServiceChangeIndication(NULL);
     }
     if (p_rcb && p_rcb->p_cback) {
         service_change.status = status;
         service_change.server_if = p_msg->api_send_service_change.server_if;
         (*p_rcb->p_cback)(BTA_GATTS_SEND_SERVICE_CHANGE_EVT,  (tBTA_GATTS *)&service_change);
-    }   
+    }
 }
 
 /*******************************************************************************
@@ -933,7 +941,7 @@ static void bta_gatts_send_request_cback (UINT16 conn_id,
             cb_data.req_data.p_data     = (tBTA_GATTS_REQ_DATA *)p_data;
 
             if(req_type == BTA_GATTS_CONF_EVT) {
-               cb_data.req_data.handle =  p_data->handle; 
+               cb_data.req_data.handle =  p_data->handle;
             }
             (*p_rcb->p_cback)(req_type,  &cb_data);
         } else {

components/bt/bluedroid/bta/hf_client/bta_hf_client_at.c

@@ -1159,6 +1159,7 @@ static char *bta_hf_client_skip_unknown(char *buffer)
     buffer = tmp + 2;
 
     APPL_TRACE_DEBUG("%s %.*s", __FUNCTION__, buffer - start - 2, start);
+    UNUSED(start);
 
     return buffer;
 }

components/bt/bluedroid/bta/hf_client/bta_hf_client_sco.c

@@ -308,6 +308,7 @@ static void bta_hf_client_sco_disc_cback(UINT16 sco_idx)
 #if (BTM_SCO_HCI_INCLUDED == TRUE )
         tBTM_STATUS status = BTM_ConfigScoPath(BTM_SCO_ROUTE_PCM, NULL, NULL, TRUE);
         APPL_TRACE_DEBUG("%s close config status = %d", __FUNCTION__, status);
+        UNUSED(status);
         /* SCO clean up here */
         bta_hf_client_sco_co_close();
 #endif

components/bt/bluedroid/bta/hh/bta_hh_act.c

@@ -101,8 +101,10 @@ void bta_hh_api_enable(tBTA_HH_DATA *p_data)
         bta_hh_le_enable();
     } else
 #endif
+    {
         /* signal BTA call back event */
         (* bta_hh_cb.p_cback)(BTA_HH_ENABLE_EVT, (tBTA_HH *)&status);
+    }
 }
 /*******************************************************************************
 **
@@ -901,7 +903,9 @@ void bta_hh_get_dscp_act(tBTA_HH_DEV_CB *p_cb, tBTA_HH_DATA *p_data)
         bta_hh_le_get_dscp_act(p_cb);
     } else
 #endif
+    {
         (*bta_hh_cb.p_cback)(BTA_HH_GET_DSCP_EVT, (tBTA_HH *)&p_cb->dscp_info);
+    }
 }
 
 /*******************************************************************************
@@ -934,11 +938,10 @@ void bta_hh_maint_dev_act(tBTA_HH_DEV_CB *p_cb, tBTA_HH_DATA *p_data)
                 dev_info.status   = BTA_HH_OK;
             } else
 #endif
-
+            {
                 if (HID_HostAddDev(p_dev_info->bda, p_dev_info->attr_mask, &dev_handle)\
                         == HID_SUCCESS) {
                     dev_info.handle   = dev_handle;
-                    dev_info.status   = BTA_HH_OK;
 
