1 // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
7 // http://www.apache.org/licenses/LICENSE-2.0
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
17 #include "bootloader_flash.h"
18 #include "bootloader_random.h"
19 #include "esp_image_format.h"
20 #include "esp_flash_encrypt.h"
21 #include "esp_flash_partitions.h"
22 #include "esp_flash_data_types.h"
23 #include "esp_secure_boot.h"
24 #include "esp_efuse.h"
26 #include "rom/secure_boot.h"
28 #include "rom/cache.h"
29 #include "rom/spi_flash.h" /* TODO: Remove this */
31 static const char *TAG = "flash_encrypt";
33 /* Static functions for stages of flash encryption */
34 static esp_err_t initialise_flash_encryption(void);
35 static esp_err_t encrypt_flash_contents(uint32_t flash_crypt_cnt, bool flash_crypt_wr_dis);
36 static esp_err_t encrypt_bootloader();
37 static esp_err_t encrypt_and_load_partition_table(esp_partition_info_t *partition_table, int *num_partitions);
38 static esp_err_t encrypt_partition(int index, const esp_partition_info_t *partition);
40 esp_err_t esp_flash_encrypt_check_and_update(void)
42 uint32_t efuse_blk0 = REG_READ(EFUSE_BLK0_RDATA0_REG);
43 ESP_LOGV(TAG, "efuse_blk0 raw value %08x", efuse_blk0);
44 uint32_t flash_crypt_cnt = (efuse_blk0 & EFUSE_RD_FLASH_CRYPT_CNT_M) >> EFUSE_RD_FLASH_CRYPT_CNT_S;
45 bool flash_crypt_wr_dis = efuse_blk0 & EFUSE_WR_DIS_FLASH_CRYPT_CNT;
46 ESP_LOGV(TAG, "efuse FLASH_CRYPT_CNT 0x%x WR_DIS_FLASH_CRYPT_CNT 0x%x", flash_crypt_cnt, flash_crypt_wr_dis);
48 if (__builtin_parity(flash_crypt_cnt) == 1) {
49 /* Flash is already encrypted */
50 int left = (7 - __builtin_popcount(flash_crypt_cnt)) / 2;
51 if (flash_crypt_wr_dis) {
52 left = 0; /* can't update FLASH_CRYPT_CNT, no more flashes */
54 ESP_LOGI(TAG, "flash encryption is enabled (%d plaintext flashes left)", left);
58 /* Flash is not encrypted, so encrypt it! */
59 return encrypt_flash_contents(flash_crypt_cnt, flash_crypt_wr_dis);
63 static esp_err_t initialise_flash_encryption(void)
65 /* Before first flash encryption pass, need to initialise key & crypto config */
68 uint32_t dis_reg = REG_READ(EFUSE_BLK0_RDATA0_REG);
69 bool efuse_key_read_protected = dis_reg & EFUSE_RD_DIS_BLK1;
70 bool efuse_key_write_protected = dis_reg & EFUSE_WR_DIS_BLK1;
71 if (efuse_key_read_protected == false
72 && efuse_key_write_protected == false
73 && REG_READ(EFUSE_BLK1_RDATA0_REG) == 0
74 && REG_READ(EFUSE_BLK1_RDATA1_REG) == 0
75 && REG_READ(EFUSE_BLK1_RDATA2_REG) == 0
76 && REG_READ(EFUSE_BLK1_RDATA3_REG) == 0
77 && REG_READ(EFUSE_BLK1_RDATA4_REG) == 0
78 && REG_READ(EFUSE_BLK1_RDATA5_REG) == 0
79 && REG_READ(EFUSE_BLK1_RDATA6_REG) == 0
80 && REG_READ(EFUSE_BLK1_RDATA7_REG) == 0) {
81 ESP_LOGI(TAG, "Generating new flash encryption key...");
83 bootloader_fill_random(buf, sizeof(buf));
84 for (int i = 0; i < 8; i++) {
85 ESP_LOGV(TAG, "EFUSE_BLK1_WDATA%d_REG = 0x%08x", i, buf[i]);
86 REG_WRITE(EFUSE_BLK1_WDATA0_REG + 4*i, buf[i]);
88 bzero(buf, sizeof(buf));
89 esp_efuse_burn_new_values();
91 ESP_LOGI(TAG, "Read & write protecting new key...");
92 REG_WRITE(EFUSE_BLK0_WDATA0_REG, EFUSE_WR_DIS_BLK1 | EFUSE_RD_DIS_BLK1);
93 esp_efuse_burn_new_values();
96 if(!(efuse_key_read_protected && efuse_key_write_protected)) {
97 ESP_LOGE(TAG, "Flash encryption key has to be either unset or both read and write protected");
98 return ESP_ERR_INVALID_STATE;
100 ESP_LOGW(TAG, "Using pre-loaded flash encryption key in EFUSE block 1");
102 /* CRYPT_CONFIG determines which bits of the AES block key are XORed
103 with bits from the flash address, to provide the key tweak.
