From fa173df366b2323b2d2f931ffe73dad5dd6b134a Mon Sep 17 00:00:00 2001 From: Almir Okato Date: Tue, 19 Apr 2022 01:10:30 -0300 Subject: [PATCH] espressif: Add warning for unsupported chip revision Added checking and warning for ESP32, ESP32-S2, ESP32-C3, ESP32-S3 unsupported chip revisions on their initialization. Made respectively changes for build system and documentation. Signed-off-by: Almir Okato --- boot/espressif/CMakeLists.txt | 76 ++++++++++++++----- .../espressif/hal/src/esp32/bootloader_init.c | 4 + .../hal/src/esp32c3/bootloader_init.c | 4 + .../hal/src/esp32s2/bootloader_init.c | 4 + .../hal/src/esp32s3/bootloader_init.c | 4 + boot/espressif/main.c | 4 +- .../{ => port/esp32}/bootloader.conf | 12 +-- boot/espressif/port/esp32/ld/bootloader.ld | 1 + boot/espressif/port/esp32c3/bootloader.conf | 47 ++++++++++++ boot/espressif/port/esp32c3/ld/bootloader.ld | 1 + boot/espressif/port/esp32s2/bootloader.conf | 47 ++++++++++++ boot/espressif/port/esp32s2/ld/bootloader.ld | 1 + boot/espressif/port/esp32s3/bootloader.conf | 67 ++++++++++++++++ boot/espressif/port/esp32s3/ld/bootloader.ld | 1 + boot/espressif/secureboot-sign-ec256.conf | 7 -- boot/espressif/secureboot-sign-ed25519.conf | 7 -- boot/espressif/secureboot-sign-rsa2048.conf | 7 -- boot/espressif/secureboot-sign-rsa3072.conf | 7 -- boot/espressif/tools/utils.cmake | 31 ++++++++ ci/espressif_run.sh | 4 +- docs/readme-espressif.md | 20 +++-- 21 files changed, 292 insertions(+), 64 deletions(-) rename boot/espressif/{ => port/esp32}/bootloader.conf (87%) create mode 100644 boot/espressif/port/esp32c3/bootloader.conf create mode 100644 boot/espressif/port/esp32s2/bootloader.conf create mode 100644 boot/espressif/port/esp32s3/bootloader.conf create mode 100644 boot/espressif/tools/utils.cmake diff --git a/boot/espressif/CMakeLists.txt b/boot/espressif/CMakeLists.txt index 0aa9dc2e..790b60dc 100644 --- a/boot/espressif/CMakeLists.txt +++ b/boot/espressif/CMakeLists.txt @@ -4,6 +4,8 @@ cmake_minimum_required(VERSION 3.13) +include(${CMAKE_CURRENT_LIST_DIR}/tools/utils.cmake) + if (NOT DEFINED MCUBOOT_TARGET) message(FATAL_ERROR "MCUBOOT_TARGET not defined. Please pass -DMCUBOOT_TARGET flag.") endif() @@ -20,6 +22,19 @@ elseif("${MCUBOOT_TARGET}" STREQUAL "esp32c3") set(MCUBOOT_ARCH "riscv") endif() +# Set the minimum revision for each supported chip +if ("${MCUBOOT_TARGET}" STREQUAL "esp32") + set(ESP_MIN_REVISION 3) +elseif("${MCUBOOT_TARGET}" STREQUAL "esp32s2") + set(ESP_MIN_REVISION 0) +elseif("${MCUBOOT_TARGET}" STREQUAL "esp32s3") + set(ESP_MIN_REVISION 0) +elseif("${MCUBOOT_TARGET}" STREQUAL "esp32c3") + set(ESP_MIN_REVISION 3) +else() + message(FATAL_ERROR "Unsupported target ${MCUBOOT_TARGET}") +endif() + if (NOT DEFINED IDF_PATH) if (EXISTS "${CMAKE_CURRENT_LIST_DIR}/hal/esp-idf") set(IDF_PATH "${CMAKE_CURRENT_LIST_DIR}/hal/esp-idf") @@ -38,29 +53,16 @@ execute_process( ) add_definitions(-DMCUBOOT_VER=\"${MCUBOOT_VER}\") -if (DEFINED MCUBOOT_CONFIG_FILE) - set(mcuboot_config_file ${MCUBOOT_CONFIG_FILE}) -else() - set(mcuboot_config_file "${CMAKE_CURRENT_LIST_DIR}/bootloader.conf") +if (NOT DEFINED MCUBOOT_CONFIG_FILE) + set(MCUBOOT_CONFIG_FILE "${CMAKE_CURRENT_LIST_DIR}/port/${MCUBOOT_TARGET}/bootloader.conf") endif() -if (NOT EXISTS "${mcuboot_config_file}") - message(FATAL_ERROR "MCUboot configuration file does not exist at ${mcuboot_config_file}") -endif() - -configure_file(${mcuboot_config_file} dummy.conf) -file(STRINGS ${mcuboot_config_file} BOOTLOADER_CONF) -foreach(config ${BOOTLOADER_CONF}) - if (NOT (${config} MATCHES "#")) - string(REGEX REPLACE "^[ ]+" "" config ${config}) - string(REGEX MATCH "^[^=]+" CONFIG_NAME ${config}) - string(REPLACE "${CONFIG_NAME}=" "" CONFIG_VALUE ${config}) - if (NOT ("${CONFIG_VALUE}" STREQUAL "n" - OR "${CONFIG_VALUE}" STREQUAL "N")) - add_definitions(-D${CONFIG_NAME}=${CONFIG_VALUE}) - set(${CONFIG_NAME} ${CONFIG_VALUE}) - endif() +string(REPLACE " " ";" MCUBOOT_CONFIG_FILE_LIST "${MCUBOOT_CONFIG_FILE}") +foreach(CONFIG_FILE ${MCUBOOT_CONFIG_FILE_LIST}) + if (NOT EXISTS "${CONFIG_FILE}") + message(FATAL_ERROR "MCUboot configuration file does not exist at ${CONFIG_FILE}") endif() + parse_and_set_config_file(${CONFIG_FILE}) endforeach() set(APP_NAME mcuboot_${MCUBOOT_TARGET}) @@ -235,3 +237,37 @@ target_link_libraries( PUBLIC hal ) + +# This step uses esptool.py for generating the final bootloader binary in +# Espressif compatible format. +# Note: Both binary generation and flash steps still have some default arguments +add_custom_command(TARGET ${APP_EXECUTABLE} POST_BUILD + COMMAND + ${IDF_PATH}/components/esptool_py/esptool/esptool.py + --chip ${MCUBOOT_TARGET} elf2image --min-rev ${ESP_MIN_REVISION} + --flash_mode dio --flash_freq 40m --flash_size ${CONFIG_ESP_FLASH_SIZE} + -o ${APP_NAME}.bin ${APP_NAME}.elf + ) + +if (DEFINED MCUBOOT_FLASH_PORT) + set(FLASH_PORT ${MCUBOOT_FLASH_PORT}) +else() + # Defaults to the first USB serial port + set(FLASH_PORT "/dev/ttyUSB0") +endif() + +if (NOT EXISTS "${FLASH_PORT}") + message(WARNING "Could not open ${FLASH_PORT}, serial port does not exist") +endif() + +add_custom_target(flash DEPENDS ${APP_NAME}.bin) +add_custom_command(TARGET flash + USES_TERMINAL + COMMAND + ${IDF_PATH}/components/esptool_py/esptool/esptool.py + -p ${FLASH_PORT} -b 2000000 --before default_reset --after no_reset + --chip ${MCUBOOT_TARGET} write_flash + --flash_mode dio --flash_size ${CONFIG_ESP_FLASH_SIZE} + --flash_freq 40m ${CONFIG_ESP_BOOTLOADER_OFFSET} + ${APP_NAME}.bin + ) diff --git a/boot/espressif/hal/src/esp32/bootloader_init.c b/boot/espressif/hal/src/esp32/bootloader_init.c index de4bd89f..028cf080 100644 --- a/boot/espressif/hal/src/esp32/bootloader_init.c +++ b/boot/espressif/hal/src/esp32/bootloader_init.c @@ -172,6 +172,10 @@ esp_err_t bootloader_init(void) if ((ret = bootloader_read_bootloader_header()) != ESP_OK) { goto err; } + // read chip revision and check if it's compatible to bootloader + if ((ret = bootloader_check_bootloader_validity()) != ESP_OK) { + goto err; + } /* initialize spi flash */ if ((ret = bootloader_init_spi_flash()) != ESP_OK) { goto err; diff --git a/boot/espressif/hal/src/esp32c3/bootloader_init.c b/boot/espressif/hal/src/esp32c3/bootloader_init.c index 2650a330..48e13dd5 100644 --- a/boot/espressif/hal/src/esp32c3/bootloader_init.c +++ b/boot/espressif/hal/src/esp32c3/bootloader_init.c @@ -197,6 +197,10 @@ esp_err_t bootloader_init(void) if ((ret = bootloader_read_bootloader_header()) != ESP_OK) { goto err; } + // read chip revision and check if it's compatible to bootloader + if ((ret = bootloader_check_bootloader_validity()) != ESP_OK) { + goto err; + } // initialize spi flash if ((ret = bootloader_init_spi_flash()) != ESP_OK) { goto err; diff --git a/boot/espressif/hal/src/esp32s2/bootloader_init.c b/boot/espressif/hal/src/esp32s2/bootloader_init.c index c57cff1c..90e329e4 100644 --- a/boot/espressif/hal/src/esp32s2/bootloader_init.c +++ b/boot/espressif/hal/src/esp32s2/bootloader_init.c @@ -163,6 +163,10 @@ esp_err_t bootloader_init(void) if ((ret = bootloader_read_bootloader_header()) != ESP_OK) { goto err; } + // read chip revision and check if it's compatible to bootloader + if ((ret = bootloader_check_bootloader_validity()) != ESP_OK) { + goto err; + } /* initialize spi flash */ if ((ret = bootloader_init_spi_flash()) != ESP_OK) { goto err; diff --git a/boot/espressif/hal/src/esp32s3/bootloader_init.c b/boot/espressif/hal/src/esp32s3/bootloader_init.c index 4d0dd515..577bcf8e 100644 --- a/boot/espressif/hal/src/esp32s3/bootloader_init.c +++ b/boot/espressif/hal/src/esp32s3/bootloader_init.c @@ -270,6 +270,10 @@ esp_err_t bootloader_init(void) if ((ret = bootloader_read_bootloader_header()) != ESP_OK) { goto err; } + // read chip revision and check if it's compatible to bootloader + if ((ret = bootloader_check_bootloader_validity()) != ESP_OK) { + goto err; + } // initialize spi flash if ((ret = bootloader_init_spi_flash()) != ESP_OK) { goto err; diff --git a/boot/espressif/main.c b/boot/espressif/main.c index 6fe93a24..6e59b006 100644 --- a/boot/espressif/main.c +++ b/boot/espressif/main.c @@ -93,7 +93,9 @@ void do_boot_appcpu(uint32_t img_index, uint32_t slot) int main() { - bootloader_init(); + if (bootloader_init() != ESP_OK) { + FIH_PANIC; + } BOOT_LOG_INF("Enabling RNG early entropy source..."); bootloader_random_enable(); diff --git a/boot/espressif/bootloader.conf b/boot/espressif/port/esp32/bootloader.conf similarity index 87% rename from boot/espressif/bootloader.conf rename to boot/espressif/port/esp32/bootloader.conf index 7107e7eb..67efcfe3 100644 --- a/boot/espressif/bootloader.conf +++ b/boot/espressif/port/esp32/bootloader.conf @@ -2,7 +2,9 @@ # # SPDX-License-Identifier: Apache-2.0 +CONFIG_ESP_FLASH_SIZE=4MB CONFIG_ESP_BOOTLOADER_SIZE=0xF000 +CONFIG_ESP_BOOTLOADER_OFFSET=0x1000 CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000 CONFIG_ESP_APPLICATION_SIZE=0x100000 CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x110000 @@ -22,12 +24,12 @@ CONFIG_ESP_SCRATCH_SIZE=0x40000 # Example of values to be used when multi image is enabled # Notice that the OS layer and update agent must be aware # of these regions -# CONFIG_ESP_APPLICATION_SIZE=0x50000 +# CONFIG_ESP_APPLICATION_SIZE=0x80000 # CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000 -# CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x60000 -# CONFIG_ESP_IMAGE1_PRIMARY_START_ADDRESS=0xB0000 -# CONFIG_ESP_IMAGE1_SECONDARY_START_ADDRESS=0x100000 -# CONFIG_ESP_SCRATCH_OFFSET=0x150000 +# CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x90000 +# CONFIG_ESP_IMAGE1_PRIMARY_START_ADDRESS=0x110000 +# CONFIG_ESP_IMAGE1_SECONDARY_START_ADDRESS=0x190000 +# CONFIG_ESP_SCRATCH_OFFSET=0x210000 # CONFIG_ESP_SCRATCH_SIZE=0x40000 # CONFIG_ESP_SIGN_EC256=y diff --git a/boot/espressif/port/esp32/ld/bootloader.ld b/boot/espressif/port/esp32/ld/bootloader.ld index 9933bd38..2b7797b0 100644 --- a/boot/espressif/port/esp32/ld/bootloader.ld +++ b/boot/espressif/port/esp32/ld/bootloader.ld @@ -32,6 +32,7 @@ SECTIONS *libhal.a:bootloader_flash_config_esp32.