 #if (defined BTA_HH_LE_INCLUDED && BTA_HH_LE_INCLUDED == TRUE)
                     /* update DI information */
@@ -966,6 +969,7 @@ void bta_hh_maint_dev_act(tBTA_HH_DEV_CB *p_cb, tBTA_HH_DATA *p_data)
                     /* update cb_index[] map */
                     bta_hh_cb.cb_index[dev_handle] = p_cb->index;
                 }
+            }
         } else { /* device already been added */
             dev_info.handle = p_cb->hid_handle;
             dev_info.status = BTA_HH_OK;

components/bt/bluedroid/bta/hh/bta_hh_le.c

@@ -2183,9 +2183,10 @@ void bta_hh_le_write_char_descr_cmpl(tBTA_HH_DEV_CB *p_dev_cb, tBTA_HH_DATA *p_b
         case GATT_UUID_HID_BT_KB_INPUT:
         case GATT_UUID_HID_BT_MOUSE_INPUT:
         case GATT_UUID_HID_REPORT:
-            if (p_data->status == BTA_GATT_OK)
+            if (p_data->status == BTA_GATT_OK) {
                 p_dev_cb->hid_srvc[hid_inst_id].report[p_dev_cb->clt_cfg_idx].client_cfg_value =
                     BTA_GATT_CLT_CONFIG_NOTIFICATION;
+            }
             p_dev_cb->clt_cfg_idx ++;
             bta_hh_le_write_rpt_clt_cfg(p_dev_cb, hid_inst_id);
 

components/bt/bluedroid/bta/hh/bta_hh_utils.c

@@ -75,11 +75,12 @@ UINT8  bta_hh_find_cb(BD_ADDR bda)
             return xx;
         }
 #if BTA_HH_DEBUG
-        else
+        else {
             APPL_TRACE_DEBUG("in_use ? [%d] kdev[%d].hid_handle = %d state = [%d]",
                              bta_hh_cb.kdev[xx].in_use, xx,
                              bta_hh_cb.kdev[xx].hid_handle,
                              bta_hh_cb.kdev[xx].state);
+        }
 #endif
     }
 
@@ -123,7 +124,9 @@ void bta_hh_clean_up_kdev(tBTA_HH_DEV_CB *p_cb)
             bta_hh_cb.le_cb_index[BTA_HH_GET_LE_CB_IDX(p_cb->hid_handle)] = BTA_HH_IDX_INVALID;
         } else
 #endif
+        {
             bta_hh_cb.cb_index[p_cb->hid_handle] = BTA_HH_IDX_INVALID;
+        }
     }
 
     /* reset device control block */
@@ -486,11 +489,12 @@ UINT8 bta_hh_dev_handle_to_cb_idx(UINT8 dev_handle)
 #endif
     } else
 #endif
+    {
         /* regular HID device checking */
         if (dev_handle < BTA_HH_MAX_KNOWN ) {
             index = bta_hh_cb.cb_index[dev_handle];
         }
-
+    }
     return index;
 
 }

components/bt/bluedroid/bta/include/bta/bta_api.h

@@ -399,6 +399,8 @@ typedef struct {
     UINT8                   tx_power;
 } tBTA_BLE_ADV_DATA;
 
+typedef void (tBTA_UPDATE_DUPLICATE_EXCEPTIONAL_LIST_CMPL_CBACK) (tBTA_STATUS status, uint8_t subcode, uint32_t length, uint8_t *device_info);
+
 typedef void (tBTA_SET_ADV_DATA_CMPL_CBACK) (tBTA_STATUS status);
 
 typedef tBTM_START_ADV_CMPL_CBACK tBTA_START_ADV_CMPL_CBACK;
@@ -1022,6 +1024,7 @@ typedef struct {
 #define BTA_DM_DISC_CMPL_EVT            4       /* Discovery complete. */
 #define BTA_DM_DI_DISC_CMPL_EVT         5       /* Discovery complete. */
 #define BTA_DM_SEARCH_CANCEL_CMPL_EVT   6       /* Search cancelled */
+#define BTA_DM_INQ_DISCARD_NUM_EVT      7       /* The number of inquiry discarded packets */
 
 typedef UINT8 tBTA_DM_SEARCH_EVT;
 
@@ -1053,6 +1056,11 @@ typedef struct {
     UINT8           num_resps;          /* Number of inquiry responses. */
 } tBTA_DM_INQ_CMPL;
 