105 CRYPT_CONFIG == 0 is effectively AES ECB mode (NOT SUPPORTED)
107 For now this is hardcoded to XOR all 256 bits of the key.
109 If you need to override it, you can pre-burn this efuse to the
110 desired value and then write-protect it, in which case this
111 operation does nothing. Please note this is not recommended!
113 ESP_LOGI(TAG, "Setting CRYPT_CONFIG efuse to 0xF");
114 REG_WRITE(EFUSE_BLK0_WDATA5_REG, EFUSE_FLASH_CRYPT_CONFIG_M);
115 esp_efuse_burn_new_values();
117 #ifndef CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_WRITE
118 ESP_LOGI(TAG, "Disable UART bootloader write...");
119 //REG_WRITE(EFUSE_BLK0_
125 /* Encrypt all flash data that should be encrypted */
126 static esp_err_t encrypt_flash_contents(uint32_t flash_crypt_cnt, bool flash_crypt_wr_dis)
129 esp_partition_info_t partition_table[ESP_PARTITION_TABLE_MAX_ENTRIES];
132 /* If the last flash_crypt_cnt bit is burned or write-disabled, the
133 device can't re-encrypt itself. */
134 if (flash_crypt_wr_dis || flash_crypt_cnt == 0xFF) {
135 ESP_LOGE(TAG, "Cannot re-encrypt data (FLASH_CRYPT_CNT 0x%02x write disabled %d", flash_crypt_cnt, flash_crypt_wr_dis);
139 if (flash_crypt_cnt == 0) {
140 /* Very first flash of encrypted data: generate keys, etc. */
141 err = initialise_flash_encryption();
147 err = encrypt_bootloader();
152 err = encrypt_and_load_partition_table(partition_table, &num_partitions);
157 /* Now iterate the just-loaded partition table, looking for entries to encrypt
160 /* Go through each partition and encrypt if necessary */
161 for (int i = 0; i < num_partitions; i++) {
162 err = encrypt_partition(i, &partition_table[i]);
168 ESP_LOGD(TAG, "All flash regions checked for encryption pass");
170 /* Set least significant 0-bit in flash_crypt_cnt */
171 int ffs_inv = __builtin_ffs((~flash_crypt_cnt) & 0xFF);
172 /* ffs_inv shouldn't be zero, as zero implies flash_crypt_cnt == 0xFF */
173 uint32_t new_flash_crypt_cnt = flash_crypt_cnt + (1 << (ffs_inv - 1));
174 ESP_LOGD(TAG, "FLASH_CRYPT_CNT 0x%x -> 0x%x", flash_crypt_cnt, new_flash_crypt_cnt);
175 REG_SET_FIELD(EFUSE_BLK0_WDATA0_REG, EFUSE_FLASH_CRYPT_CNT, new_flash_crypt_cnt);
176 esp_efuse_burn_new_values();
178 ESP_LOGI(TAG, "Flash encryption completed");
183 static esp_err_t encrypt_bootloader()
186 uint32_t image_length;
187 /* Check for plaintext bootloader */
188 if (esp_image_basic_verify(ESP_BOOTLOADER_OFFSET, false, &image_length) == ESP_OK) {
189 ESP_LOGD(TAG, "bootloader is plaintext. Encrypting...");
190 err = esp_flash_encrypt_region(ESP_BOOTLOADER_OFFSET, image_length);
192 ESP_LOGE(TAG, "Failed to encrypt bootloader in place: 0x%x", err);
196 if (esp_secure_boot_enabled()) {
197 /* If secure boot is enabled and bootloader was plaintext, also
198 need to encrypt secure boot IV+digest.