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_clock_loader.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_common_loader.*(.literal .text .literal.* .text.*) + *libhal.a:bootloader_init_common.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_flash.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_random.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_random*.*(.literal.bootloader_random_disable .text.bootloader_random_disable) diff --git a/boot/espressif/port/esp32c3/bootloader.conf b/boot/espressif/port/esp32c3/bootloader.conf new file mode 100644 index 00000000..45b0577b --- /dev/null +++ b/boot/espressif/port/esp32c3/bootloader.conf @@ -0,0 +1,47 @@ +# SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD +# +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_ESP_FLASH_SIZE=4MB +CONFIG_ESP_BOOTLOADER_SIZE=0xF000 +CONFIG_ESP_BOOTLOADER_OFFSET=0x0000 +CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000 +CONFIG_ESP_APPLICATION_SIZE=0x100000 +CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x110000 +CONFIG_ESP_MCUBOOT_WDT_ENABLE=y +CONFIG_ESP_SCRATCH_OFFSET=0x210000 +CONFIG_ESP_SCRATCH_SIZE=0x40000 + +# CONFIG_ESP_SIGN_EC256=y +# CONFIG_ESP_SIGN_ED25519=n +# CONFIG_ESP_SIGN_RSA=n +# CONFIG_ESP_SIGN_RSA_LEN=2048 + +# Use Tinycrypt lib for EC256 or ED25519 signing +# CONFIG_ESP_USE_TINYCRYPT=y +# Use Mbed TLS lib for RSA image signing +# CONFIG_ESP_USE_MBEDTLS=n + +# It is strongly recommended to generate a new signing key +# using imgtool instead of use the existent sample +# CONFIG_ESP_SIGN_KEY_FILE=root-ec-p256.pem + +# Hardware Secure Boot related options +# CONFIG_SECURE_SIGNED_ON_BOOT=1 +# CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=1 +# CONFIG_SECURE_BOOT=1 +# CONFIG_SECURE_BOOT_V2_ENABLED=1 +# CONFIG_SECURE_BOOT_SUPPORTS_RSA=1 + +# Hardware Flash Encryption related options +# CONFIG_SECURE_FLASH_ENC_ENABLED=1 +# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=1 +# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=1 +# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=1 +# CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=1 +# CONFIG_SECURE_BOOT_ALLOW_JTAG=1 +# CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=1 + +# Options for enabling eFuse emulation in Flash +# CONFIG_EFUSE_VIRTUAL=1 +# CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=1 diff --git a/boot/espressif/port/esp32c3/ld/bootloader.ld b/boot/espressif/port/esp32c3/ld/bootloader.ld index c627cb92..b09c39c8 100644 --- a/boot/espressif/port/esp32c3/ld/bootloader.ld +++ b/boot/espressif/port/esp32c3/ld/bootloader.ld @@ -32,6 +32,7 @@ SECTIONS *libhal.a:bootloader_flash_config_esp32c3.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_clock_loader.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_common_loader.*(.literal .text .literal.* .text.*) + *libhal.a:bootloader_init_common.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_flash.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_random.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_random*.