Commit Graph

37 Commits

Author SHA1 Message Date
Michael Grand 5047f032c9 fih: Hardening of fault injection countermeasures
Returned values are now hardcoded. Indeed, while it is not
strictly needed (few return values different from SUCCESS
or FAILURE) complexity added by encoding return values might
cause the software to be vulnerable to fault attacks.

Return type changed from fih_int to fih_ret to make
the whole thing much simpler and therefore more robust
to fault attacks. In addition, its easier to predict
compiler behavior.

Affectation of sentive variables has been hardened using macro
FIH_SET (affectation + check wether write access has been properly
done). FIH_DECLARE() is added to ease the declaration of sentive
variables.

Equality tests fih_eq() and fih_not_eq() are now macros because
inlining produce more complex code (and weaker) than macros.
In addition fih_not_eq is modified to be the negation of fih_eq
which was not the case until now.

when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added
in some part of the code.

variable image_mask (bootutil_priv.h) is now volatile because a
double IF test is made on it.

some others parts of the code have been hardenned (eg. loop on images)

Signed-off-by: Michael Grand <m.grand@trustngo.tech>
2023-01-30 09:34:34 -07:00
Almir Okato 78d50b2f07 espressif:ESP32-S3: Fix multiboot APP CPU start
Add missing function for starting the APP CPU when booting the
second image (multi image).

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2023-01-24 22:56:02 -03:00
Almir Okato 84da51b646 espressif: add downgrade prevention feature
Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-12-19 11:02:55 -03:00
Almir Okato fc1eabf6bb boot_serial: espressif: ESP32-S3 serial recovery mode interface
Add the serial adapter for ESP32-S3 for boot recovery and MCUMGR
communication.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-11-11 11:22:00 -03:00
Almir Okato 4099583c12 boot_serial: espressif: ESP32-S2 serial recovery mode interface
Add the serial adapter for ESP32-S2 for boot recovery and MCUMGR
communication.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-11-11 11:22:00 -03:00
Almir Okato 09cca3815a boot_serial: espressif: ESP32-C3 serial recovery mode
Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-09-29 11:37:13 -03:00
Almir Okato 707a69d40c boot_serial: espressif: enable erase progressively option on serial recovery
Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-09-29 11:37:13 -03:00
Almir Okato 0dcdbab886 boot_serial: espressif: split serial adapter implementation for each chip
This commit also fixes array access on serial console read.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-09-29 11:37:13 -03:00
Almir Okato e8cbc0d0f1 boot_serial: espressif: ESP32 serial recovery mode interface
Add the serial adapter for ESP32 for boot recovery and MCUMGR
communication.

Signed-off-by: Almir Okato <almir.okato@espressif.com>

espressif: Configure console via bootloader_support functions

Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2022-07-19 11:07:04 -03:00
Gustavo Henrique Nihei 1eb3ecaeda espressif: Fix flash_area_write support for unaligned write accesses
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-07-19 11:07:04 -03:00
Almir Okato c4b305863a espressif:esp32: Move app entry point call back to iram_loader_seg region
Entry point call was moved back from main to esp_loader, so it is
called from iram_loader_seg memory region

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-05-11 07:57:27 -03:00
Almir Okato fa173df366 espressif: Add warning for unsupported chip revision
Added checking and warning for ESP32, ESP32-S2, ESP32-C3, ESP32-S3
unsupported chip revisions on their initialization.

Made respectively changes for build system and documentation.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-05-09 15:55:23 -03:00
Almir Okato 1dc71368b2 espressif: grouping common functions for esp chips init functions
Grouped common bootloader init functions among esp32, esp32s2,
esp32c3 and esp32s3 into common files.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-05-09 15:55:23 -03:00
Almir Okato a1d641d59e espressif:esp32: Add multi image support
Changes on configuration and flash area organization for supporting
multi image and implementation for booting on different processors
on esp32

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-03-16 03:58:01 -03:00
Almir Okato b365e234a3 espressif: add missing information for secure features
Add instructions on the readme-espressif.md on how to encrypt
data on the host.
Also add configuration and instructions for disabling/switch
UART ROM Download Mode.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-03-14 11:19:31 -03:00
Almir Okato 42e679d60a espressif:esp32s3: Add esp32s3 initial support
ESP32-S3 target and related files added to the Espressif port.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2022-01-26 20:52:04 -03:00
Almir Okato 14763b1cd2 espressif: ESP32, ESP32S2 and ESP32C3 native flash encryption
Native flash encryption was added as option for Espressif chips and
added to the initialization process before MCUboot workflow.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2021-12-28 10:51:54 -03:00
Gustavo Henrique Nihei 818964d513 espressif: Use "TAG" field from SOC_LOG* macros from IDF libraries
This also removes the need for passing "-Wno-unused-variable" compiler
flag, since now TAG is being used as part of the log message.

Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-22 10:54:52 -03:00
Gustavo Henrique Nihei 67b73d3c79 espressif: Add CI jobs for Secure boot enabled images
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-20 09:20:14 -03:00
Gustavo Henrique Nihei a3495105af espressif: Fix support for signing algorithms
The build system previously restricted the usage of some signing
algorithms due to build issues.

Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-20 09:20:14 -03:00
Gustavo Henrique Nihei 4aa286d2db flash_map: Increase minimum supported write align via flash_area_align
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-16 13:19:12 -07:00
Gustavo Henrique Nihei 3ee626f36e espressif: Fix ESP32-C3 support for booting signed apps
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-09 13:15:45 -03:00
Gustavo Henrique Nihei 523ef3fc2f espressif: Add support for hardware Secure Boot
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-09 13:15:45 -03:00
Gustavo Henrique Nihei ce3668fd60 espressif: Use "TAG" field from ESP_LOG* macros from IDF libraries
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-09 13:15:45 -03:00
Gustavo Henrique Nihei 6a6b8915a8 espressif: Bump IDF version to v4.4
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-12-09 13:15:45 -03:00
Gustavo Henrique Nihei d985d22abe espressif: Use BOOT_LOG_* macros instead of the MCUBOOT_LOG_*
Also refined the include directives, by removing unused headers and
making the usage of brackets and quotes a bit more coherent,

Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-11-14 10:26:55 -03:00
Gustavo Henrique Nihei 33a3831b13 espressif: Remove write alignment handling
Write operations are always expected to be aligned according to the port
configuration.

Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-11-05 15:23:42 -06:00
Gustavo Henrique Nihei 74a2742c3d espressif: Fix flash_area_read support for unaligned accesses
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-11-05 15:23:42 -06:00
Gustavo Henrique Nihei 72627c5029 espressif: Allow use of imgtool other than the one from repository
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
2021-11-04 06:15:47 -03:00
Almir Okato eb6b7bf3eb espressif: Enable signature verification (RSA, EC256 and ED25519)
MbedTLS and Tinycrypt security lib options added to Espressif's
configuration and build.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2021-10-07 18:30:20 -03:00
Almir Okato 712fdb5ad0 espressif: Add ESP32-C3 initial basic support
ESP32-C3 target added to the Espressif port, CMakeLists, and
added related files to ESP32-C3 target directory as well.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2021-09-23 20:28:07 -03:00
Almir Okato d532029ca4 espressif: Add ESP32-S2 initial basic support
ESP32S2 target added to the Espressif port, modified CMakeLists,
and added the bootloader related files to esp32s2 target directory.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2021-09-23 18:39:07 -03:00
Almir Okato 5ab8cfdaa3 boot/espressif: Remove toolchain libc linking
Fix unnecessary dependencies caused by toolchain's libc inclusion.

Signed-off-by: Almir Okato <almir.okato@espressif.com>
2021-08-24 07:50:35 -03:00
Shubham Kulkarni 8787bb04ae boot/espressif: Update main.c to call init and loader functions
Add ESP specific loader code to load host application

Signed-off-by: Shubham Kulkarni <shubham.kulkarni@espressif.com>
2021-08-09 14:57:53 -06:00
Shubham Kulkarni cd86965429 boot/espressif: Update MCUBoot port to use bootloader_flash_* APIs
Signed-off-by: Shubham Kulkarni <shubham.kulkarni@espressif.com>
2021-08-09 14:57:53 -06:00
Shubham Kulkarni c75b3c74f2 boot/espressif: Add hal subdirectory for IDF sources and headers
Signed-off-by: Shubham Kulkarni <shubham.kulkarni@espressif.com>
2021-08-09 14:57:53 -06:00
Shubham Kulkarni 052561dcc0 boot/espressif: Add CMakeLists.txt and mcuboot_config.h
Add sources and headers required for build

Signed-off-by: Shubham Kulkarni <shubham.kulkarni@espressif.com>
2021-08-09 14:57:53 -06:00