mirror of
https://github.com/apache/nuttx.git
synced 2026-06-02 17:48:54 +08:00
arch/xtensa: flash encryption support for ESP32|S2|S3
Deprecates ESP32_STORAGE_MTD_ENCRYPT and ESP32_OTA_PARTITION_ENCRYPT options. Add ESPRESSIF_SECURE_FLASH_ENC_ENABLED Kconfig option. Updates SPI Flash driver to handle encryption automatically. Signed-off-by: Filipe Cavalcanti <filipe.cavalcanti@espressif.com>
This commit is contained in:
Filipe Cavalcanti
committed by
simbit18
simbit18
parent
0835b345e8
commit
3a74b82e09
@@ -51,13 +51,14 @@ config ESPRESSIF_EFUSE
|
||||
config ESPRESSIF_EFUSE_VIRTUAL
|
||||
bool "Virtual EFUSE support"
|
||||
depends on ESPRESSIF_EFUSE
|
||||
default n
|
||||
default y
|
||||
---help---
|
||||
Enable virtual efuse support to simulate eFuse operations in RAM, changes will be reverted each reboot.
|
||||
|
||||
config ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH
|
||||
bool "Keep E-Fuses in flash"
|
||||
depends on ESPRESSIF_EFUSE_VIRTUAL
|
||||
default y
|
||||
---help---
|
||||
In addition to the "Virtual E-Fuses support" option, this option just adds
|
||||
a feature to keep E-Fuses after reboots in flash memory.
|
||||
@@ -386,6 +387,79 @@ config ESPRESSIF_BOOTLOADER_MCUBOOT
|
||||
---help---
|
||||
Enables the Espressif port of MCUboot to be used as 2nd stage bootloader.
|
||||
|
||||
config ESPRESSIF_SECURE_FLASH_ENC_ENABLED
|
||||
bool "Enable Flash Encryption on boot (READ DOCS FIRST)"
|
||||
default n
|
||||
depends on ESPRESSIF_BOOTLOADER_MCUBOOT
|
||||
select ESPRESSIF_EFUSE
|
||||
---help---
|
||||
If this option is set, flash contents will be encrypted by the bootloader on first boot.
|
||||
|
||||
Note: After first boot, the system will be permanently encrypted. Re-flashing an encrypted
|
||||
system is complicated and not always possible.
|
||||
|
||||
Read https://docs.espressif.com/projects/esp-idf/en/latest/security/flash-encryption.html
|
||||
before enabling.
|
||||
|
||||
if ESPRESSIF_SECURE_FLASH_ENC_ENABLED
|
||||
|
||||
config ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
|
||||
bool "Leave UART bootloader encryption enabled"
|
||||
depends on ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
|
||||
default n
|
||||
help
|
||||
If not set (default), the bootloader will permanently disable UART bootloader encryption access on
|
||||
first boot. If set, the UART bootloader will still be able to access hardware encryption.
|
||||
|
||||
It is recommended to only set this option in testing environments.
|
||||
|
||||
config ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC
|
||||
bool "Leave UART bootloader decryption enabled"
|
||||
default n
|
||||
depends on ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
|
||||
---help---
|
||||
If not set (default), the bootloader will permanently disable UART bootloader decryption access on
|
||||
first boot. If set, the UART bootloader will still be able to access hardware decryption.
|
||||
|
||||
Only set this option in testing environments. Setting this option allows complete bypass of flash
|
||||
encryption.
|
||||
|
||||
config ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE
|
||||
bool "Leave UART bootloader flash cache enabled"
|
||||
default n
|
||||
depends on ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
|
||||
---help---
|
||||
If not set (default), the bootloader will permanently disable UART bootloader flash cache access on
|
||||
first boot. If set, the UART bootloader will still be able to access the flash cache.
|
||||
|
||||
Only set this option in testing environments.
|
||||
|
||||
choice ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE
|
||||
bool "Enable usage mode"
|
||||
default ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
|
||||
---help---
|
||||
By default, Development mode is enabled which allows ROM download mode to perform Flash Encryption
|
||||
operations (plaintext is sent to the device, and it encrypts it internally and writes ciphertext
|
||||
to flash). This mode is not secure, it's possible for an attacker to write their own chosen plaintext
|
||||
to flash.
