#endif
.idf_ver = IDF_VER,
-#ifdef CONFIG_APP_SECURE_VERSION
- .secure_version = CONFIG_APP_SECURE_VERSION,
+#ifdef CONFIG_BOOTLOADER_APP_SECURE_VERSION
+ .secure_version = CONFIG_BOOTLOADER_APP_SECURE_VERSION,
#else
.secure_version = 0,
#endif
static esp_ota_img_states_t set_new_state_otadata(void)
{
-#ifdef CONFIG_APP_ROLLBACK_ENABLE
+#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
ESP_LOGD(TAG, "Monitoring the first boot of the app is enabled.");
return ESP_OTA_IMG_NEW;
#else
return ESP_ERR_OTA_PARTITION_CONFLICT;
}
-#ifdef CONFIG_APP_ROLLBACK_ENABLE
+#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
esp_ota_img_states_t ota_state_running_part;
if (esp_ota_get_state_partition(running_partition, &ota_state_running_part) == ESP_OK) {
if (ota_state_running_part == ESP_OTA_IMG_PENDING_VERIFY) {
return ESP_ERR_NOT_FOUND;
}
} else {
-#ifdef CONFIG_APP_ANTI_ROLLBACK
+#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
esp_app_desc_t partition_app_desc;
esp_err_t err = esp_ota_get_partition_description(partition, &partition_app_desc);
if (err != ESP_OK) {
return ESP_OK;
}
-#ifdef CONFIG_APP_ANTI_ROLLBACK
+#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
static esp_err_t esp_ota_set_anti_rollback(void) {
const esp_app_desc_t *app_desc = esp_ota_get_app_description();
return esp_efuse_update_secure_version(app_desc->secure_version);
int last_active_ota = (~active_ota)&1;
const esp_partition_t *partition = NULL;
-#ifndef CONFIG_APP_ANTI_ROLLBACK
+#ifndef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
if (valid_otadata[last_active_ota] == false) {
partition = esp_partition_find_first(ESP_PARTITION_TYPE_APP, ESP_PARTITION_SUBTYPE_APP_FACTORY, NULL);
if (partition != NULL) {
partition = esp_partition_find_first(ESP_PARTITION_TYPE_APP, ESP_PARTITION_SUBTYPE_APP_OTA_MIN + slot, NULL);
if (partition != NULL) {
if(image_validate(partition, ESP_IMAGE_VERIFY_SILENT) == ESP_OK) {
-#ifdef CONFIG_APP_ANTI_ROLLBACK
+#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
esp_app_desc_t app_desc;
if (esp_ota_get_partition_description(partition, &app_desc) == ESP_OK &&
esp_efuse_check_secure_version(app_desc.secure_version) == true) {
otadata[active_otadata].ota_state = ESP_OTA_IMG_VALID;
ESP_LOGD(TAG, "OTA[current] partition is marked as VALID");
esp_err_t err = rewrite_ota_seq(otadata, otadata[active_otadata].ota_seq, active_otadata, otadata_partition);
-#ifdef CONFIG_APP_ANTI_ROLLBACK
+#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
if (err == ESP_OK) {
return esp_ota_set_anti_rollback();
}
static void mark_app_valid(void)
{
-#ifdef CONFIG_APP_ROLLBACK_ENABLE
+#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
TEST_ESP_OK(esp_ota_mark_app_valid_cancel_rollback());
#endif
}
TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_ota_get_state_partition(cur_app, &ota_state));
update_partition = app_update();
TEST_ESP_OK(esp_ota_get_state_partition(update_partition, &ota_state));
-#ifndef CONFIG_APP_ROLLBACK_ENABLE
+#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state);
#else
TEST_ASSERT_EQUAL(ESP_OTA_IMG_NEW, ota_state);
TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype);
TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition());
TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state));
-#ifndef CONFIG_APP_ROLLBACK_ENABLE
+#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state);
#else
TEST_ASSERT_EQUAL(ESP_OTA_IMG_PENDING_VERIFY, ota_state);
TEST_ESP_ERR(ESP_ERR_NOT_SUPPORTED, esp_ota_get_state_partition(cur_app, &ota_state));
update_partition = app_update();
TEST_ESP_OK(esp_ota_get_state_partition(update_partition, &ota_state));
-#ifndef CONFIG_APP_ROLLBACK_ENABLE
+#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state);
#else
TEST_ASSERT_EQUAL(ESP_OTA_IMG_NEW, ota_state);
TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_0, cur_app->subtype);
TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition());
TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state));
-#ifndef CONFIG_APP_ROLLBACK_ENABLE
+#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state);
#else
TEST_ASSERT_EQUAL(ESP_OTA_IMG_PENDING_VERIFY, ota_state);
TEST_ASSERT_EQUAL(ESP_OTA_IMG_VALID, ota_state);
update_partition = app_update();
TEST_ESP_OK(esp_ota_get_state_partition(update_partition, &ota_state));
-#ifndef CONFIG_APP_ROLLBACK_ENABLE
+#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state);
#else
TEST_ASSERT_EQUAL(ESP_OTA_IMG_NEW, ota_state);
TEST_ASSERT_EQUAL(ESP_PARTITION_SUBTYPE_APP_OTA_1, cur_app->subtype);
TEST_ASSERT_NULL(esp_ota_get_last_invalid_partition());
TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state));
-#ifndef CONFIG_APP_ROLLBACK_ENABLE
+#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
TEST_ASSERT_EQUAL(ESP_OTA_IMG_UNDEFINED, ota_state);
TEST_ESP_OK(esp_ota_mark_app_invalid_rollback_and_reboot());
#else
TEST_ESP_OK(esp_ota_get_state_partition(cur_app, &ota_state));
TEST_ASSERT_EQUAL(ESP_OTA_IMG_VALID, ota_state);
TEST_ESP_OK(esp_ota_get_state_partition(invalid_partition, &ota_state));
-#ifndef CONFIG_APP_ROLLBACK_ENABLE
+#ifndef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
TEST_ASSERT_EQUAL(ESP_OTA_IMG_INVALID, ota_state);
#else
TEST_ASSERT_EQUAL(ESP_OTA_IMG_ABORTED, ota_state);
menu "Bootloader config"
- choice LOG_BOOTLOADER_LEVEL
+ choice BOOTLOADER_LOG_LEVEL
bool "Bootloader log verbosity"
- default LOG_BOOTLOADER_LEVEL_INFO
+ default BOOTLOADER_LOG_LEVEL_INFO
help
Specify how much output to see in bootloader logs.
