mirror of
https://github.com/apache/nuttx.git
synced 2026-05-21 21:34:07 +08:00
arch/risc-v: flash encryption support for ESP32-C3|C6|H2
Add Kconfig option to enable flash encryption. Default E-Fuse state is now VIRTUAL. Modifies SPI Flash driver for encrypted operation. Limitations: - Requires MCUBoot - Flash fully encrypted (no unencrypted MTD part. support) Signed-off-by: Filipe Cavalcanti <filipe.cavalcanti@espressif.com>
This commit is contained in:
Filipe Cavalcanti
committed by
simbit18
simbit18
parent
846f86e011
commit
0835b345e8
@@ -46,7 +46,7 @@ ifndef MCUBOOT_URL
|
||||
endif
|
||||
|
||||
ifndef ESP_HAL_3RDPARTY_VERSION_FOR_MCUBOOT
|
||||
ESP_HAL_3RDPARTY_VERSION_FOR_MCUBOOT = 3f02f2139e79ddc60f98ca35ed65c62c6914f079
|
||||
ESP_HAL_3RDPARTY_VERSION_FOR_MCUBOOT = 911dbec8e4a92e70056b58a3d2b0d965b8b7bcc9
|
||||
endif
|
||||
|
||||
# Helpers for creating the configuration file
|
||||
@@ -94,6 +94,11 @@ ifeq ($(CONFIG_ESPRESSIF_BOOTLOADER_MCUBOOT),y)
|
||||
$(if $(CONFIG_UART0_SERIAL_CONSOLE),$(call cfg_val,CONFIG_ESP_CONSOLE_ROM_SERIAL_PORT_NUM,0)) \
|
||||
$(if $(CONFIG_UART1_SERIAL_CONSOLE),$(call cfg_val,CONFIG_ESP_CONSOLE_ROM_SERIAL_PORT_NUM,1)) \
|
||||
$(if $(CONFIG_ESPRESSIF_USBSERIAL),$(call cfg_val,CONFIG_ESP_CONSOLE_UART_NUM,0)) \
|
||||
$(if $(CONFIG_ESPRESSIF_SECURE_FLASH_ENC_ENABLED),$(call cfg_en,CONFIG_SECURE_FLASH_ENC_ENABLED)) \
|
||||
$(if $(CONFIG_ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT),$(call cfg_en,CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT)) \
|
||||
$(if $(CONFIG_ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC),$(call cfg_en,CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC)) \
|
||||
$(if $(CONFIG_ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC),$(call cfg_en,CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC)) \
|
||||
$(if $(CONFIG_ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE),$(call cfg_en,CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE)) \
|
||||
$(call cfg_val,CONFIG_BOOTLOADER_LOG_LEVEL,3) \
|
||||
} >> $(BOOTLOADER_CONFIG)
|
||||
ifeq ($(CONFIG_ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH),y)
|
||||
|
||||
@@ -146,7 +146,7 @@ config ESPRESSIF_BOOTLOADER_MCUBOOT
|
||||
config ESPRESSIF_MCUBOOT_VERSION
|
||||
string "MCUboot version"
|
||||
depends on ESPRESSIF_BOOTLOADER_MCUBOOT
|
||||
default "aa4fa2b6e17361dd3ce16a60883059778fd147a9"
|
||||
default "8a07053d42e592c85cb35b79c4de1b7749943387"
|
||||
|
||||
choice ESPRESSIF_ESPTOOL_TARGET_SLOT
|
||||
prompt "Target slot for image flashing"
|
||||
@@ -225,6 +225,82 @@ config ESPRESSIF_OTA_SCRATCH_DEVPATH
|
||||
|
||||
endif # ESPRESSIF_HAVE_OTA_PARTITION
|
||||
|
||||
config ESPRESSIF_SECURE_FLASH_ENC_ENABLED
|
||||
bool "Enable Flash Encryption on boot (READ DOCS FIRST)"
|
||||
default n
|
||||
depends on ESPRESSIF_BOOTLOADER_MCUBOOT
|
||||
select ESPRESSIF_EFUSE
|
||||
---help---
|
||||
If this option is set, flash contents will be encrypted by the bootloader on first boot.
|
||||
|
||||
Note: After first boot, the system will be permanently encrypted. Re-flashing an encrypted
|
||||
system is complicated and not always possible.
|
||||
|
||||
Read https://docs.espressif.com/projects/esp-idf/en/latest/security/flash-encryption.html
|
||||
before enabling.
|
||||
|
||||
Note: enabling this option will automatically select ESPRESSIF_EFUSE and ESPRESSIF_EFUSE_VIRTUAL,
|
||||
as a mean to avoid accidental burning of the E-Fuses.
|
||||
|
||||
if ESPRESSIF_SECURE_FLASH_ENC_ENABLED
|
||||
|
||||
config ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
|
||||
bool "Leave UART bootloader encryption enabled"
|
||||
depends on ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
|
||||
default n
|
||||
help
|
||||
If not set (default), the bootloader will permanently disable UART bootloader encryption access on
|
||||
first boot. If set, the UART bootloader will still be able to access hardware encryption.
|
||||
|
||||
It is recommended to only set this option in testing environments.
|
||||
|
||||
config ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC
|
||||
bool "Leave UART bootloader decryption enabled"
|
||||
default n
|
||||
depends on ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
|
||||
---help---
|
||||
If not set (default), the bootloader will permanently disable UART bootloader decryption access on
|
||||
first boot. If set, the UART bootloader will still be able to access hardware decryption.