+/* Structure associated with BTA_DM_INQ_DISCARD_NUM_EVT */
+typedef struct {
+    UINT32           num_dis;          /* The number of inquiry discarded packets. */
+} tBTA_DM_INQ_DISCARD;
+
 /* Structure associated with BTA_DM_DI_DISC_CMPL_EVT */
 typedef struct {
     BD_ADDR             bd_addr;        /* BD address peer device. */
@@ -1090,6 +1098,7 @@ typedef union {
     tBTA_DM_DISC_RES    disc_res;       /* Discovery result for a peer device. */
     tBTA_DM_DISC_BLE_RES    disc_ble_res;   /* Discovery result for GATT based service */
     tBTA_DM_DI_DISC_CMPL    di_disc;        /* DI discovery result for a peer device */
+    tBTA_DM_INQ_DISCARD     inq_dis;       /* the discarded packets information of inquiry */
 } tBTA_DM_SEARCH;
 
 /* Structure of search callback event and structures */
@@ -1616,6 +1625,22 @@ extern void BTA_DmPinReply(BD_ADDR bd_addr, BOOLEAN accept, UINT8 pin_len,
 **
 *******************************************************************************/
 extern void BTA_DmLocalOob(void);
+
+/*******************************************************************************
+**
+** Function         BTA_DmOobReply
+**
+**                  This function is called to provide the OOB data for
+**                  SMP in response to BTM_LE_OOB_REQ_EVT
+**
+** Parameters:      bd_addr     - Address of the peer device
+**                  len         - length of simple pairing Randomizer  C
+**                  p_value     - simple pairing Randomizer  C.
+**
+** Returns          void
+**
+*******************************************************************************/
+extern void BTA_DmOobReply(BD_ADDR bd_addr, UINT8 len, UINT8 *p_value);
 #endif /* BTM_OOB_INCLUDED */
 
 /*******************************************************************************
@@ -2206,6 +2231,22 @@ extern void BTA_DmBleSetAdvConfig (tBTA_BLE_AD_MASK data_mask,
 extern void BTA_DmBleSetAdvConfigRaw (UINT8 *p_raw_adv, UINT32 raw_adv_len,
                             tBTA_SET_ADV_DATA_CMPL_CBACK *p_adv_data_cback);
 
+/*******************************************************************************
+**
+** Function         BTA_DmBleSetLongAdv
+**
+** Description      This function is called to set long Advertising data
+**
+** Parameters       adv_data : long advertising data.
+**                  adv_data_len : long advertising data length.
+**                  p_adv_data_cback : set long adv data complete callback.
+**
+** Returns          None
+**
+*******************************************************************************/
+void BTA_DmBleSetLongAdv (UINT8 *adv_data, UINT32 adv_data_len,
+                            tBTA_SET_ADV_DATA_CMPL_CBACK *p_adv_data_cback);
+
 /*******************************************************************************
 **
 ** Function         BTA_DmBleSetScanRsp
@@ -2237,6 +2278,24 @@ extern void BTA_DmBleSetScanRsp (tBTA_BLE_AD_MASK data_mask,
 extern void BTA_DmBleSetScanRspRaw (UINT8 *p_raw_scan_rsp, UINT32 raw_scan_rsp_len,
                                     tBTA_SET_ADV_DATA_CMPL_CBACK *p_scan_rsp_data_cback);
 
+/*******************************************************************************
+**
+** Function         BTA_DmUpdateDuplicateExceptionalList
+**
+** Description      This function is called to update duplicate scan exceptional list
+**
+** Parameters       subcode : add, remove or clean duplicate scan exceptional list.
+**                  type : device info type.
+**                  device_info:  device info
+**                  p_update_duplicate_ignore_list_cback :  update complete callback.
+**
+** Returns          None
+**
+*******************************************************************************/
+extern void BTA_DmUpdateDuplicateExceptionalList(UINT8 subcode, UINT32 type, 
+                                                BD_ADDR device_info, 
+                                                tBTA_UPDATE_DUPLICATE_EXCEPTIONAL_LIST_CMPL_CBACK p_update_duplicate_exceptional_list_cback);
+
 /*******************************************************************************
 **
 ** Function         BTA_DmBleBroadcast

components/bt/bluedroid/bta/include/bta/bta_dm_co.h

@@ -205,9 +205,13 @@ extern void bta_dm_co_ble_set_rsp_key_req(UINT8 rsp_key);
 
 extern void bta_dm_co_ble_set_max_key_size(UINT8 ble_key_size);
 