- config LOG_BOOTLOADER_LEVEL_NONE
+ config BOOTLOADER_LOG_LEVEL_NONE
bool "No output"
- config LOG_BOOTLOADER_LEVEL_ERROR
+ config BOOTLOADER_LOG_LEVEL_ERROR
bool "Error"
- config LOG_BOOTLOADER_LEVEL_WARN
+ config BOOTLOADER_LOG_LEVEL_WARN
bool "Warning"
- config LOG_BOOTLOADER_LEVEL_INFO
+ config BOOTLOADER_LOG_LEVEL_INFO
bool "Info"
- config LOG_BOOTLOADER_LEVEL_DEBUG
+ config BOOTLOADER_LOG_LEVEL_DEBUG
bool "Debug"
- config LOG_BOOTLOADER_LEVEL_VERBOSE
+ config BOOTLOADER_LOG_LEVEL_VERBOSE
bool "Verbose"
endchoice
- config LOG_BOOTLOADER_LEVEL
+ config BOOTLOADER_LOG_LEVEL
int
- default 0 if LOG_BOOTLOADER_LEVEL_NONE
- default 1 if LOG_BOOTLOADER_LEVEL_ERROR
- default 2 if LOG_BOOTLOADER_LEVEL_WARN
- default 3 if LOG_BOOTLOADER_LEVEL_INFO
- default 4 if LOG_BOOTLOADER_LEVEL_DEBUG
- default 5 if LOG_BOOTLOADER_LEVEL_VERBOSE
+ default 0 if BOOTLOADER_LOG_LEVEL_NONE
+ default 1 if BOOTLOADER_LOG_LEVEL_ERROR
+ default 2 if BOOTLOADER_LOG_LEVEL_WARN
+ default 3 if BOOTLOADER_LOG_LEVEL_INFO
+ default 4 if BOOTLOADER_LOG_LEVEL_DEBUG
+ default 5 if BOOTLOADER_LOG_LEVEL_VERBOSE
config BOOTLOADER_SPI_WP_PIN
int "SPI Flash WP Pin when customising pins via eFuse (read help)"
source for slow_clk - and ends calling app_main.
Re-set timeout is needed due to WDT uses a SLOW_CLK clock source. After changing a frequency slow_clk a
time of WDT needs to re-set for new frequency.
- slow_clk depends on ESP32_RTC_CLC_SRC (INTERNAL_RC or EXTERNAL_CRYSTAL).
+ slow_clk depends on ESP32_RTC_CLK_SRC (INTERNAL_RC or EXTERNAL_CRYSTAL).
config BOOTLOADER_WDT_DISABLE_IN_USER_CODE
bool "Allows RTC watchdog disable in user code"
- these options can increase the execution time.
Note: RTC_WDT will reset while encryption operations will be performed.
- config APP_ROLLBACK_ENABLE
+ config BOOTLOADER_APP_ROLLBACK_ENABLE
bool "Enable app rollback support"
default n
help
Note: If during the first boot a new app the power goes out or the WDT works, then roll back will happen.
Rollback is possible only between the apps with the same security versions.
- config APP_ANTI_ROLLBACK
+ config BOOTLOADER_APP_ANTI_ROLLBACK
bool "Enable app anti-rollback support"
- depends on APP_ROLLBACK_ENABLE
+ depends on BOOTLOADER_APP_ROLLBACK_ENABLE
default n
help
This option prevents rollback to previous firmware/application image with lower security version.
- config APP_SECURE_VERSION
+ config BOOTLOADER_APP_SECURE_VERSION
int "eFuse secure version of app"
- depends on APP_ANTI_ROLLBACK
+ depends on BOOTLOADER_APP_ANTI_ROLLBACK
default 0
help
The secure version is the sequence number stored in the header of each firmware.
The security version is set in the bootloader, version is recorded in the eFuse field
as the number of set ones. The allocated number of bits in the efuse field
- for storing the security version is limited (see APP_SECURE_VERSION_SIZE_EFUSE_FIELD option).
+ for storing the security version is limited (see BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD option).
Bootloader: When bootloader selects an app to boot, an app is selected that has
a security version greater or equal that recorded in eFuse field.
Your partition table should has a scheme with ota_0 + ota_1 (without factory).
- config APP_SECURE_VERSION_SIZE_EFUSE_FIELD
+ config BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD
int "Size of the efuse secure version field"
- depends on APP_ANTI_ROLLBACK
+ depends on BOOTLOADER_APP_ANTI_ROLLBACK
range 1 32
default 32
help
The size of the efuse secure version field. Its length is limited to 32 bits.
This determines how many times the security version can be increased.
