pioduino/esp-idf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
46,703 Commits 1 Branch 0 Tags
2cf77b0331f696c73fbcb60bf300a4bb57ce5cf4
Commit Graph

162 Commits

Author SHA1 Message Date
harshal.patil 6ea63548d4 fix(esp_security): Set WR_DIS_SECURE_BOOT_SHA384_EN by default when 
Flash Encryption Release mode is enabled and Secure Boot P384 scheme not is enabled.
 2025-11-11 17:53:04 +05:30
harshal.patil d902072d80 fix(bootloader_support): Reorder write protection bits of some shared security efuses 2025-10-13 10:40:16 +05:30
Mahavir Jain b0713ffe08 fix(bootloader): correct encryption length for secure update without secure boot 
For secure update without secure boot case, the encryption length for
app image must consider signature block length as well. This was
correctly handled for secure boot case but not for secure update without
secure boot.
 2025-09-16 10:16:37 +05:30
harshal.patil 476f8f6f51 feat(bootloader_support): Support Secure Boot using ECDSA-P384 curve 2025-07-25 14:25:31 +05:30
harshal.patil 0644f453be fix(bootlaoder): Fix documentation as ESP32 does not support secure download mode 2025-06-30 10:26:36 +05:30
Chen Jichang 45ba78940f feat(esp32h4): finnal introduce hello world 2025-03-19 18:48:41 +08:00
nilesh.kale 652879ff06 feat: enable flash encryption support for esp32h21 2025-03-13 10:37:11 +05:30
harshal.patil a6ea9bcd41 fix(secure_boot): Fix SB verification failure when sig block and key digest mismatch 
- Secure boot V2 verification failed when multiple keys are used to sign the bootloader
  and the application is signed with a key other than the first key that is used to
  sign the bootloader.
- The issue was introduced as a regression from the commit `ff16ce43`.
- Added a QEMU test for recreating the issue.
- Made SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT independent of SECURE_BOOT_BUILD_SIGNED_BINARIES.
 2025-03-04 11:26:51 +05:30
Mahavir Jain 6a4a124d65 Merge branch 'feature/enable_rsa_based_secure_boot_for_c5_eco1' into 'master' 
feat(bootloader_support): enabled RSA based secure boot scheme for ESP32C5 ECO1

Closes IDF-10453 and IDF-11441

See merge request espressif/esp-idf!35104
 2024-12-04 18:00:34 +08:00
nilesh.kale 1e11340061 feat(bootloader_support): enabled RSA based secure boot scheme for ESP32C5 ECO1 
This commit enabled RSA based secure boot scheme for ESP32C5 ECO1 module.
This update also adds a check to ensure the selected secure boot scheme is
valid for ECO0 modules.
 2024-12-03 16:48:56 +05:30
harshal.patil f02dc64ce6 feat(bootloader_support): Permanently enable pseudo rounds function for XTS-AES during start-up 2024-12-03 11:17:54 +05:30
Konstantin Kondrashov 816a0da0fd feat(bootloader): Adds bootloader anti rollback configs 2024-11-08 13:53:24 +02:00
Konstantin Kondrashov bb329c4e53 feat(bootloader): Move rollback configs into a separate menu 2024-11-07 19:25:58 +02:00
Guillaume Souchere ab4e658af6 fix(bootloader): Update pin range for factory reset and app test 
Update the range for pin selection of BOOTLOADER_NUM_PIN_APP_TEST
and BOOTLOADER_NUM_PIN_FACTORY_RESET based on the selected target.