+extern void bta_dm_co_ble_set_min_key_size(UINT8 ble_key_size);
+
 extern void bta_dm_co_ble_set_accept_auth_enable(UINT8 enable);
 
 extern UINT8 bta_dm_co_ble_get_accept_auth_enable(void);
 
 extern UINT8 bta_dm_co_ble_get_auth_req(void);
+
+extern void bta_dm_co_ble_oob_support(UINT8 enable);
 #endif

components/bt/bluedroid/bta/include/bta/bta_gatt_common.h

@@ -31,6 +31,8 @@ extern "C"
 
 extern void BTA_GATT_SetLocalMTU(uint16_t mtu);
 
+extern uint16_t BTA_GATT_GetLocalMTU(void);
+
 #ifdef __cplusplus
 }
 #endif

components/bt/bluedroid/bta/jv/bta_jv_act.c

@@ -26,6 +26,7 @@
 #include <stdlib.h>
 
 #include "osi/allocator.h"
+#include "osi/osi.h"
 #include "stack/bt_types.h"
 #include "bta/utl.h"
 #include "bta/bta_sys.h"
@@ -137,7 +138,7 @@ UINT8 bta_jv_alloc_sec_id(void)
     return ret;
 
 }
-static int get_sec_id_used(void)
+UNUSED_ATTR static int get_sec_id_used(void)
 {
     int i;
     int used = 0;
@@ -146,12 +147,13 @@ static int get_sec_id_used(void)
             used++;
         }
     }
-    if (used == BTA_JV_NUM_SERVICE_ID)
+    if (used == BTA_JV_NUM_SERVICE_ID) {
         APPL_TRACE_ERROR("get_sec_id_used, sec id exceeds the limit:%d",
                          BTA_JV_NUM_SERVICE_ID);
+    }
     return used;
 }
-static int get_rfc_cb_used(void)
+UNUSED_ATTR static int get_rfc_cb_used(void)
 {
     int i;
     int used = 0;
@@ -160,9 +162,10 @@ static int get_rfc_cb_used(void)
             used++;
         }
     }
-    if (used == BTA_JV_MAX_RFC_CONN)
+    if (used == BTA_JV_MAX_RFC_CONN) {
         APPL_TRACE_ERROR("get_sec_id_used, rfc ctrl block exceeds the limit:%d",
                          BTA_JV_MAX_RFC_CONN);
+    }
     return used;
 }
 