- config EFUSE_SECURE_VERSION_EMULATE
+ config BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE
bool "Emulate operations with efuse secure version(only test)"
default n
- depends on APP_ANTI_ROLLBACK
+ depends on BOOTLOADER_APP_ANTI_ROLLBACK
help
This option allow emulate read/write operations with efuse secure version.
It allow to test anti-rollback implemention without permanent write eFuse bits.
Refer to https://docs.espressif.com/projects/esp-idf/en/latest/security/secure-boot.html before enabling.
- config FLASH_ENCRYPTION_ENABLED
+ config SECURE_FLASH_ENC_ENABLED
bool "Enable flash encryption on boot (READ DOCS FIRST)"
default N
help
Read https://docs.espressif.com/projects/esp-idf/en/latest/security/flash-encryption.html before enabling.
- config FLASH_ENCRYPTION_INSECURE
+ config SECURE_FLASH_ENC_INSECURE
bool "Allow potentially insecure options"
- depends on FLASH_ENCRYPTION_ENABLED
+ depends on SECURE_FLASH_ENC_ENABLED
default N
help
You can disable some of the default protections offered by flash encryption, in order to enable testing or
https://docs.espressif.com/projects/esp-idf/en/latest/security/flash-encryption.html for details.
menu "Potentially insecure options"
- visible if FLASH_ENCRYPTION_INSECURE || SECURE_BOOT_INSECURE
+ visible if SECURE_FLASH_ENC_INSECURE || SECURE_BOOT_INSECURE
# NOTE: Options in this menu NEED to have SECURE_BOOT_INSECURE
- # and/or FLASH_ENCRYPTION_INSECURE in "depends on", as the menu
+ # and/or SECURE_FLASH_ENC_INSECURE in "depends on", as the menu
# itself doesn't enable/disable its children (if it's not set,
# it's possible for the insecure menu to be disabled but the insecure option
# to remain on which is very bad.)
config SECURE_BOOT_ALLOW_ROM_BASIC
bool "Leave ROM BASIC Interpreter available on reset"
- depends on SECURE_BOOT_INSECURE || FLASH_ENCRYPTION_INSECURE
+ depends on SECURE_BOOT_INSECURE || SECURE_FLASH_ENC_INSECURE
default N
help
By default, the BASIC ROM Console starts on reset if no valid bootloader is
config SECURE_BOOT_ALLOW_JTAG
bool "Allow JTAG Debugging"
- depends on SECURE_BOOT_INSECURE || FLASH_ENCRYPTION_INSECURE
+ depends on SECURE_BOOT_INSECURE || SECURE_FLASH_ENC_INSECURE
default N
help
If not set (default), the bootloader will permanently disable JTAG (across entire chip) on first boot
image to this length. It is generally not recommended to set this option, unless you have a legacy
partitioning scheme which doesn't support 64KB aligned partition lengths.
- config FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_ENCRYPT
+ config SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
bool "Leave UART bootloader encryption enabled"
- depends on FLASH_ENCRYPTION_INSECURE
+ depends on SECURE_FLASH_ENC_INSECURE
default N
help
If not set (default), the bootloader will permanently disable UART bootloader encryption access on
It is recommended to only set this option in testing environments.
- config FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_DECRYPT
+ config SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC
bool "Leave UART bootloader decryption enabled"
- depends on FLASH_ENCRYPTION_INSECURE
+ depends on SECURE_FLASH_ENC_INSECURE
default N
help
If not set (default), the bootloader will permanently disable UART bootloader decryption access on
Only set this option in testing environments. Setting this option allows complete bypass of flash
encryption.
- config FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_CACHE
+ config SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE
bool "Leave UART bootloader flash cache enabled"
- depends on FLASH_ENCRYPTION_INSECURE
+ depends on SECURE_FLASH_ENC_INSECURE
default N
help
If not set (default), the bootloader will permanently disable UART bootloader flash cache access on
--- /dev/null
+# sdkconfig replacement configurations for deprecated options formatted as
+# CONFIG_DEPRECATED_OPTION CONFIG_NEW_OPTION
+
+CONFIG_LOG_BOOTLOADER_LEVEL CONFIG_BOOTLOADER_LOG_LEVEL
+CONFIG_LOG_BOOTLOADER_LEVEL_NONE CONFIG_BOOTLOADER_LOG_LEVEL_NONE
+CONFIG_LOG_BOOTLOADER_LEVEL_ERROR CONFIG_BOOTLOADER_LOG_LEVEL_ERROR
+CONFIG_LOG_BOOTLOADER_LEVEL_WARN CONFIG_BOOTLOADER_LOG_LEVEL_WARN
+CONFIG_LOG_BOOTLOADER_LEVEL_INFO CONFIG_BOOTLOADER_LOG_LEVEL_INFO
+CONFIG_LOG_BOOTLOADER_LEVEL_DEBUG CONFIG_BOOTLOADER_LOG_LEVEL_DEBUG
+CONFIG_LOG_BOOTLOADER_LEVEL_VERBOSE CONFIG_BOOTLOADER_LOG_LEVEL_VERBOSE
+
+CONFIG_APP_ROLLBACK_ENABLE CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