|
||||
|
||||
Release mode should always be selected for production or manufacturing. Once enabled it's no longer
|
||||
possible for the device in ROM Download Mode to use the Flash Encryption hardware.
|
||||
|
||||
Refer to the Flash Encryption section of the ESP-IDF Programmer's Guide for details:
|
||||
https://docs.espressif.com/projects/esp-idf/en/latest/esp32/security/flash-encryption.html#flash-encryption-configuration
|
||||
|
||||
config ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT
|
||||
bool "Development (NOT SECURE)"
|
||||
select ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
|
||||
|
||||
config ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
|
||||
bool "Release"
|
||||
|
||||
endchoice
|
||||
|
||||
endif # ESPRESSIF_SECURE_FLASH_ENC_ENABLED
|
||||
|
||||
endmenu # Bootloader and Image Configuration
|
||||
|
||||
menu "LP Core (Low-power core) Coprocessor Configuration"
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -46,7 +46,7 @@ ifndef MCUBOOT_URL
|
||||
endif
|
||||
|
||||
ifndef ESP_HAL_3RDPARTY_VERSION_FOR_MCUBOOT
|
||||
ESP_HAL_3RDPARTY_VERSION_FOR_MCUBOOT = 3f02f2139e79ddc60f98ca35ed65c62c6914f079
|
||||
ESP_HAL_3RDPARTY_VERSION_FOR_MCUBOOT = 911dbec8e4a92e70056b58a3d2b0d965b8b7bcc9
|
||||
endif
|
||||
|
||||
# Helpers for creating the configuration file
|
||||
@@ -124,10 +124,10 @@ ifeq ($(CONFIG_ESP32_APP_FORMAT_MCUBOOT),y)
|
||||
$(if $(CONFIG_UART1_SERIAL_CONSOLE),$(call cfg_val,CONFIG_ESP_CONSOLE_ROM_SERIAL_PORT_NUM,1)) \
|
||||
$(call cfg_en,CONFIG_IDF_TARGET_ARCH_XTENSA) \
|
||||
$(call cfg_val,CONFIG_BOOTLOADER_LOG_LEVEL,3) \
|
||||
$(if $(CONFIG_ESPRESSIF_EFUSE_VIRTUAL),$(call cfg_en,CONFIG_EFUSE_VIRTUAL)) \
|
||||
} >> $(BOOTLOADER_CONFIG)
|
||||
ifeq ($(CONFIG_ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH),y)
|
||||
$(Q) { \
|
||||
$(call cfg_en,CONFIG_EFUSE_VIRTUAL) \
|
||||
$(call cfg_en,CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH) \
|
||||
$(call cfg_val,CONFIG_EFUSE_VIRTUAL_OFFSET,$(CONFIG_ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH_OFFSET)) \
|
||||
$(call cfg_val,CONFIG_EFUSE_VIRTUAL_SIZE,$(CONFIG_ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH_SIZE)) \
|
||||
|
||||
@@ -1830,9 +1830,9 @@ if ESP32_HAVE_OTA_PARTITION
|
||||
comment "Application Image OTA Update support"
|
||||
|
||||
config ESP32_OTA_PARTITION_ENCRYPT
|
||||
bool "Encrypt OTA partitions"
|
||||
default y
|
||||
depends on ESP32_SECURE_FLASH_ENC_ENABLED
|
||||
bool
|
||||
---help---
|
||||
This option is deprecated.
|
||||
|
||||
config ESP32_OTA_PRIMARY_SLOT_OFFSET
|
||||
hex "Application image primary slot offset"
|
||||
@@ -1873,14 +1873,14 @@ if ESP32_SPIFLASH
|
||||
comment "General storage MTD Configuration"
|
||||
|
||||
config ESP32_STORAGE_MTD_ENCRYPT
|
||||
bool "Encrypt Storage MTD partition"
|
||||
default y
|
||||
depends on ESP32_SECURE_FLASH_ENC_ENABLED
|
||||
bool
|
||||
---help---
|
||||
This option is deprecated.
|
||||
|
||||
config ESP32_STORAGE_MTD_OFFSET
|
||||
hex "Storage MTD base address in SPI Flash"
|
||||
default 0x180000 if !ESP32_HAVE_OTA_PARTITION
|
||||
default 0x250000 if ESP32_HAVE_OTA_PARTITION
|
||||
default 0x260000 if ESP32_HAVE_OTA_PARTITION
|
||||
---help---
|
||||
MTD base address in SPI Flash.