|
||||
|
||||
Only set this option in testing environments. Setting this option allows complete bypass of flash
|
||||
encryption.
|
||||
|
||||
config ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE
|
||||
bool "Leave UART bootloader flash cache enabled"
|
||||
default n
|
||||
depends on ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
|
||||
---help---
|
||||
If not set (default), the bootloader will permanently disable UART bootloader flash cache access on
|
||||
first boot. If set, the UART bootloader will still be able to access the flash cache.
|
||||
|
||||
Only set this option in testing environments.
|
||||
|
||||
choice ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE
|
||||
bool "Enable usage mode"
|
||||
default ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
|
||||
---help---
|
||||
By default, Development mode is enabled which allows ROM download mode to perform Flash Encryption
|
||||
operations (plaintext is sent to the device, and it encrypts it internally and writes ciphertext
|
||||
to flash). This mode is not secure, it's possible for an attacker to write their own chosen plaintext
|
||||
to flash.
|
||||
|
||||
Release mode should always be selected for production or manufacturing. Once enabled it's no longer
|
||||
possible for the device in ROM Download Mode to use the Flash Encryption hardware.
|
||||
|
||||
Refer to the Flash Encryption section of the ESP-IDF Programmer's Guide for details:
|
||||
https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/flash-encryption.html#flash-encryption-configuration
|
||||
|
||||
config ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
|
||||
bool "Development (NOT SECURE)"
|
||||
select ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
|
||||
|
||||
config ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
|
||||
bool "Release"
|
||||
|
||||
endchoice
|
||||
|
||||
endif # ESPRESSIF_SECURE_FLASH_ENC_ENABLED
|
||||
|
||||
endmenu # Bootloader and Image Configuration
|
||||
|
||||
menu "LP Core (Low-power core) Coprocessor Configuration"
|
||||
@@ -952,7 +1028,7 @@ config ESPRESSIF_EFUSE
|
||||
config ESPRESSIF_EFUSE_VIRTUAL
|
||||
bool "Virtual E-Fuses support"
|
||||
depends on ESPRESSIF_EFUSE
|
||||
default n
|
||||
default y
|
||||
---help---
|
||||
Enable virtual E-Fuse support to simulate E-Fuse operations in RAM.
|
||||
Changes will be reverted each reboot unless enabling ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH.
|
||||
@@ -960,6 +1036,7 @@ config ESPRESSIF_EFUSE_VIRTUAL
|
||||
config ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH
|
||||
bool "Keep E-Fuses in flash"
|
||||
depends on ESPRESSIF_EFUSE_VIRTUAL
|
||||
default y
|
||||
---help---
|
||||
In addition to the "Virtual E-Fuses support" option, this option just adds
|
||||
a feature to keep E-Fuses after reboots in flash memory.
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -112,7 +112,6 @@ ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.newlib.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.phy.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.pp.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.spiflash.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.version.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.wdt.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.heap.ld
|
||||
@@ -122,6 +121,9 @@ ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)
|
||||
ifeq ($(CONFIG_ESPRESSIF_USE_LP_CORE),y)
|
||||
ARCHSCRIPT += $(TOPDIR)$(DELIM)arch$(DELIM)$(CONFIG_ARCH)$(DELIM)src$(DELIM)board$(DELIM)scripts$(DELIM)ulp_aliases.ld
|
||||
endif
|
||||
ifeq ($(CONFIG_ESPRESSIF_SPI_FLASH_USE_ROM_CODE),y)
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.spiflash.ld
|
||||
endif
|
||||
|
||||
# Source files
|
||||
|
||||
|
||||
@@ -96,13 +96,15 @@ ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.libgcc.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.newlib.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.spiflash.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.systimer.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.version.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.wdt.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)riscv$(DELIM)ld$(DELIM)rom.api.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)soc$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).peripherals.ld
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.heap.ld
|
||||
ifeq ($(CONFIG_ESPRESSIF_SPI_FLASH_USE_ROM_CODE),y)
|
||||
ARCHSCRIPT += $(ARCH_SRCDIR)$(DELIM)chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)$(CHIP_SERIES)$(DELIM)ld$(DELIM)$(CHIP_SERIES).rom.spiflash.ld
|
||||
endif
|
||||
|
||||
# Source files
|
||||
|
||||
|
||||
@@ -101,7 +101,11 @@ ifeq ($(CONFIG_ESPRESSIF_BOOTLOADER_MCUBOOT),y)
|
||||
|
||||
APP_IMAGE := nuttx.bin
|
||||
FLASH_APP := $(APP_OFFSET) $(APP_IMAGE)
|
||||
ifeq ($(CONFIG_ESPRESSIF_SECURE_FLASH_ENC_ENABLED),y)
|
||||
IMGTOOL_ALIGN_ARGS := --align 32 --max-align 32
|
||||
else
|
||||
IMGTOOL_ALIGN_ARGS := --align 4
|
||||
endif
|
||||
IMGTOOL_SIGN_ARGS := --pad $(VERIFIED) $(IMGTOOL_ALIGN_ARGS) -v $(CONFIG_ESPRESSIF_MCUBOOT_SIGN_IMAGE_VERSION) -s auto \
|
||||
-H $(CONFIG_ESPRESSIF_APP_MCUBOOT_HEADER_SIZE) --pad-header \
|
||||
-S $(CONFIG_ESPRESSIF_OTA_SLOT_SIZE)
|
||||
|
||||
Reference in New Issue
Block a user