+CONFIG_APP_ANTI_ROLLBACK CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
+CONFIG_APP_SECURE_VERSION CONFIG_BOOTLOADER_APP_SECURE_VERSION
+CONFIG_APP_SECURE_VERSION_SIZE_EFUSE_FIELD CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD
+CONFIG_EFUSE_SECURE_VERSION_EMULATE CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE
+
+CONFIG_FLASH_ENCRYPTION_ENABLED CONFIG_SECURE_FLASH_ENC_ENABLED
+CONFIG_FLASH_ENCRYPTION_INSECURE CONFIG_SECURE_FLASH_ENC_INSECURE
+CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_ENCRYPT CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
+CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_DECRYPT CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC
+CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_CACHE CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE
break;
case PART_SUBTYPE_DATA_EFUSE_EM:
partition_usage = "efuse";
-#ifdef CONFIG_EFUSE_SECURE_VERSION_EMULATE
+#ifdef CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE
esp_efuse_init(partition->pos.offset, partition->pos.size);
#endif
break;
static bool check_anti_rollback(const esp_partition_pos_t *partition)
{
-#ifdef CONFIG_APP_ANTI_ROLLBACK
+#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
esp_app_desc_t app_desc;
esp_err_t err = bootloader_common_get_partition_description(partition, &app_desc);
return err == ESP_OK && esp_efuse_check_secure_version(app_desc.secure_version) == true;
#endif
}
-#ifdef CONFIG_APP_ANTI_ROLLBACK
+#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
static void update_anti_rollback(const esp_partition_pos_t *partition)
{
esp_app_desc_t app_desc;
ESP_LOGD(TAG, "otadata[0]: sequence values 0x%08x", otadata[0].ota_seq);
ESP_LOGD(TAG, "otadata[1]: sequence values 0x%08x", otadata[1].ota_seq);
-#ifdef CONFIG_APP_ROLLBACK_ENABLE
+#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
bool write_encrypted = esp_flash_encryption_enabled();
for (int i = 0; i < 2; ++i) {
if (otadata[i].ota_state == ESP_OTA_IMG_PENDING_VERIFY) {
}
#endif
-#ifndef CONFIG_APP_ANTI_ROLLBACK
+#ifndef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
if ((bootloader_common_ota_select_invalid(&otadata[0]) &&
bootloader_common_ota_select_invalid(&otadata[1])) ||
bs->app_count == 0) {
#else
ESP_LOGI(TAG, "Enabled a check secure version of app for anti rollback");
ESP_LOGI(TAG, "Secure version (from eFuse) = %d", esp_efuse_read_secure_version());
- // When CONFIG_APP_ANTI_ROLLBACK is enabled factory partition should not be in partition table, only two ota_app are there.
+ // When CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK is enabled factory partition should not be in partition table, only two ota_app are there.
if ((otadata[0].ota_seq == UINT32_MAX || otadata[0].crc != bootloader_common_ota_select_crc(&otadata[0])) &&
(otadata[1].ota_seq == UINT32_MAX || otadata[1].crc != bootloader_common_ota_select_crc(&otadata[1]))) {
ESP_LOGI(TAG, "otadata[0..1] in initial state");
uint32_t ota_seq = otadata[active_otadata].ota_seq - 1; // Raw OTA sequence number. May be more than # of OTA slots
boot_index = ota_seq % bs->app_count; // Actual OTA partition selection
ESP_LOGD(TAG, "Mapping seq %d -> OTA slot %d", ota_seq, boot_index);
-#ifdef CONFIG_APP_ROLLBACK_ENABLE
+#ifdef CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
if (otadata[active_otadata].ota_state == ESP_OTA_IMG_NEW) {
ESP_LOGD(TAG, "otadata[%d] is selected as new and marked PENDING_VERIFY state", active_otadata);
otadata[active_otadata].ota_state = ESP_OTA_IMG_PENDING_VERIFY;
write_otadata(&otadata[active_otadata], bs->ota_info.offset + FLASH_SECTOR_SIZE * active_otadata, write_encrypted);
}
-#endif // CONFIG_APP_ROLLBACK_ENABLE
+#endif // CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE
-#ifdef CONFIG_APP_ANTI_ROLLBACK
+#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
if(otadata[active_otadata].ota_state == ESP_OTA_IMG_VALID) {
update_anti_rollback(&bs->ota[boot_index]);
}
-#endif // CONFIG_APP_ANTI_ROLLBACK
+#endif // CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
} else if (bs->factory.offset != 0) {
ESP_LOGE(TAG, "ota data partition invalid, falling back to factory");
bool write_encrypted = esp_flash_encryption_enabled();
write_otadata(&otadata, bs->ota_info.offset + FLASH_SECTOR_SIZE * 0, write_encrypted);
ESP_LOGI(TAG, "Set actual ota_seq=%d in otadata[0]", otadata.ota_seq);
-#ifdef CONFIG_APP_ANTI_ROLLBACK
+#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
update_anti_rollback(&bs->ota[index]);
#endif
}
* then Step 6 enables secure boot.