|
||||
|
||||
@@ -2794,7 +2794,7 @@ endchoice
|
||||
config ESP32_MCUBOOT_VERSION
|
||||
string "MCUboot version"
|
||||
depends on ESP32_APP_FORMAT_MCUBOOT
|
||||
default "aa4fa2b6e17361dd3ce16a60883059778fd147a9"
|
||||
default "8a07053d42e592c85cb35b79c4de1b7749943387"
|
||||
|
||||
config ESP32_APP_MCUBOOT_HEADER_SIZE
|
||||
int "Application image header size (in bytes)"
|
||||
|
||||
@@ -103,6 +103,8 @@ config ESP32_SECURE_FLASH_ENC_ENABLED
|
||||
bool "Enable Flash Encryption on boot (READ HELP FIRST)"
|
||||
default n
|
||||
depends on ESP32_APP_FORMAT_MCUBOOT
|
||||
select ESPRESSIF_EFUSE
|
||||
select ESPRESSIF_SECURE_FLASH_ENC_ENABLED
|
||||
---help---
|
||||
If this option is set, flash contents will be encrypted by the bootloader on first boot.
|
||||
|
||||
|
||||
@@ -212,7 +212,7 @@ endif
|
||||
|
||||
ESP_HAL_3RDPARTY_REPO = esp-hal-3rdparty
|
||||
ifndef ESP_HAL_3RDPARTY_VERSION
|
||||
ESP_HAL_3RDPARTY_VERSION = 4eed03a15b2678a81dfd1ed0f3bde042b1fdd4c4
|
||||
ESP_HAL_3RDPARTY_VERSION = b9472bd56b916cced7447e25c2b2e1390d7e0d90
|
||||
endif
|
||||
|
||||
ifndef ESP_HAL_3RDPARTY_URL
|
||||
|
||||
@@ -49,6 +49,9 @@
|
||||
#include "espressif/esp_loader.h"
|
||||
#include "espressif/esp_efuse.h"
|
||||
#include "esp_private/startup_internal.h"
|
||||
#include "esp_private/spi_flash_os.h"
|
||||
#include "esp_private/esp_mmu_map_private.h"
|
||||
#include "bootloader_flash_config.h"
|
||||
|
||||
#ifdef CONFIG_ESPRESSIF_SIMPLE_BOOT
|
||||
# include "bootloader_init.h"
|
||||
@@ -193,6 +196,16 @@ static noreturn_function void __esp32_start(void)
|
||||
|
||||
#endif
|
||||
|
||||
/* Initialize flash state and MMU */
|
||||
|
||||
esp_mspi_pin_init();
|
||||
|
||||
bootloader_flash_update_id();
|
||||
|
||||
spi_flash_init_chip_state();
|
||||
|
||||
esp_mmu_map_init();
|
||||
|
||||
#ifndef CONFIG_SMP
|
||||
/* Make sure that the APP_CPU is disabled for now */
|
||||
|
||||
|
||||
@@ -210,6 +210,9 @@ CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)nuttx$(DELIM)src$(DELI
|
||||
# Bootloader files
|
||||
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)flash_encrypt.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)bootloader_flash$(DELIM)src$(DELIM)bootloader_flash.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)bootloader_flash$(DELIM)src$(DELIM)bootloader_flash_config_${CHIP_SERIES}.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)patches$(DELIM)esp_rom_spiflash.c
|
||||
|
||||
ifeq ($(CONFIG_ESPRESSIF_SIMPLE_BOOT),y)
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)nuttx$(DELIM)src$(DELIM)bootloader_banner_wrap.c
|
||||
@@ -219,8 +222,6 @@ ifeq ($(CONFIG_ESPRESSIF_SIMPLE_BOOT),y)