@@ -474,19 +477,21 @@ static tBTA_JV_STATUS bta_jv_free_set_pm_profile_cb(UINT32 jv_handle)
                         < BTA_JV_MAX_RFC_SR_SESSION && bta_jv_cb.rfc_cb[hi].rfc_hdl[si]) {
                     tBTA_JV_PCB *p_pcb = bta_jv_rfc_port_to_pcb(bta_jv_cb.rfc_cb[hi].rfc_hdl[si]);
                     if (p_pcb) {
-                        if (NULL == p_pcb->p_pm_cb)
+                        if (NULL == p_pcb->p_pm_cb) {
                             APPL_TRACE_WARNING("%s(jv_handle:"
                                                " 0x%x):port_handle: 0x%x, p_pm_cb: %d: no link to "
                                                "pm_cb?", __func__, jv_handle, p_pcb->port_handle, i);
+                        }
                         p_cb = &p_pcb->p_pm_cb;
                     }
                 }
             } else {
                 if (jv_handle < BTA_JV_MAX_L2C_CONN) {
                     tBTA_JV_L2C_CB *p_l2c_cb = &bta_jv_cb.l2c_cb[jv_handle];
-                    if (NULL == p_l2c_cb->p_pm_cb)
+                    if (NULL == p_l2c_cb->p_pm_cb) {
                         APPL_TRACE_WARNING("%s(jv_handle: "
                                            "0x%x): p_pm_cb: %d: no link to pm_cb?", __func__, jv_handle, i);
+                    }
                     p_cb = &p_l2c_cb->p_pm_cb;
                 }
             }
@@ -742,9 +747,10 @@ void bta_jv_get_channel_id(tBTA_JV_MSG *p_data)
             bta_jv_cb.scn[channel - 1] = TRUE;
             scn = (UINT8) channel;
         }
-        if (bta_jv_cb.p_dm_cback)
+        if (bta_jv_cb.p_dm_cback) {
             bta_jv_cb.p_dm_cback(BTA_JV_GET_SCN_EVT, (tBTA_JV *)&scn,
                                  p_data->alloc_channel.user_data);
+        }
         return;
     }
     case BTA_JV_CONN_TYPE_L2CAP:
@@ -998,6 +1004,9 @@ static bool create_base_record(const uint32_t sdp_handle, const char *name, cons
     APPL_TRACE_DEBUG("create_base_record: successfully created base service "
                    "record, handle: 0x%08x, scn: %d, name: %s, with_obex: %d",
                    sdp_handle, channel, name, with_obex);
+
+    UNUSED(stage);
+
     return TRUE;
 }
 
@@ -1031,6 +1040,8 @@ static int add_spp_sdp(const char *name, const int channel) {
 
     APPL_TRACE_DEBUG("add_spp_sdp: service registered successfully, "
                    "service_name: %s, handle 0x%08x)", name, handle);
+    UNUSED(stage);
+
     return handle;
 }
 
@@ -1523,6 +1534,7 @@ static int bta_jv_port_data_co_cback(UINT16 port_handle, UINT8 *buf, UINT16 len,
     tBTA_JV_PCB     *p_pcb = bta_jv_rfc_port_to_pcb(port_handle);
     int ret = 0;
     APPL_TRACE_DEBUG("%s, p_cb:%p, p_pcb:%p, len:%d, type:%d", __func__, p_cb, p_pcb, len, type);
+    UNUSED(p_cb);
     if (p_pcb != NULL) {
         switch (type) {
         case DATA_CO_CALLBACK_TYPE_INCOMING:

components/bt/bluedroid/btc/core/btc_ble_storage.c

@@ -750,7 +750,9 @@ static void _btc_read_le_key(const uint8_t key_type, const size_t key_len, bt_bd
                 *device_added = true;
             }
 
+#if (!CONFIG_BT_STACK_NO_LOG)
             char bd_str[20] = {0};
+#endif
             BTC_TRACE_DEBUG("%s() Adding key type %d for %s", __func__,
                 key_type, bdaddr_to_string(&bd_addr, bd_str, sizeof(bd_str)));
             BTA_DmAddBleKey(bta_bd_addr, (tBTA_LE_KEY_VALUE *)buffer, key_type);

components/bt/bluedroid/btc/core/btc_dm.c

@@ -290,6 +290,9 @@ static void btc_dm_ble_auth_cmpl_evt (tBTA_DM_AUTH_CMPL *p_auth_cmpl)
 
     }
 
+#if (CONFIG_BT_STACK_NO_LOG)
+    (void) status;
+#endif
     BTC_TRACE_DEBUG("%s, authentication status = %x", __func__, status);
     return;
 

components/bt/bluedroid/btc/profile/esp/blufi/blufi_prf.c

@@ -170,6 +170,14 @@ static void blufi_profile_cb(tBTA_GATTS_EVT event, tBTA_GATTS *p_data)
             BTA_GATTS_SendRsp(p_data->req_data.conn_id, p_data->req_data.trans_id,
                           status, &rsp);
 