*/
-#if defined(CONFIG_SECURE_BOOT_ENABLED) || defined(CONFIG_FLASH_ENCRYPTION_ENABLED)
+#if defined(CONFIG_SECURE_BOOT_ENABLED) || defined(CONFIG_SECURE_FLASH_ENC_ENABLED)
esp_err_t err;
#endif
}
#endif
-#ifdef CONFIG_FLASH_ENCRYPTION_ENABLED
+#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED
/* Steps 3, 4 & 5 (see above for full description):
* 3) Generate flash encryption EFUSE key
* 4) Encrypt flash contents
}
#endif
-#ifdef CONFIG_FLASH_ENCRYPTION_ENABLED
+#ifdef CONFIG_SECURE_FLASH_ENC_ENABLED
if (!flash_encryption_enabled && esp_flash_encryption_enabled()) {
/* Flash encryption was just enabled for the first time,
so issue a system reset to ensure flash encryption
esp_efuse_burn_new_values();
uint32_t new_wdata6 = 0;
-#ifndef CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_ENCRYPT
+#ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
ESP_LOGI(TAG, "Disable UART bootloader encryption...");
new_wdata6 |= EFUSE_DISABLE_DL_ENCRYPT;
#else
ESP_LOGW(TAG, "Not disabling UART bootloader encryption");
#endif
-#ifndef CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_DECRYPT
+#ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC
ESP_LOGI(TAG, "Disable UART bootloader decryption...");
new_wdata6 |= EFUSE_DISABLE_DL_DECRYPT;
#else
ESP_LOGW(TAG, "Not disabling UART bootloader decryption - SECURITY COMPROMISED");
#endif
-#ifndef CONFIG_FLASH_ENCRYPTION_UART_BOOTLOADER_ALLOW_CACHE
+#ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE
ESP_LOGI(TAG, "Disable UART bootloader MMU cache...");
new_wdata6 |= EFUSE_DISABLE_DL_CACHE;
#else
#ifndef BOOTLOADER_BUILD
#define LOG_LOCAL_LEVEL CONFIG_LOG_DEFAULT_LEVEL
#else
-#define LOG_LOCAL_LEVEL CONFIG_LOG_BOOTLOADER_LEVEL
+#define LOG_LOCAL_LEVEL CONFIG_BOOTLOADER_LOG_LEVEL
#endif
#endif
/* @brief Initializes variables: offset and size to simulate the work of an eFuse.
*
- * Note: To simulate the work of an eFuse need to set CONFIG_EFUSE_SECURE_VERSION_EMULATE option
+ * Note: To simulate the work of an eFuse need to set CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE option
* and to add in the partition.csv file a line `efuse_em, data, efuse, , 0x2000,`.
*
* @param[in] offset The starting address of the partition where the eFuse data will be located.
bzero(raw, sizeof(raw));
}
-#ifdef CONFIG_EFUSE_SECURE_VERSION_EMULATE
+#ifdef CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE
#include "../include_bootloader/bootloader_flash.h"
#include "esp_flash_encrypt.h"
uint32_t esp_efuse_read_secure_version()
{
-#ifdef CONFIG_APP_ANTI_ROLLBACK
+#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
uint32_t secure_version;
-#ifdef CONFIG_EFUSE_SECURE_VERSION_EMULATE
+#ifdef CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE
secure_version = emulate_secure_version_read();
#else
secure_version = REG_READ(EFUSE_BLK_RD_ANTI_ROLLBACK);
-#endif // CONFIG_EFUSE_SECURE_VERSION_EMULATE
+#endif // CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE
- return __builtin_popcount(secure_version & ((1ULL << CONFIG_APP_SECURE_VERSION_SIZE_EFUSE_FIELD) - 1));
+ return __builtin_popcount(secure_version & ((1ULL << CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD) - 1));
#else
return 0;
#endif
}
-#ifdef CONFIG_APP_ANTI_ROLLBACK
+#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
static void write_anti_rollback(uint32_t new_bits)
{
-#ifdef CONFIG_EFUSE_SECURE_VERSION_EMULATE
+#ifdef CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE
emulate_secure_version_write(new_bits);
#else
esp_efuse_reset();
esp_err_t esp_efuse_update_secure_version(uint32_t secure_version)
{
-#ifdef CONFIG_APP_ANTI_ROLLBACK
- if (CONFIG_APP_SECURE_VERSION_SIZE_EFUSE_FIELD < secure_version) {
- ESP_LOGE(TAG, "Max secure version is %d. Given %d version can not be written.", CONFIG_APP_SECURE_VERSION_SIZE_EFUSE_FIELD, secure_version);
+#ifdef CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK
+ if (CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD < secure_version) {
+ ESP_LOGE(TAG, "Max secure version is %d. Given %d version can not be written.", CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD, secure_version);
return ESP_ERR_INVALID_ARG;
}
-#ifndef CONFIG_EFUSE_SECURE_VERSION_EMULATE
+#ifndef CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE
uint32_t coding_scheme = REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_CODING_SCHEME_M;
if (coding_scheme != EFUSE_CODING_SCHEME_VAL_NONE) {
ESP_LOGE(TAG, "Anti rollback is not supported with a 3/4 coding scheme.");
#ifndef CONFIG_APP_EXCLUDE_PROJECT_VER_VAR
ESP_EARLY_LOGI(TAG, "App version: %s", app_desc->version);
#endif
-#ifdef CONFIG_APP_SECURE_VERSION
+#ifdef CONFIG_BOOTLOADER_APP_SECURE_VERSION
ESP_EARLY_LOGI(TAG, "Secure version: %d", app_desc->secure_version);
#endif
#ifdef CONFIG_APP_COMPILE_TIME_DATE
#ifndef CONFIG_BOOTLOADER_WDT_DISABLE_IN_USER_CODE
rtc_wdt_disable();
#endif
-#ifdef CONFIG_EFUSE_SECURE_VERSION_EMULATE
+#ifdef CONFIG_BOOTLOADER_EFUSE_SECURE_VERSION_EMULATE
const esp_partition_t *efuse_partition = esp_partition_find_first(ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_EFUSE_EM, NULL);
if (efuse_partition) {
esp_efuse_init(efuse_partition->address, efuse_partition->size);
set(ESPTOOLPY_BEFORE "${CONFIG_ESPTOOLPY_BEFORE}")
set(ESPTOOLPY_AFTER "${CONFIG_ESPTOOLPY_AFTER}")
-if(CONFIG_SECURE_BOOT_ENABLED OR CONFIG_FLASH_ENCRYPTION_ENABLED)
+if(CONFIG_SECURE_BOOT_ENABLED OR CONFIG_SECURE_FLASH_ENC_ENABLED)
# If security enabled then override post flash option
set(ESPTOOLPY_AFTER "no_reset")
endif()
list(APPEND flash_project_args_json "\"${offset}\" : \"${image}\"")
set_property(TARGET flash_project_args_target PROPERTY FLASH_PROJECT_ARGS_JSON "${flash_project_args_json}")
endif()
-endfunction()
\ No newline at end of file
+endfunction()
#ifndef BOOTLOADER_BUILD
#define LOG_LOCAL_LEVEL CONFIG_LOG_DEFAULT_LEVEL
#else
-#define LOG_LOCAL_LEVEL CONFIG_LOG_BOOTLOADER_LEVEL
+#define LOG_LOCAL_LEVEL CONFIG_BOOTLOADER_LOG_LEVEL
#endif
#endif
config NVS_ENCRYPTION
bool "Enable NVS encryption"