200 ESP_LOGD(TAG, "Encrypting secure bootloader IV & digest...");
201 err = esp_flash_encrypt_region(FLASH_OFFS_SECURE_BOOT_IV_DIGEST,
204 ESP_LOGE(TAG, "Failed to encrypt bootloader IV & digest in place: 0x%x", err);
210 ESP_LOGW(TAG, "no valid bootloader was found");
216 static esp_err_t encrypt_and_load_partition_table(esp_partition_info_t *partition_table, int *num_partitions)
219 /* Check for plaintext partition table */
220 err = bootloader_flash_read(ESP_PARTITION_TABLE_OFFSET, partition_table, ESP_PARTITION_TABLE_MAX_LEN, false);
222 ESP_LOGE(TAG, "Failed to read partition table data");
225 if (esp_partition_table_basic_verify(partition_table, false, num_partitions) == ESP_OK) {
226 ESP_LOGD(TAG, "partition table is plaintext. Encrypting...");
227 esp_err_t err = esp_flash_encrypt_region(ESP_PARTITION_TABLE_OFFSET,
230 ESP_LOGE(TAG, "Failed to encrypt partition table in place. %x", err);
235 ESP_LOGE(TAG, "Failed to read partition table data - not plaintext?");
236 return ESP_ERR_INVALID_STATE;
239 /* Valid partition table loded */
244 static esp_err_t encrypt_partition(int index, const esp_partition_info_t *partition)
247 uint32_t image_len = partition->pos.size;
248 bool should_encrypt = (partition->flags & PART_FLAG_ENCRYPTED);
250 if (partition->type == PART_TYPE_APP) {
251 /* check if the partition holds an unencrypted app */
252 if (esp_image_basic_verify(partition->pos.offset, false, &image_len) == ESP_OK) {
253 if(image_len > partition->pos.size) {
254 ESP_LOGE(TAG, "partition entry %d has image longer than partition (%d vs %d)", index, image_len, partition->pos.size);
255 should_encrypt = false;
257 should_encrypt = true;
260 should_encrypt = false;
264 if (!should_encrypt) {
269 ESP_LOGI(TAG, "Encrypting partition %d at offset 0x%x...", index, partition->pos.offset);
271 err = esp_flash_encrypt_region(partition->pos.offset, partition->pos.size);
273 ESP_LOGE(TAG, "Failed to encrypt partition %d", index);
280 esp_err_t esp_flash_encrypt_region(uint32_t src_addr, size_t data_length)
283 uint32_t buf[FLASH_SECTOR_SIZE / sizeof(uint32_t)];
285 if (src_addr % FLASH_SECTOR_SIZE != 0) {
286 ESP_LOGE(TAG, "esp_flash_encrypt_region bad src_addr 0x%x",src_addr);
290 for (size_t i = 0; i < data_length; i += FLASH_SECTOR_SIZE) {
291 uint32_t sec_start = i + src_addr;
292 err = bootloader_flash_read(sec_start, buf, FLASH_SECTOR_SIZE, false);
296 err = bootloader_flash_erase_sector(sec_start / FLASH_SECTOR_SIZE);
300 err = bootloader_flash_write(sec_start, buf, FLASH_SECTOR_SIZE, true);
308 ESP_LOGE(TAG, "flash operation failed: 0x%x", err);