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)bootloader_init.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)bootloader_common.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)bootloader_common_loader.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)bootloader_flash$(DELIM)src$(DELIM)bootloader_flash.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)bootloader_flash$(DELIM)src$(DELIM)bootloader_flash_config_${CHIP_SERIES}.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)bootloader_flash$(DELIM)src$(DELIM)flash_qio_mode.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)bootloader_clock_init.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)bootloader_clock_loader.c
|
||||
@@ -233,7 +234,6 @@ ifeq ($(CONFIG_ESPRESSIF_SIMPLE_BOOT),y)
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)bootloader_sha.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hw_support$(DELIM)port$(DELIM)$(CHIP_SERIES)$(DELIM)rtc_clk_init.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)patches$(DELIM)esp_rom_sys.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)patches$(DELIM)esp_rom_spiflash.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_rom$(DELIM)patches$(DELIM)esp_rom_crc.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)hal$(DELIM)mpu_hal.c
|
||||
|
||||
|
||||
@@ -48,7 +48,7 @@ ifndef MCUBOOT_URL
|
||||
endif
|
||||
|
||||
ifndef ESP_HAL_3RDPARTY_VERSION_FOR_MCUBOOT
|
||||
ESP_HAL_3RDPARTY_VERSION_FOR_MCUBOOT = 3f02f2139e79ddc60f98ca35ed65c62c6914f079
|
||||
ESP_HAL_3RDPARTY_VERSION_FOR_MCUBOOT = 911dbec8e4a92e70056b58a3d2b0d965b8b7bcc9
|
||||
endif
|
||||
|
||||
$(BOOTLOADER_DIR):
|
||||
@@ -126,7 +126,15 @@ endif
|
||||
$(if $(CONFIG_UART1_SERIAL_CONSOLE),$(call cfg_val,CONFIG_ESP_CONSOLE_ROM_SERIAL_PORT_NUM,1)) \
|
||||
$(call cfg_en,CONFIG_IDF_TARGET_ARCH_XTENSA) \
|
||||
$(call cfg_val,CONFIG_BOOTLOADER_LOG_LEVEL,3) \
|
||||
$(if $(CONFIG_ESPRESSIF_EFUSE_VIRTUAL),$(call cfg_en,CONFIG_EFUSE_VIRTUAL)) \
|
||||
} >> $(BOOTLOADER_CONFIG)
|
||||
ifeq ($(CONFIG_ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH),y)
|
||||
$(Q) { \
|
||||
$(call cfg_en,CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH) \
|
||||
$(call cfg_val,CONFIG_EFUSE_VIRTUAL_OFFSET,$(CONFIG_ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH_OFFSET)) \
|
||||
$(call cfg_val,CONFIG_EFUSE_VIRTUAL_SIZE,$(CONFIG_ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH_SIZE)) \
|
||||
} >> $(BOOTLOADER_CONFIG)
|
||||
endif
|
||||
endif
|
||||
|
||||
ifeq ($(CONFIG_ESPRESSIF_SIMPLE_BOOT),y)
|
||||
|
||||
@@ -1448,7 +1448,7 @@ endchoice
|
||||
|
||||
config ESP32S2_MCUBOOT_VERSION
|
||||
string "MCUboot version"
|
||||
default "aa4fa2b6e17361dd3ce16a60883059778fd147a9"
|
||||
default "8a07053d42e592c85cb35b79c4de1b7749943387"
|
||||
depends on ESP32S2_APP_FORMAT_MCUBOOT
|
||||
|
||||
config ESP32S2_APP_MCUBOOT_HEADER_SIZE
|
||||
|
||||
@@ -106,6 +106,7 @@ config ESP32S2_SECURE_FLASH_ENC_ENABLED
|
||||
bool "Enable Flash Encryption on boot (READ HELP FIRST)"
|
||||
default n
|
||||
depends on ESP32S2_APP_FORMAT_MCUBOOT
|
||||
select ESPRESSIF_EFUSE
|
||||
---help---
|
||||
If this option is set, flash contents will be encrypted by the bootloader on first boot.