Closes https://github.com/espressif/esp-idf/issues/14508
 2024-09-06 07:18:46 +02:00
Marius Vikhammer 289ceff0e0 docs(build): update comments regarding -Os/Oz for kconfig compiler option 2024-08-27 13:41:34 +08:00
harshal.patil 03a15664ee change(bootloader_support/secure_boot): Improve description of the config SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS 
Co-authored-by: Zhang Shuxian <zhangshuxian@espressif.com>
 2024-08-21 16:32:54 +05:30
Jan Beran 01ee296db0 fix: fix various errors in Kconfig files 2024-07-17 11:33:22 +02:00
Mahavir Jain 6669caf4cf Merge branch 'feature/esp32c5_memory_protection' into 'master' 
Support memory protection using PMA and PMP for ESP32-C5

Closes IDF-8833

See merge request espressif/esp-idf!31245
 2024-06-26 19:18:39 +08:00
harshal.patil 84afc6a955 feat(esp_hw_support): Support memory protection using PMA and PMP for ESP32-C5 2024-06-25 11:55:15 +05:30
Konstantin Kondrashov ee605e35b4 feat(bootloader): BOOTLOADER_SKIP_VALIDATE_IN_DEEP_SLEEP for C2 (without RTC_MEM) 2024-06-25 02:09:59 +08:00
C.S.M 374c89097f feat(spi_flash): Adjust flash clock to real 80M clock, and support 32bit address on eco1 2024-05-27 19:42:47 +08:00
Konstantin Kondrashov 4ad9ad8086 feat(log): Adds new timestamp APIs and bootloader log Kconfigs 2024-05-21 17:22:34 +03:00
Xiaoyu Liu 1db02e48ef fix(bootloader): fix spelling errors in /components/bootloader/Kconfig.projbuild 2024-03-29 10:59:46 +08:00
Jiang Jiang Jian e1a5633e18 Merge branch 'bugfix/bootloader_custom_rtc_data_crc_master' into 'master' 
fix(bootloader): add legacy retained memory CRC calculation

Closes IDFGH-11747

See merge request espressif/esp-idf!28934
 2024-02-21 10:39:14 +08:00
harshal.patil f4581d7103 docs(secure_boot_v2): Specify the workflow to disable revocation of unused key digests slots 2024-02-15 14:31:41 +05:30
Omar Chebib 75eb489105 fix(bootloader): add legacy retained memory CRC calculation 
* Closes https://github.com/espressif/esp-idf/issues/12849

In former versions of ESP-IDF, the user custom memory data in the retained memory
was taken into account during the CRC calculation. This was changed in a later
commit, the custom memory was ignored, therefore this can seen as a breaking change.
This commit gives the possibility to choose between the former (legacy) or
new way of calculating the CRC.
 2024-02-09 16:49:56 +08:00
KonstantinKondrashov c40afaf4ad feat(doc): Update the WDT article 
Closes https://github.com/espressif/esp-idf/issues/12995
 2024-01-31 15:19:17 +08:00
Marius Vikhammer 760d711491 fix(build): remove CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_NONE option from c6, h2 and p4 
CONFIG_BOOTLOADER_COMPILER_OPTIMIZATION_NONE doesnt really have many use cases, but it will
force us to keep increasing bootloader segment sizes just to allow for building this options.

Deprecate this config for new chips.
 2024-01-10 12:03:37 +08:00
laokaiyao 11e19f40b9 feat(esp32c5): support to build hello world on esp32c5 beta3 2024-01-09 13:11:11 +08:00
harshal.patil 42943845e4 feat(bootloader_support): Encrypt only the app image instead of the whole partition 
Currently, when flash encryption is enabled, the whole partition gets encrypted.
This can be optimised by encrypting only the app image instead of encrypting the whole partition.

Closes https://github.com/espressif/esp-idf/issues/12576
 2023-12-18 17:10:17 +05:30
Laukik Hase 429cb75661 Merge branch 'fix/nvs_encr_flash_enc_dependency' into 'master' 
fix(nvs_flash): Remove the forceful selection of NVS_ENCRYPTION with flash encryption

Closes IDFGH-11411

See merge request espressif/esp-idf!27286
 2023-12-06 02:08:01 +08:00
Laukik Hase ea51f4e2f7 fix(nvs_flash): Remove the forceful selection of NVS_ENCRYPTION with flash encryption 
- This change will introduce a breaking change for SoCs with the HMAC
  peripheral. Turning on flash encryption will no longer enable NVS
  encryption automatically.