default n
- depends on FLASH_ENCRYPTION_ENABLED
+ depends on SECURE_FLASH_ENC_ENABLED
help
This option enables encryption for NVS. When enabled, AES-XTS is used to encrypt
the complete NVS data, except the page headers. It requires XTS encryption keys
# If anti-rollback option is set then factory partition should not be in Partition Table.
# In this case, should be used the partition table with two ota app without the factory.
partition_table_get_partition_info(factory_offset "--partition-type app --partition-subtype factory" "offset")
-if(CONFIG_APP_ANTI_ROLLBACK AND factory_offset)
+if(CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK AND factory_offset)
fail_at_build_time(check_table_contents
"ERROR: Anti-rollback option is enabled. Partition table should consist of two ota app without factory partition.")
add_dependencies(bootloader check_table_contents)
# If anti-rollback option is set then factory partition should not be in Partition Table.
# In this case, should be used the partition table with two ota app without the factory.
check_table_contents: partition_table_get_info
- @echo $(if $(CONFIG_APP_ANTI_ROLLBACK), $(if $(FACTORY_OFFSET), $(error "ERROR: Anti-rollback option is enabled. Partition table should consist of two ota app without factory partition."), ""), "")
+ @echo $(if $(CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK), $(if $(FACTORY_OFFSET), $(error "ERROR: Anti-rollback option is enabled. Partition table should consist of two ota app without factory partition."), ""), "")
PARTITION_TABLE_FLASH_CMD = $(ESPTOOLPY_SERIAL) write_flash $(PARTITION_TABLE_OFFSET) $(PARTITION_TABLE_BIN)
ESPTOOL_ALL_FLASH_ARGS += $(PARTITION_TABLE_OFFSET) $(PARTITION_TABLE_BIN)
if (!partition->encrypted) {
return spi_flash_read(partition->address + src_offset, dst, size);
} else {
-#if CONFIG_FLASH_ENCRYPTION_ENABLED
+#if CONFIG_SECURE_FLASH_ENC_ENABLED
/* Encrypted partitions need to be read via a cache mapping */
const void *buf;
spi_flash_mmap_handle_t handle;
return ESP_OK;
#else
return ESP_ERR_NOT_SUPPORTED;
-#endif // CONFIG_FLASH_ENCRYPTION_ENABLED
+#endif // CONFIG_SECURE_FLASH_ENC_ENABLED
}
}
if (!partition->encrypted) {
return spi_flash_write(dst_offset, src, size);
} else {
-#if CONFIG_FLASH_ENCRYPTION_ENABLED
+#if CONFIG_SECURE_FLASH_ENC_ENABLED
return spi_flash_write_encrypted(dst_offset, src, size);
#else
return ESP_ERR_NOT_SUPPORTED;
-#endif // CONFIG_FLASH_ENCRYPTION_ENABLED
+#endif // CONFIG_SECURE_FLASH_ENC_ENABLED
}
}
* The application works fine, :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` marks the running application with the state ``ESP_OTA_IMG_VALID``. There are no restrictions on booting this application.
* The application has critical errors and further work is not possible, a rollback to the previous application is required, :cpp:func:`esp_ota_mark_app_invalid_rollback_and_reboot` marks the running application with the state ``ESP_OTA_IMG_INVALID`` and reset. This application will not be selected by the bootloader for boot and will boot the previously working application.
-* If the :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is set, and occur a reset without calling either function then happend and is rolled back.
+* If the :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is set, and occur a reset without calling either function then happend and is rolled back.
Note: The state is not written to the binary image of the application it is written to the ``otadata`` partition. The partition contains a ``ota_seq`` counter which is a pointer to the slot (ota_0, ota_1, ...) from which the application will be selected for boot.
+-----------------------------+--------------------------------------------------------+
| ESP_OTA_IMG_ABORTED | Will not be selected. |
+-----------------------------+--------------------------------------------------------+
-| ESP_OTA_IMG_NEW | If :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is set |
-| | it will be selected only once. In bootloader the state |
-| | immediately changes to ``ESP_OTA_IMG_PENDING_VERIFY``. |
+| ESP_OTA_IMG_NEW | If :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option |
+| | is set it will be selected only once. In bootloader |
+| | the state immediately changes to |
+| | ``ESP_OTA_IMG_PENDING_VERIFY``. |
+-----------------------------+--------------------------------------------------------+
-| ESP_OTA_IMG_PENDING_VERIFY | If :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is set |
-| | it will not be selected and the state will change to |
-| | ``ESP_OTA_IMG_ABORTED``. |
+| ESP_OTA_IMG_PENDING_VERIFY | If :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option |
+| | is set it will not be selected and the state will |
+| | change to ``ESP_OTA_IMG_ABORTED``. |
+-----------------------------+--------------------------------------------------------+
-If :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is not enabled (by default), then the use of the following functions :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` and :cpp:func:`esp_ota_mark_app_invalid_rollback_and_reboot` are optional, and ``ESP_OTA_IMG_NEW`` and ``ESP_OTA_IMG_PENDING_VERIFY`` states are not used.