|
||||
|
||||
|
||||
@@ -107,6 +107,9 @@ endif
|
||||
|
||||
# Source files
|
||||
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)nuttx$(DELIM)src$(DELIM)components$(DELIM)esp_driver_gpio$(DELIM)src$(DELIM)rtc_io.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)nuttx$(DELIM)src$(DELIM)components$(DELIM)esp_security$(DELIM)src$(DELIM)esp_crypto_lock.c
|
||||
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_adc$(DELIM)adc_cali.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_adc$(DELIM)$(CHIP_SERIES)$(DELIM)adc_cali_line_fitting.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)efuse$(DELIM)src$(DELIM)esp_efuse_fields.c
|
||||
@@ -142,7 +145,6 @@ CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)log$
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)log$(DELIM)src$(DELIM)os$(DELIM)log_write.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)log$(DELIM)src$(DELIM)os$(DELIM)util.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)mbedtls$(DELIM)port$(DELIM)sha$(DELIM)core$(DELIM)esp_sha256.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)nuttx$(DELIM)src$(DELIM)components$(DELIM)esp_driver_gpio$(DELIM)src$(DELIM)rtc_io.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hw_support$(DELIM)adc_share_hw_ctrl.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hw_support$(DELIM)clk_ctrl_os.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_hw_support$(DELIM)clk_utils.c
|
||||
@@ -249,6 +251,7 @@ CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)esp_
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)${CHIP_SERIES}$(DELIM)bootloader_soc.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)bootloader_random_${CHIP_SERIES}.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)flash_encrypt.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)bootloader_flash$(DELIM)src$(DELIM)bootloader_flash.c
|
||||
|
||||
ifeq ($(CONFIG_ESPRESSIF_SIMPLE_BOOT),y)
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)nuttx$(DELIM)src$(DELIM)bootloader_banner_wrap.c
|
||||
@@ -258,7 +261,6 @@ ifeq ($(CONFIG_ESPRESSIF_SIMPLE_BOOT),y)
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)bootloader_init.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)bootloader_common.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)bootloader_common_loader.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)bootloader_flash$(DELIM)src$(DELIM)bootloader_flash.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)bootloader_flash$(DELIM)src$(DELIM)bootloader_flash_config_${CHIP_SERIES}.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)bootloader_flash$(DELIM)src$(DELIM)flash_qio_mode.c
|
||||
CHIP_CSRCS += chip$(DELIM)$(ESP_HAL_3RDPARTY_REPO)$(DELIM)components$(DELIM)bootloader_support$(DELIM)src$(DELIM)bootloader_clock_init.c
|
||||
|
||||
@@ -46,7 +46,7 @@ ifndef MCUBOOT_URL
|
||||
endif
|
||||
|
||||
ifndef ESP_HAL_3RDPARTY_VERSION_FOR_MCUBOOT
|
||||
ESP_HAL_3RDPARTY_VERSION_FOR_MCUBOOT = 3f02f2139e79ddc60f98ca35ed65c62c6914f079
|
||||
ESP_HAL_3RDPARTY_VERSION_FOR_MCUBOOT = 911dbec8e4a92e70056b58a3d2b0d965b8b7bcc9
|
||||
endif
|
||||
|
||||
$(BOOTLOADER_DIR):
|
||||
@@ -95,10 +95,15 @@ ifeq ($(CONFIG_ESP32S3_APP_FORMAT_MCUBOOT),y)
|
||||
$(call cfg_en,CONFIG_BOOTLOADER_FLASH_XMC_SUPPORT) \
|
||||
$(call cfg_en,CONFIG_IDF_TARGET_ARCH_XTENSA) \
|
||||
$(call cfg_val,CONFIG_BOOTLOADER_LOG_LEVEL,3) \
|
||||
$(if $(CONFIG_ESPRESSIF_SECURE_FLASH_ENC_ENABLED),$(call cfg_en,CONFIG_SECURE_FLASH_ENC_ENABLED)) \
|
||||
$(if $(CONFIG_ESPRESSIF_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT),$(call cfg_en,CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT)) \
