espressif: ESP32, ESP32S2 and ESP32C3 native flash encryption
Native flash encryption was added as option for Espressif chips and
added to the initialization process before MCUboot workflow.
Signed-off-by: Almir Okato <almir.okato@espressif.com>
diff --git a/boot/espressif/port/esp32/ld/bootloader.ld b/boot/espressif/port/esp32/ld/bootloader.ld
index 8249181..9933bd3 100644
--- a/boot/espressif/port/esp32/ld/bootloader.ld
+++ b/boot/espressif/port/esp32/ld/bootloader.ld
@@ -12,9 +12,9 @@
MEMORY
{
- iram_seg (RWX) : org = 0x40093000, len = 0x9000
- iram_loader_seg (RWX) : org = 0x4009C000, len = 0x4000
- dram_seg (RW) : org = 0x3FFF5000, len = 0x8000
+ iram_seg (RWX) : org = 0x40093000, len = 0x8800
+ iram_loader_seg (RWX) : org = 0x4009B800, len = 0x4800
+ dram_seg (RW) : org = 0x3FFF5000, len = 0x8900
}
/* Default entry point: */
diff --git a/boot/espressif/port/esp32c3/ld/bootloader.ld b/boot/espressif/port/esp32c3/ld/bootloader.ld
index 61dd412..c627cb9 100644
--- a/boot/espressif/port/esp32c3/ld/bootloader.ld
+++ b/boot/espressif/port/esp32c3/ld/bootloader.ld
@@ -14,7 +14,7 @@
{
iram_seg (RWX) : org = 0x403C8000, len = 0x8000
iram_loader_seg (RWX) : org = 0x403D0000, len = 0x4800
- dram_seg (RW) : org = 0x3FCD5000, len = 0x8800
+ dram_seg (RW) : org = 0x3FCD5000, len = 0x8C00
}
/* Default entry point: */
diff --git a/boot/espressif/port/esp32s2/ld/bootloader.ld b/boot/espressif/port/esp32s2/ld/bootloader.ld
index d01e7a5..3521894 100644
--- a/boot/espressif/port/esp32s2/ld/bootloader.ld
+++ b/boot/espressif/port/esp32s2/ld/bootloader.ld
@@ -9,12 +9,12 @@
* The main purpose is to make sure the bootloader can load into main memory
* without overwriting itself.
*/
-
+
MEMORY
{
iram_seg (RWX) : org = 0x40048000, len = 0x8000
iram_loader_seg (RWX) : org = 0x40050000, len = 0x5000
- dram_seg (RW) : org = 0x3FFE5000, len = 0x8000
+ dram_seg (RW) : org = 0x3FFE5000, len = 0x8E00
}
/* Default entry point: */
diff --git a/boot/espressif/port/esp_loader.c b/boot/espressif/port/esp_loader.c
index 9e6aef6..f2f7d87 100644
--- a/boot/espressif/port/esp_loader.c
+++ b/boot/espressif/port/esp_loader.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd.
+ * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -10,6 +10,7 @@
#include <bootutil/fault_injection_hardening.h>
#include "bootloader_flash_priv.h"
+#include "esp_flash_encrypt.h"
#include "soc/soc_memory_layout.h"
#if CONFIG_IDF_TARGET_ESP32
@@ -20,24 +21,10 @@
#include "esp32c3/rom/uart.h"
#endif
+#include "esp_mcuboot_image.h"
#include "esp_loader.h"
#include "flash_map_backend/flash_map_backend.h"
-#define ESP_LOAD_HEADER_MAGIC 0xace637d3 /* Magic is derived from sha256sum of espmcuboot */
-
-/*
- * Load header that should be a part of application image.