+If :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is not enabled (by default), then the use of the following functions :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` and :cpp:func:`esp_ota_mark_app_invalid_rollback_and_reboot` are optional, and ``ESP_OTA_IMG_NEW`` and ``ESP_OTA_IMG_PENDING_VERIFY`` states are not used.
-An option in Kconfig :ref:`CONFIG_APP_ROLLBACK_ENABLE` allows you to track the first boot of a new application. In this case, the application must confirm its operability by calling :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` function, otherwise the application will be rolled back upon reboot. It allows you to control the operability of the application during the boot phase. Thus, a new application has only one attempt to boot successfully.
+An option in Kconfig :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` allows you to track the first boot of a new application. In this case, the application must confirm its operability by calling :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` function, otherwise the application will be rolled back upon reboot. It allows you to control the operability of the application during the boot phase. Thus, a new application has only one attempt to boot successfully.
Rollback Process
^^^^^^^^^^^^^^^^
-The description of the rollback process when :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is enabled:
+The description of the rollback process when :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is enabled:
* The new application successfully downloaded and :cpp:func:`esp_ota_set_boot_partition` function makes this partition bootable and sets the state ``ESP_OTA_IMG_NEW``. This state means that the application is new and should be monitored for its first boot.
* Reboot :cpp:func:`esp_restart`.
A brief description of where the states are set:
* ``ESP_OTA_IMG_VALID`` state is set by :cpp:func:`esp_ota_mark_app_valid_cancel_rollback` function.
-* ``ESP_OTA_IMG_UNDEFINED`` state is set by :cpp:func:`esp_ota_set_boot_partition` function if :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is not enabled.
-* ``ESP_OTA_IMG_NEW`` state is set by :cpp:func:`esp_ota_set_boot_partition` function if :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is enabled.
+* ``ESP_OTA_IMG_UNDEFINED`` state is set by :cpp:func:`esp_ota_set_boot_partition` function if :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is not enabled.
+* ``ESP_OTA_IMG_NEW`` state is set by :cpp:func:`esp_ota_set_boot_partition` function if
+ :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is enabled.
* ``ESP_OTA_IMG_INVALID`` state is set by :cpp:func:`esp_ota_mark_app_invalid_rollback_and_reboot` function.
-* ``ESP_OTA_IMG_ABORTED`` state is set if there was no confirmation of the application operability and occurs reboots (if :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is enabled).
-* ``ESP_OTA_IMG_PENDING_VERIFY`` state is set in a bootloader if :ref:`CONFIG_APP_ROLLBACK_ENABLE` option is enabled and selected app has ``ESP_OTA_IMG_NEW`` state.
+* ``ESP_OTA_IMG_ABORTED`` state is set if there was no confirmation of the application operability and occurs reboots (if :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is enabled).
+* ``ESP_OTA_IMG_PENDING_VERIFY`` state is set in a bootloader if :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option is enabled and selected app has ``ESP_OTA_IMG_NEW`` state.
.. _anti-rollback:
Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip.
-This function works if set :ref:`CONFIG_APP_ANTI_ROLLBACK` option. In the bootloader, when selecting a bootable application, an additional security version check is added which is on the chip and in the application image. The version in the bootable firmware must be greater than or equal to the version in the chip.
+This function works if set :ref:`CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK` option. In the bootloader, when selecting a bootable application, an additional security version check is added which is on the chip and in the application image. The version in the bootable firmware must be greater than or equal to the version in the chip.
-:ref:`CONFIG_APP_ANTI_ROLLBACK` and :ref:`CONFIG_APP_ROLLBACK_ENABLE` options are used together. In this case, rollback is possible only on the security version which is equal or higher than the version in the chip.
+:ref:`CONFIG_BOOTLOADER_APP_ANTI_ROLLBACK` and :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` options are used together. In this case, rollback is possible only on the security version which is equal or higher than the version in the chip.
A typical anti-rollback scheme is
Restrictions:
-- The number of bits in the ``secure_version`` field is limited to 32 bits. This means that only 32 times you can do an anti-rollback. You can reduce the length of this efuse field use :ref:`CONFIG_APP_SECURE_VERSION_SIZE_EFUSE_FIELD` option.
+- The number of bits in the ``secure_version`` field is limited to 32 bits. This means that only 32 times you can do an anti-rollback. You can reduce the length of this efuse field use :ref:`CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD` option.
- Anti-rollback only works if the encoding scheme for efuse is set to ``NONE``.
- The partition table should not have a factory partition, only two of the app.
``security_version``:
-- In application image it is stored in ``esp_app_desc`` structure. The number is set :ref:`CONFIG_APP_SECURE_VERSION`.
+- In application image it is stored in ``esp_app_desc`` structure. The number is set
+ :ref:`CONFIG_BOOTLOADER_APP_SECURE_VERSION`.
- In ESP32 it is stored in efuse ``EFUSE_BLK3_RDATA4_REG``. (when a eFuse bit is programmed to 1, it can never be reverted to 0). The number of bits set in this register is the ``security_version`` from app.
.. _secure-ota-updates:
Options to work around this are:
-- Reduce :ref:`bootloader log level <CONFIG_LOG_BOOTLOADER_LEVEL>`. Setting log level to Warning, Error or None all significantly reduce the final binary size (but may make it harder to debug).
+- Reduce :ref:`bootloader log level <CONFIG_BOOTLOADER_LOG_LEVEL>`. Setting log level to Warning, Error or None all significantly reduce the final binary size (but may make it harder to debug).