*(.literal.bootloader_random_disable .text.bootloader_random_disable) diff --git a/boot/espressif/port/esp32s2/bootloader.conf b/boot/espressif/port/esp32s2/bootloader.conf new file mode 100644 index 00000000..febafcc7 --- /dev/null +++ b/boot/espressif/port/esp32s2/bootloader.conf @@ -0,0 +1,47 @@ +# SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD +# +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_ESP_FLASH_SIZE=4MB +CONFIG_ESP_BOOTLOADER_SIZE=0xF000 +CONFIG_ESP_BOOTLOADER_OFFSET=0x1000 +CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000 +CONFIG_ESP_APPLICATION_SIZE=0x100000 +CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x110000 +CONFIG_ESP_MCUBOOT_WDT_ENABLE=y +CONFIG_ESP_SCRATCH_OFFSET=0x210000 +CONFIG_ESP_SCRATCH_SIZE=0x40000 + +# CONFIG_ESP_SIGN_EC256=y +# CONFIG_ESP_SIGN_ED25519=n +# CONFIG_ESP_SIGN_RSA=n +# CONFIG_ESP_SIGN_RSA_LEN=2048 + +# Use Tinycrypt lib for EC256 or ED25519 signing +# CONFIG_ESP_USE_TINYCRYPT=y +# Use Mbed TLS lib for RSA image signing +# CONFIG_ESP_USE_MBEDTLS=n + +# It is strongly recommended to generate a new signing key +# using imgtool instead of use the existent sample +# CONFIG_ESP_SIGN_KEY_FILE=root-ec-p256.pem + +# Hardware Secure Boot related options +# CONFIG_SECURE_SIGNED_ON_BOOT=1 +# CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=1 +# CONFIG_SECURE_BOOT=1 +# CONFIG_SECURE_BOOT_V2_ENABLED=1 +# CONFIG_SECURE_BOOT_SUPPORTS_RSA=1 + +# Hardware Flash Encryption related options +# CONFIG_SECURE_FLASH_ENC_ENABLED=1 +# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=1 +# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=1 +# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=1 +# CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=1 +# CONFIG_SECURE_BOOT_ALLOW_JTAG=1 +# CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=1 + +# Options for enabling eFuse emulation in Flash +# CONFIG_EFUSE_VIRTUAL=1 +# CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=1 diff --git a/boot/espressif/port/esp32s2/ld/bootloader.ld b/boot/espressif/port/esp32s2/ld/bootloader.ld index 3521894a..6db36e34 100644 --- a/boot/espressif/port/esp32s2/ld/bootloader.ld +++ b/boot/espressif/port/esp32s2/ld/bootloader.ld @@ -32,6 +32,7 @@ SECTIONS *libhal.a:bootloader_flash_config_esp32s2.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_clock_loader.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_common_loader.*(.literal .text .literal.* .text.*) + *libhal.a:bootloader_init_common.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_flash.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_random.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_random*.*(.literal.bootloader_random_disable .text.bootloader_random_disable) diff --git a/boot/espressif/port/esp32s3/bootloader.conf b/boot/espressif/port/esp32s3/bootloader.conf new file mode 100644 index 00000000..aab4e424 --- /dev/null +++ b/boot/espressif/port/esp32s3/bootloader.conf @@ -0,0 +1,67 @@ +# SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD +# +# SPDX-License-Identifier: Apache-2.0 + +CONFIG_ESP_FLASH_SIZE=4MB +CONFIG_ESP_BOOTLOADER_SIZE=0xF000 +CONFIG_ESP_BOOTLOADER_OFFSET=0x0000 +CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000 +CONFIG_ESP_APPLICATION_SIZE=0x100000 +CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x110000 +CONFIG_ESP_MCUBOOT_WDT_ENABLE=y +CONFIG_ESP_SCRATCH_OFFSET=0x210000 +CONFIG_ESP_SCRATCH_SIZE=0x40000 + +# Enables multi image, if it is not defined, it is assumed +# only one updatable image +# CONFIG_ESP_IMAGE_NUMBER=2 + +# Enables multi image boot on independent processors +# (main host OS is not responsible for booting the second image) +# Use only with CONFIG_ESP_IMAGE_NUMBER=2 +# CONFIG_ESP_MULTI_PROCESSOR_BOOT=y + +# Example of values to be used when multi image is enabled +# Notice that the OS layer and update agent must be aware +# of these regions +# CONFIG_ESP_APPLICATION_SIZE=0x80000 +# CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000 +# CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x90000 +# CONFIG_ESP_IMAGE1_PRIMARY_START_ADDRESS=0x110000 +# CONFIG_ESP_IMAGE1_SECONDARY_START_ADDRESS=0x190000 +# CONFIG_ESP_SCRATCH_OFFSET=0x210000 +# CONFIG_ESP_SCRATCH_SIZE=0x40000 + +# CONFIG_ESP_SIGN_EC256=y +# CONFIG_ESP_SIGN_ED25519=n +# CONFIG_ESP_SIGN_RSA=n +# CONFIG_ESP_SIGN_RSA_LEN=2048 + +# Use Tinycrypt lib for EC256 or ED25519 signing +# CONFIG_ESP_USE_TINYCRYPT=y +# Use Mbed TLS lib for RSA image signing +# CONFIG_ESP_USE_MBEDTLS=n + +# It is strongly recommended to generate a new signing key +# using imgtool instead of use the existent sample +# CONFIG_ESP_SIGN_KEY_FILE=root-ec-p256.pem + +# Hardware Secure Boot related options +# CONFIG_SECURE_SIGNED_ON_BOOT=1 +# CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME=1 +# CONFIG_SECURE_BOOT=1 +# CONFIG_SECURE_BOOT_V2_ENABLED=1 +# CONFIG_SECURE_BOOT_SUPPORTS_RSA=1 + +# Hardware Flash Encryption related options +# CONFIG_SECURE_FLASH_ENC_ENABLED=1 +# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=1 +# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=1 +# CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=1 +# CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=1 +# CONFIG_SECURE_BOOT_ALLOW_JTAG=1 +# CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=1 + +# Options for enabling eFuse emulation in Flash +# CONFIG_EFUSE_VIRTUAL=1 +# CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH=1 diff --git a/boot/espressif/port/esp32s3/ld/bootloader.ld b/boot/espressif/port/esp32s3/ld/bootloader.ld index 0bc9af69..9ab8cc3e 100644 --- a/boot/espressif/port/esp32s3/ld/bootloader.ld +++ b/boot/espressif/port/esp32s3/ld/bootloader.ld @@ -32,6 +32,7 @@ SECTIONS *libhal.a:bootloader_flash_config_esp32s3.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_clock_loader.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_common_loader.*(.literal .text .literal.* .text.*) + *libhal.a:bootloader_init_common.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_flash.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_random.*(.literal .text .literal.* .text.*) *libhal.a:bootloader_random*.