|
||||
$(if $(CONFIG_ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC),$(call cfg_en,CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC)) \
|
||||
$(if $(CONFIG_ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC),$(call cfg_en,CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC)) \
|
||||
$(if $(CONFIG_ESPRESSIF_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE),$(call cfg_en,CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE)) \
|
||||
$(if $(CONFIG_ESPRESSIF_EFUSE_VIRTUAL),$(call cfg_en,CONFIG_EFUSE_VIRTUAL)) \
|
||||
} >> $(BOOTLOADER_CONFIG)
|
||||
ifeq ($(CONFIG_ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH),y)
|
||||
$(Q) { \
|
||||
$(call cfg_en,CONFIG_EFUSE_VIRTUAL) \
|
||||
$(call cfg_en,CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH) \
|
||||
$(call cfg_val,CONFIG_EFUSE_VIRTUAL_OFFSET,$(CONFIG_ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH_OFFSET)) \
|
||||
$(call cfg_val,CONFIG_EFUSE_VIRTUAL_SIZE,$(CONFIG_ESPRESSIF_EFUSE_VIRTUAL_KEEP_IN_FLASH_SIZE)) \
|
||||
|
||||
@@ -2786,7 +2786,7 @@ endchoice
|
||||
|
||||
config ESP32S3_MCUBOOT_VERSION
|
||||
string "MCUboot version"
|
||||
default "aa4fa2b6e17361dd3ce16a60883059778fd147a9"
|
||||
default "8a07053d42e592c85cb35b79c4de1b7749943387"
|
||||
depends on ESP32S3_APP_FORMAT_MCUBOOT
|
||||
|
||||
config ESP32S3_APP_MCUBOOT_HEADER_SIZE
|
||||
|
||||
@@ -267,6 +267,7 @@ SECTIONS
|
||||
*libarch.a:spi_flash_os_func_app.*(.literal .literal.* .text .text.*)
|
||||
*libarch.a:flash_brownout_hook.*(.literal .literal.* .text .text.*)
|
||||
*libarch.a:esp_cache.*(.literal .literal.* .text .text.*)
|
||||
*libarch.a:cache_esp32.*(.literal .literal.* .text .text.*)
|
||||
*libarch.a:cache_hal_esp32.*(.literal .literal.* .text .text.*)
|
||||
*libarch.a:cache_utils.*(.literal .literal.* .text .text.*)
|
||||
*libarch.a:memspi_host_driver.*(.literal .literal.* .text .text.*)
|
||||
@@ -484,6 +485,7 @@ SECTIONS
|
||||
*libarch.a:spi_flash_os_func_app.*(.rodata .rodata.*)
|
||||
*libarch.a:flash_brownout_hook.*(.rodata .rodata.*)
|
||||
*libarch.a:esp_cache.*(.rodata .rodata.*)
|
||||
*libarch.a:cache_esp32.*(.rodata .rodata.*)
|
||||
*libarch.a:cache_utils.*(.rodata .rodata.*)
|
||||
*libarch.a:cache_hal_esp32.*(.rodata .rodata.*)
|
||||
*libarch.a:memspi_host_driver.*(.rodata .rodata.*)
|
||||
|
||||
@@ -53,15 +53,11 @@
|
||||
****************************************************************************/
|
||||
|
||||
#ifdef CONFIG_ESP32_OTA_PARTITION_ENCRYPT
|
||||
# define OTA_ENCRYPT true
|
||||
#else
|
||||
# define OTA_ENCRYPT false
|
||||
# warning "CONFIG_ESP32_OTA_PARTITION_ENCRYPT is deprecated"
|
||||
#endif
|
||||
|
||||
#ifdef CONFIG_ESP32_STORAGE_MTD_ENCRYPT
|
||||
# define STORAGE_ENCRYPT true
|
||||
#else
|
||||
# define STORAGE_ENCRYPT false
|
||||
# warning "CONFIG_ESP32_STORAGE_MTD_ENCRYPT is deprecated"
|
||||
#endif
|
||||
|
||||
/****************************************************************************
|
||||
|
||||
@@ -107,7 +107,11 @@ else ifeq ($(CONFIG_ESP32S3_APP_FORMAT_MCUBOOT),y)
|
||||
|
||||
APP_IMAGE := nuttx.bin
|
||||
FLASH_APP := $(APP_OFFSET) $(APP_IMAGE)
|
||||
IMGTOOL_ALIGN_ARGS := --align 4
|
||||
ifeq ($(CONFIG_ESPRESSIF_SECURE_FLASH_ENC_ENABLED),y)
|
||||
IMGTOOL_ALIGN_ARGS := --align 32 --max-align 32
|
||||
else
|
||||
IMGTOOL_ALIGN_ARGS := --align 4
|
||||
endif
|
||||
IMGTOOL_SIGN_ARGS := --pad $(VERIFIED) $(IMGTOOL_ALIGN_ARGS) -v 0 -s auto \
|
||||
-H $(CONFIG_ESP32S3_APP_MCUBOOT_HEADER_SIZE) --pad-header \
|
||||
-S $(CONFIG_ESP32S3_OTA_SLOT_SIZE)
|
||||
|
||||
Reference in New Issue
Block a user