- Set :ref:`partition table offset <CONFIG_PARTITION_TABLE_OFFSET>` to a higher value than 0x8000, to place the partition table later in the flash. This increases the space available for the bootloader. If the :doc:`partition table </api-guides/partition-tables>` CSV file contains explicit partition offsets, they will need changing so no partition has an offset lower than ``CONFIG_PARTITION_TABLE_OFFSET + 0x1000``. (This includes the default partition CSV files supplied with ESP-IDF.)
.. _secure-boot-howto:
# Reduce bootloader log verbosity
-CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y
-CONFIG_LOG_BOOTLOADER_LEVEL=2
+CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
+CONFIG_BOOTLOADER_LOG_LEVEL=2
# Increase main task stack size
CONFIG_ESP_MAIN_TASK_STACK_SIZE=7168
# Reduce bootloader log verbosity
-CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y
-CONFIG_LOG_BOOTLOADER_LEVEL=2
+CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
+CONFIG_BOOTLOADER_LOG_LEVEL=2
# Increase main task stack size
CONFIG_ESP_MAIN_TASK_STACK_SIZE=7168
# Reduce bootloader log verbosity
-CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y
-CONFIG_LOG_BOOTLOADER_LEVEL=2
+CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
+CONFIG_BOOTLOADER_LOG_LEVEL=2
# Increase main task stack size
CONFIG_ESP_MAIN_TASK_STACK_SIZE=7168
## Support the rollback
-This feature allows you to roll back to the previous firmware if the app is not operable. Option :ref:`CONFIG_APP_ROLLBACK_ENABLE` allows you to track the first boot of the application (see the``Over The Air Updates (OTA)`` article).
-For ``native_ota_example``, added a bit of code to demonstrate how a rollback works. To use it, you need enable the :ref:`CONFIG_APP_ROLLBACK_ENABLE` option in Kconfig and under the "Example Configuration" submenu to set "Number of the GPIO input for diagnostic" to manage the rollback process.
+This feature allows you to roll back to the previous firmware if the app is not operable. Option :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` allows you to track the first boot of the application (see the``Over The Air Updates (OTA)`` article).
+For ``native_ota_example``, added a bit of code to demonstrate how a rollback works. To use it, you need enable the :ref:`CONFIG_BOOTLOADER_APP_ROLLBACK_ENABLE` option in Kconfig and under the "Example Configuration" submenu to set "Number of the GPIO input for diagnostic" to manage the rollback process.
To trigger a rollback, this GPIO must be pulled low while the message `Diagnostics (5 sec)...` which will be on first boot.
If GPIO is not pulled low then the operable of the app will be confirmed.
CONFIG_ESP32_ULP_COPROC_ENABLED=y
CONFIG_ESP32_ULP_COPROC_RESERVE_MEM=1024
# Set log level to Warning to produce clean output
-CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y
-CONFIG_LOG_BOOTLOADER_LEVEL=2
+CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
+CONFIG_BOOTLOADER_LOG_LEVEL=2
CONFIG_LOG_DEFAULT_LEVEL_WARN=y
CONFIG_LOG_DEFAULT_LEVEL=2
CONFIG_ESP32_ULP_COPROC_ENABLED=y
CONFIG_ESP32_ULP_COPROC_RESERVE_MEM=1024
# Set log level to Warning to produce clean output
-CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y
-CONFIG_LOG_BOOTLOADER_LEVEL=2
+CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
+CONFIG_BOOTLOADER_LOG_LEVEL=2
CONFIG_LOG_DEFAULT_LEVEL_WARN=y
CONFIG_LOG_DEFAULT_LEVEL=2
# Reduce bootloader log verbosity
-CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y
-CONFIG_LOG_BOOTLOADER_LEVEL=2
+CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
+CONFIG_BOOTLOADER_LOG_LEVEL=2
# Increase main task stack size
CONFIG_ESP_MAIN_TASK_STACK_SIZE=7168
#
# Bootloader config
#
-CONFIG_LOG_BOOTLOADER_LEVEL_NONE=
-CONFIG_LOG_BOOTLOADER_LEVEL_ERROR=
-CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y
-CONFIG_LOG_BOOTLOADER_LEVEL_INFO=
-CONFIG_LOG_BOOTLOADER_LEVEL_DEBUG=
-CONFIG_LOG_BOOTLOADER_LEVEL_VERBOSE=
-CONFIG_LOG_BOOTLOADER_LEVEL=2
+CONFIG_BOOTLOADER_LOG_LEVEL_NONE=
+CONFIG_BOOTLOADER_LOG_LEVEL_ERROR=
+CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
+CONFIG_BOOTLOADER_LOG_LEVEL_INFO=
+CONFIG_BOOTLOADER_LOG_LEVEL_DEBUG=
+CONFIG_BOOTLOADER_LOG_LEVEL_VERBOSE=
+CONFIG_BOOTLOADER_LOG_LEVEL=2
CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_8V=
CONFIG_BOOTLOADER_VDDSDIO_BOOST_1_9V=y
# Security features
#
CONFIG_SECURE_BOOT_ENABLED=
-CONFIG_FLASH_ENCRYPTION_ENABLED=
+CONFIG_SECURE_FLASH_ENC_ENABLED=
#
# Serial flasher config
-CONFIG_LOG_BOOTLOADER_LEVEL_WARN=y
+CONFIG_BOOTLOADER_LOG_LEVEL_WARN=y
CONFIG_ESPTOOLPY_BAUD_921600B=y
CONFIG_ESPTOOLPY_FLASHSIZE_4MB=y
CONFIG_ESPTOOLPY_FLASHSIZE_DETECT=n