- */
-typedef struct image_load_header {
- uint32_t header_magic; /* Magic for load header */
- uint32_t entry_addr; /* Application entry address */
- uint32_t iram_dest_addr; /* Destination address(VMA) for IRAM region */
- uint32_t iram_flash_offset; /* Flash offset(LMA) for start of IRAM region */
- uint32_t iram_size; /* Size of IRAM region */
- uint32_t dram_dest_addr; /* Destination address(VMA) for DRAM region */
- uint32_t dram_flash_offset; /* Flash offset(LMA) for start of DRAM region */
- uint32_t dram_size; /* Size of DRAM region */
-} image_load_header_t;
static int load_segment(const struct flash_area *fap, uint32_t data_addr, uint32_t data_len, uint32_t load_addr)
{
@@ -57,16 +44,15 @@
int area_id;
int rc;
- image_load_header_t load_header = {0};
-
area_id = flash_area_id_from_image_slot(slot);
rc = flash_area_open(area_id, &fap);
if (rc != 0) {
BOOT_LOG_ERR("%s: flash_area_open failed with %d", __func__, rc);
}
- const uint32_t *data = (const uint32_t *)bootloader_mmap((fap->fa_off + hdr_offset), sizeof(image_load_header_t));
- memcpy((void *)&load_header, data, sizeof(image_load_header_t));
+ const uint32_t *data = (const uint32_t *)bootloader_mmap((fap->fa_off + hdr_offset), sizeof(esp_image_load_header_t));
+ esp_image_load_header_t load_header = {0};
+ memcpy((void *)&load_header, data, sizeof(esp_image_load_header_t));
bootloader_munmap(data);
if (load_header.header_magic != ESP_LOAD_HEADER_MAGIC) {
diff --git a/boot/espressif/port/esp_mcuboot.c b/boot/espressif/port/esp_mcuboot.c
index 4dd03b9..5cda2ae 100644
--- a/boot/espressif/port/esp_mcuboot.c
+++ b/boot/espressif/port/esp_mcuboot.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2021 Espressif Systems (Shanghai) Co., Ltd.
+ * SPDX-FileCopyrightText: 2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -11,8 +11,10 @@
#include <bootutil/bootutil.h>
#include <bootutil/bootutil_log.h>
+#include "sdkconfig.h"
#include "esp_err.h"
#include "bootloader_flash_priv.h"
+#include "esp_flash_encrypt.h"
#include "flash_map_backend/flash_map_backend.h"
#include "sysflash/sysflash.h"
@@ -45,7 +47,7 @@
_Static_assert(IS_ALIGNED(FLASH_BUFFER_SIZE, 4), "Buffer size for SPI Flash operations must be 4-byte aligned.");
-#define BOOTLOADER_START_ADDRESS 0x1000
+#define BOOTLOADER_START_ADDRESS CONFIG_BOOTLOADER_OFFSET_IN_FLASH
#define BOOTLOADER_SIZE CONFIG_ESP_BOOTLOADER_SIZE
#define APPLICATION_PRIMARY_START_ADDRESS CONFIG_ESP_APPLICATION_PRIMARY_START_ADDRESS
#define APPLICATION_SECONDARY_START_ADDRESS CONFIG_ESP_APPLICATION_SECONDARY_START_ADDRESS
@@ -196,10 +198,12 @@
return -1;
}
+ bool flash_encryption_enabled = esp_flash_encryption_enabled();
+
const uint32_t start_addr = fa->fa_off + off;
BOOT_LOG_DBG("%s: Addr: 0x%08x Length: %d", __func__, (int)start_addr, (int)len);
- if (bootloader_flash_write(start_addr, (void *)src, len, false) != ESP_OK) {
+ if (bootloader_flash_write(start_addr, (void *)src, len, flash_encryption_enabled) != ESP_OK) {
BOOT_LOG_ERR("%s: Flash write failed", __func__);
return -1;
}
@@ -241,7 +245,18 @@
uint32_t flash_area_align(const struct flash_area *area)
{
- return 4;
+ static size_t align = 0;
+
+ if (align == 0) {
+ bool flash_encryption_enabled = esp_flash_encryption_enabled();
+
+ if (flash_encryption_enabled) {
+ align = 32;
+ } else {
+ align = 4;
+ }
+ }
+ return align;
}
uint8_t flash_area_erased_val(const struct flash_area *area)