Closes https://github.com/espressif/esp-idf/issues/12549
 2023-12-04 16:18:01 +05:30
Armando f470f66f75 change(flash): use xmc support for p4 fpga images 2023-12-04 14:52:54 +08:00
Cao Sen Miao fe007196f2 bugfix(spi_flash): Fix wrong naming on 32bit address 2023-11-01 12:42:22 +08:00
Xiao Xufeng 1f5fb3f921 spi_flash: fixed issue that enabling HPM-DC by default may cause app unable to restart 2023-10-24 10:38:08 +08:00
Harshit Malpani 7c2df01af2 fix(bootloader): Update kconfig option 2023-09-25 12:02:58 +05:30
Armando 706d684418 feat(esp32p4): introduced new target esp32p4, supported hello_world 2023-08-09 19:33:25 +08:00
Armando c448597f24 kconfig: introduced CONFIG_IDF_ENV_BRINGUP for new chip bringup usage 2023-06-26 03:30:23 +00:00
harshal.patil 873901e7aa bootloader: add a config to enable flashing of bootloader using 
the command `idf.py flash` when secure boot v2 is enabled.
 2023-05-24 11:50:14 +05:30
Laukik Hase c1bed366ba nvs_flash: Add support for HMAC-based NVS encryption keys protection scheme 
- This features allows the NVS encryption keys to be derived and protected using
  the HMAC peripheral. Since the encryption keys are derived at runtime, they
  are not stored anywhere in the flash and hence this feature does not require
  a separate `nvs_keys` partition.
 2023-05-23 13:55:52 +05:30
Zhang Xiao Yan 81558fb77d Merge branch 'docs/update_algorithm_and_key_from_aes-xts_to_xts-aes' into 'master' 
docs: update the algorithm and key name from AES-XTS to XTS-AES

See merge request espressif/esp-idf!23742
 2023-05-16 17:39:58 +08:00
Linda 65ee4992ce docs: update the algorithm and key name from AES-XTS to XTS-AES 2023-05-15 17:54:50 +08:00
KonstantinKondrashov 69838403f9 esp_bootloader_format: Adds bootloader description structure to read bootloader version from app 
Closes https://github.com/espressif/esp-idf/issues/8800
Closes https://github.com/espressif/esp-idf/issues/9132
 2023-05-10 21:39:52 +08:00
Mahavir Jain f22daec784 Merge branch 'feature/secure_set_efuses_to_prevent_brick_chip' into 'master' 
security: write-protect DIS_ICAHE and DIS_DCACHE

Closes IDF-5177

See merge request espressif/esp-idf!22640
 2023-03-29 11:51:09 +08:00
KonstantinKondrashov a3232e4a5b bootloader: Adds an option to leave DIS_CACHE writeable 2023-03-29 00:02:25 +08:00
KonstantinKondrashov efbafb873b bootloader_support: Adds API to detect Factory reset has happened 
Closes https://github.com/espressif/esp-idf/issues/10753
 2023-03-22 02:21:54 +08:00
KonstantinKondrashov f3394c488a efuse: Add support for esp32h2 2023-02-21 08:18:14 +00:00
wuzhenghui a5467f42a0 codeclean: only S series chip VDDSDIO is configurable 2023-01-31 22:12:58 +08:00
KonstantinKondrashov 92de037883 efuse: Hides the FLASH_ENCRYPTION_MODE_RELEASE option when using EFUSE_VIRTUAL 2022-12-22 20:03:42 +08:00
Mahavir Jain 188017d6b1 docs: Fix Secure DL mode documentation about flash read being unsupported 
Simple flash read command is not supported if Secure DL mode is enabled on the target.
Remove reference of this from the relevant docs part.

Related: https://github.com/espressif/esptool/issues/810
Related: ESPTOOL-567
Closes IDF-6468
 2022-12-14 10:03:46 +05:30