Adjust secure boot and flash encryption after IDF v5.x updates.
It also allows to enable secure boot on ESP32-C2.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Remove the ESP-IDF from git submodules to avoid potential
duplicated repo clones on the user system. IDF HAL code is still
a dependency for Espressif port, therefore now the HAL code
reference needs to be passed by parameter when building.
The Espressif port was also updated to work with last v5.1 IDF
code.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
This patch refactor the RSA operations done by the signature verification
module and by the encrypted images decryption module. Previous solution is
tightly coupled with Mbed TLS, while this patch provides an abstraction of
the RSA functionalities in a dedicated crypto abstraction header, crypto/rsa.h
that supports both Mbed TLS APIs and PSA Crypto APIs. In case of PSA Crypto,
the verification scheme is directly provided by the crypto backend hence it
simplifies the operations done in the image verification module.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I973bc3374b62eee2d7717c2368bce7611d37a0c8
Replaces the auto-generated decoding/encoding files with inline code
for encoding/decoding cbor data structures, this adds the benefit of
allowing the elements to be in any order and reduces code size. To
accommodate this, zcbor_bulk has been imported from Zephyr.
Signed-off-by: Jamie McCrae <jamie.mccrae@nordicsemi.no>
Remove the generic ECDSA verification module and keep the
existing one, just renaming it image_ecdsa.c. Make sure
that the abstraction layer is generically called ecdsa.h
and the abstraction names are not P256 specific.
Signed-off-by: Antonio de Angelis <Antonio.deAngelis@arm.com>
Change-Id: I6f78cfc1b1c2851cdad67efa91c6cb49498187bb
Commits adds implementation of flash_area_get_sector that
is supposed to replace flash_area_sector_from_off.
The flash_area_get_sector gets additional parameter of flash_area
type, while flash_area_sector_from_off uses hardcoded flash_area.
Signed-off-by: Dominik Ermel <dominik.ermel@nordicsemi.no>
Add jobs for testing build ESP32-XX within more features:
Serial Recovery, Multi Image and Multi Boot
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Returned values are now hardcoded. Indeed, while it is not
strictly needed (few return values different from SUCCESS
or FAILURE) complexity added by encoding return values might
cause the software to be vulnerable to fault attacks.
Return type changed from fih_int to fih_ret to make
the whole thing much simpler and therefore more robust
to fault attacks. In addition, its easier to predict
compiler behavior.
Affectation of sentive variables has been hardened using macro
FIH_SET (affectation + check wether write access has been properly
done). FIH_DECLARE() is added to ease the declaration of sentive
variables.
Equality tests fih_eq() and fih_not_eq() are now macros because
inlining produce more complex code (and weaker) than macros.
In addition fih_not_eq is modified to be the negation of fih_eq
which was not the case until now.
when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added
in some part of the code.
variable image_mask (bootutil_priv.h) is now volatile because a
double IF test is made on it.
some others parts of the code have been hardenned (eg. loop on images)
Signed-off-by: Michael Grand <m.grand@trustngo.tech>
Add the serial adapter for ESP32 for boot recovery and MCUMGR
communication.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
espressif: Configure console via bootloader_support functions
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Entry point call was moved back from main to esp_loader, so it is
called from iram_loader_seg memory region
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Added checking and warning for ESP32, ESP32-S2, ESP32-C3, ESP32-S3
unsupported chip revisions on their initialization.
Made respectively changes for build system and documentation.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Grouped common bootloader init functions among esp32, esp32s2,
esp32c3 and esp32s3 into common files.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Changes on configuration and flash area organization for supporting
multi image and implementation for booting on different processors
on esp32
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Add instructions on the readme-espressif.md on how to encrypt
data on the host.
Also add configuration and instructions for disabling/switch
UART ROM Download Mode.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Native flash encryption was added as option for Espressif chips and
added to the initialization process before MCUboot workflow.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
This also removes the need for passing "-Wno-unused-variable" compiler
flag, since now TAG is being used as part of the log message.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
The build system previously restricted the usage of some signing
algorithms due to build issues.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Also refined the include directives, by removing unused headers and
making the usage of brackets and quotes a bit more coherent,
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Write operations are always expected to be aligned according to the port
configuration.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
ESP32-C3 target added to the Espressif port, CMakeLists, and
added related files to ESP32-C3 target directory as well.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Almir Okato