+            if(status != GATT_SUCCESS) {
+                if (blufi_env.prepare_buf) {
+                    osi_free(blufi_env.prepare_buf);
+                    blufi_env.prepare_buf = NULL;
+                }
+                BLUFI_TRACE_ERROR("write data error , error code 0x%x\n", status);
+                return;
+            }
             memcpy(blufi_env.prepare_buf + p_data->req_data.p_data->write_req.offset,
                    p_data->req_data.p_data->write_req.value,
                    p_data->req_data.p_data->write_req.len);
@@ -194,7 +202,7 @@ static void blufi_profile_cb(tBTA_GATTS_EVT event, tBTA_GATTS *p_data)
         BTA_GATTS_SendRsp(p_data->req_data.conn_id, p_data->req_data.trans_id,
                     GATT_SUCCESS, NULL);
 
-        if (p_data->req_data.p_data->exec_write == GATT_PREP_WRITE_EXEC) {
+        if (blufi_env.prepare_buf && p_data->req_data.p_data->exec_write == GATT_PREP_WRITE_EXEC) {
             btc_blufi_recv_handler(blufi_env.prepare_buf, blufi_env.prepare_len);
         }
 

components/bt/bluedroid/btc/profile/std/a2dp/btc_a2dp_control.c

@@ -117,7 +117,7 @@ void btc_a2dp_control_media_ctrl(esp_a2d_media_ctrl_t ctrl)
     APPL_TRACE_DEBUG("BTC MEDIA (A2DP-DATA) EVENT %u", ctrl);
 
     if (btc_aa_ctrl_cb.a2dp_cmd_pending != ESP_A2D_MEDIA_CTRL_NONE) {
-        APPL_TRACE_DEBUG("un-acked a2dp cmd: %u", btc_aa_ctrl_cb.a2dp_cmd_pending);
+        APPL_TRACE_WARNING("un-acked a2dp cmd: %u", btc_aa_ctrl_cb.a2dp_cmd_pending);
         a2dp_cmd_acknowledge(ctrl, ESP_A2D_MEDIA_CTRL_ACK_BUSY);
         return;
     }
@@ -179,6 +179,11 @@ void btc_a2dp_control_media_ctrl(esp_a2d_media_ctrl_t ctrl)
         /* local suspend */
         if (btc_av_stream_started_ready()) {
             btc_dispatch_sm_event(BTC_AV_SUSPEND_STREAM_REQ_EVT, NULL, 0);
+#if (BTC_AV_SINK_INCLUDED == TRUE)
+            if (btc_av_get_peer_sep() == AVDT_TSEP_SRC && btc_av_get_service_id() == BTA_A2DP_SINK_SERVICE_ID) {
+                btc_a2dp_control_command_ack(ESP_A2D_MEDIA_CTRL_ACK_SUCCESS);
+            }
+#endif
         } else {
             /* we are not in started state; just ack back ok. This can happen if we are
                remotely suspended; clear REMOTE SUSPEND Flag */

components/bt/bluedroid/btc/profile/std/a2dp/btc_a2dp_sink.c

@@ -615,6 +615,7 @@ static void btc_a2dp_sink_handle_decoder_reset(tBTC_MEDIA_SINK_CFG_UPDATE *p_msg
 
     int frames_to_process = ((freq_multiple) / (num_blocks * num_subbands)) + 1;
     APPL_TRACE_EVENT(" Frames to be processed in 20 ms %d\n", frames_to_process);
+    UNUSED(frames_to_process);
 }
 
 /*******************************************************************************
@@ -827,6 +828,8 @@ static void btc_a2dp_sink_thread_cleanup(UNUSED_ATTR void *context)
 
     fixed_queue_free(btc_aa_snk_cb.RxSbcQ, osi_free_func);
 
+    btc_aa_snk_cb.RxSbcQ = NULL;
+
     future_ready(btc_a2dp_sink_future, NULL);
 }