Returned values are now hardcoded. Indeed, while it is not
strictly needed (few return values different from SUCCESS
or FAILURE) complexity added by encoding return values might
cause the software to be vulnerable to fault attacks.
Return type changed from fih_int to fih_ret to make
the whole thing much simpler and therefore more robust
to fault attacks. In addition, its easier to predict
compiler behavior.
Affectation of sentive variables has been hardened using macro
FIH_SET (affectation + check wether write access has been properly
done). FIH_DECLARE() is added to ease the declaration of sentive
variables.
Equality tests fih_eq() and fih_not_eq() are now macros because
inlining produce more complex code (and weaker) than macros.
In addition fih_not_eq is modified to be the negation of fih_eq
which was not the case until now.
when FIH_NOT_EQ is used , FIH_SET(fih_rc, FIH_FAILURE) has been added
in some part of the code.
variable image_mask (bootutil_priv.h) is now volatile because a
double IF test is made on it.
some others parts of the code have been hardenned (eg. loop on images)
Signed-off-by: Michael Grand <m.grand@trustngo.tech>
Add the serial adapter for ESP32 for boot recovery and MCUMGR
communication.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
espressif: Configure console via bootloader_support functions
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Entry point call was moved back from main to esp_loader, so it is
called from iram_loader_seg memory region
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Added checking and warning for ESP32, ESP32-S2, ESP32-C3, ESP32-S3
unsupported chip revisions on their initialization.
Made respectively changes for build system and documentation.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Grouped common bootloader init functions among esp32, esp32s2,
esp32c3 and esp32s3 into common files.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Changes on configuration and flash area organization for supporting
multi image and implementation for booting on different processors
on esp32
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Add instructions on the readme-espressif.md on how to encrypt
data on the host.
Also add configuration and instructions for disabling/switch
UART ROM Download Mode.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
Native flash encryption was added as option for Espressif chips and
added to the initialization process before MCUboot workflow.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
This also removes the need for passing "-Wno-unused-variable" compiler
flag, since now TAG is being used as part of the log message.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
The build system previously restricted the usage of some signing
algorithms due to build issues.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Also refined the include directives, by removing unused headers and
making the usage of brackets and quotes a bit more coherent,
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
Write operations are always expected to be aligned according to the port
configuration.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
ESP32-C3 target added to the Espressif port, CMakeLists, and
added related files to ESP32-C3 target directory as well.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
ESP32S2 target added to the Espressif port, modified CMakeLists,
and added the bootloader related files to esp32s2 target directory.
Signed-off-by: Almir Okato <almir.okato@espressif.com>