*(.literal.bootloader_random_disable .text.bootloader_random_disable) diff --git a/boot/espressif/secureboot-sign-ec256.conf b/boot/espressif/secureboot-sign-ec256.conf index 2dafbebf..37d4f7bf 100644 --- a/boot/espressif/secureboot-sign-ec256.conf +++ b/boot/espressif/secureboot-sign-ec256.conf @@ -18,10 +18,3 @@ CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE=1 CONFIG_ESP_SIGN_KEY_FILE=root-ec-p256.pem CONFIG_ESP_USE_TINYCRYPT=1 CONFIG_ESP_SIGN_EC256=1 -CONFIG_ESP_BOOTLOADER_SIZE=0xF000 -CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000 -CONFIG_ESP_APPLICATION_SIZE=0x100000 -CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x110000 -CONFIG_ESP_MCUBOOT_WDT_ENABLE=1 -CONFIG_ESP_SCRATCH_OFFSET=0x210000 -CONFIG_ESP_SCRATCH_SIZE=0x40000 diff --git a/boot/espressif/secureboot-sign-ed25519.conf b/boot/espressif/secureboot-sign-ed25519.conf index b5b5d70d..a317aa44 100644 --- a/boot/espressif/secureboot-sign-ed25519.conf +++ b/boot/espressif/secureboot-sign-ed25519.conf @@ -18,10 +18,3 @@ CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE=1 CONFIG_ESP_SIGN_KEY_FILE=root-ed25519.pem CONFIG_ESP_USE_TINYCRYPT=1 CONFIG_ESP_SIGN_ED25519=1 -CONFIG_ESP_BOOTLOADER_SIZE=0xF000 -CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000 -CONFIG_ESP_APPLICATION_SIZE=0x100000 -CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x110000 -CONFIG_ESP_MCUBOOT_WDT_ENABLE=1 -CONFIG_ESP_SCRATCH_OFFSET=0x210000 -CONFIG_ESP_SCRATCH_SIZE=0x40000 diff --git a/boot/espressif/secureboot-sign-rsa2048.conf b/boot/espressif/secureboot-sign-rsa2048.conf index 6b80d9c6..f5ad8832 100644 --- a/boot/espressif/secureboot-sign-rsa2048.conf +++ b/boot/espressif/secureboot-sign-rsa2048.conf @@ -19,10 +19,3 @@ CONFIG_ESP_SIGN_KEY_FILE=root-rsa-2048.pem CONFIG_ESP_USE_MBEDTLS=1 CONFIG_ESP_SIGN_RSA=1 CONFIG_ESP_SIGN_RSA_LEN=2048 -CONFIG_ESP_BOOTLOADER_SIZE=0xF000 -CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000 -CONFIG_ESP_APPLICATION_SIZE=0x100000 -CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x110000 -CONFIG_ESP_MCUBOOT_WDT_ENABLE=1 -CONFIG_ESP_SCRATCH_OFFSET=0x210000 -CONFIG_ESP_SCRATCH_SIZE=0x40000 diff --git a/boot/espressif/secureboot-sign-rsa3072.conf b/boot/espressif/secureboot-sign-rsa3072.conf index 1dfc3cf4..f6b2c9b8 100644 --- a/boot/espressif/secureboot-sign-rsa3072.conf +++ b/boot/espressif/secureboot-sign-rsa3072.conf @@ -19,10 +19,3 @@ CONFIG_ESP_SIGN_KEY_FILE=root-rsa-3072.pem CONFIG_ESP_USE_MBEDTLS=1 CONFIG_ESP_SIGN_RSA=1 CONFIG_ESP_SIGN_RSA_LEN=3072 -CONFIG_ESP_BOOTLOADER_SIZE=0xF000 -CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS=0x10000 -CONFIG_ESP_APPLICATION_SIZE=0x100000 -CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS=0x110000 -CONFIG_ESP_MCUBOOT_WDT_ENABLE=1 -CONFIG_ESP_SCRATCH_OFFSET=0x210000 -CONFIG_ESP_SCRATCH_SIZE=0x40000 diff --git a/boot/espressif/tools/utils.cmake b/boot/espressif/tools/utils.cmake new file mode 100644 index 00000000..8e3b0c20 --- /dev/null +++ b/boot/espressif/tools/utils.cmake @@ -0,0 +1,31 @@ +# SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD +# +# SPDX-License-Identifier: Apache-2.0 + +# Parse config files (.conf, format: =) and set each as +# definitions and variables +function(parse_and_set_config_file CONFIG_FILE) + file(STRINGS ${CONFIG_FILE} BOOTLOADER_CONF) + foreach(config ${BOOTLOADER_CONF}) + if (NOT (${config} MATCHES "#")) + string(REGEX REPLACE "^[ ]+" "" config ${config}) + string(REGEX MATCH "^[^=]+" CONFIG_NAME ${config}) + string(REPLACE "${CONFIG_NAME}=" "" CONFIG_VALUE ${config}) + # Overrides if already defined (definitions from latter file prevails over the former) + if (DEFINED ${CONFIG_NAME}) + set(CONFIG_OLD "${CONFIG_NAME}") + remove_definitions(-D${CONFIG_NAME}=${${CONFIG_OLD}}) + endif() + if (NOT ("${CONFIG_VALUE}" STREQUAL "n" + OR "${CONFIG_VALUE}" STREQUAL "N")) + + if (("${CONFIG_VALUE}" STREQUAL "y") + OR ("${CONFIG_VALUE}" STREQUAL "Y")) + set(CONFIG_VALUE 1) + endif() + add_definitions(-D${CONFIG_NAME}=${CONFIG_VALUE}) + set(${CONFIG_NAME} ${CONFIG_VALUE} PARENT_SCOPE) + endif() + endif() + endforeach() +endfunction() diff --git a/ci/espressif_run.sh b/ci/espressif_run.sh index 56104684..30e10820 100755 --- a/ci/espressif_run.sh +++ b/ci/espressif_run.sh @@ -19,11 +19,11 @@ build_mcuboot() { local target=${1} local feature=${2} local toolchain_file="${ESPRESSIF_ROOT}/tools/toolchain-${target}.cmake" - local mcuboot_config="${ESPRESSIF_ROOT}/bootloader.conf" + local mcuboot_config="${ESPRESSIF_ROOT}/port/${target}/bootloader.conf" local build_dir=".build-${target}" if [ -n "${feature}" ]; then - mcuboot_config="${ESPRESSIF_ROOT}/secureboot-${feature}.conf" + mcuboot_config="${mcuboot_config};${ESPRESSIF_ROOT}/secureboot-${feature}.conf" build_dir=".build-${target}-${feature}" fi diff --git a/docs/readme-espressif.md b/docs/readme-espressif.md index e72384f5..8a9f6e75 100644 --- a/docs/readme-espressif.md +++ b/docs/readme-espressif.md @@ -43,7 +43,7 @@ cd ../.. ## [Building the bootloader itself](#building-the-bootloader-itself) -The MCUboot Espressif port bootloader is built using the toolchain and tools provided by ESP-IDF. Additional configuration related to MCUboot features and slot partitioning may be made using the `bootloader.conf`. +The MCUboot Espressif port bootloader is built using the toolchain and tools provided by ESP-IDF. Additional configuration related to MCUboot features and slot partitioning may be made using the `port//bootloader.conf` file or passing a custom config file using the `-DMCUBOOT_CONFIG_FILE` argument on the first step below. --- ***Note*** @@ -52,23 +52,25 @@ The MCUboot Espressif port bootloader is built using the toolchain and tools pro --- -1. Compile and generate the ELF: +1. Compile and generate the BIN: ``` -cmake -DCMAKE_TOOLCHAIN_FILE=tools/toolchain-.cmake -DMCUBOOT_TARGET= -B build -GNinja -cmake --build build/ +cmake -DCMAKE_TOOLCHAIN_FILE=tools/toolchain-.cmake -DMCUBOOT_TARGET= -DMCUBOOT_FLASH_PORT= -B build -GNinja +ninja --build build/ ``` -2. Convert the ELF to the final bootloader image, ready to be flashed: +2. Flash MCUboot in your device: ``` -esptool.py --chip elf2image --flash_mode dio --flash_freq 40m --flash_size -o build/mcuboot_.bin build/mcuboot_.elf +ninja -C build/ flash ``` -3. Flash MCUboot in your device: +If `MCUBOOT_FLASH_PORT` arg was not passed to `cmake`, the default `PORT` for flashing will be `/dev/ttyUSB0`. + +Alternatively: ``` -esptool.py -p -b --before default_reset --after hard_reset --chip write_flash --flash_mode dio --flash_size --flash_freq 40m build/mcuboot_.bin +esptool.py -p -b --before default_reset --after no_reset --chip write_flash --flash_mode dio --flash_size --flash_freq 40m build/mcuboot_.bin ``` --- ***Note*** @@ -94,6 +96,8 @@ Detected flash size: 4MB --- +3. Reset your device + ## [Signing and flashing an application](#signing-and-flashing-an-application) 1. Images can be regularly signed with the `scripts/imgtool.py` script: