default "IDF_TARGET_NOT_SET" if IDF_TARGET_ENV=""
default IDF_TARGET_ENV
+ config IDF_FIRMWARE_CHIP_ID
+ hex
+ default 0x0000 if IDF_TARGET="esp32"
+ default 0xFFFF
menu "SDK tool configuration"
config SDK_TOOLPREFIX
#include "esp_efuse.h"
-#define SUB_TYPE_ID(i) (i & 0x0F)
+#define SUB_TYPE_ID(i) (i & 0x0F)
typedef struct ota_ops_entry_ {
uint32_t handle;
// must erase the partition before writing to it
assert(it->erased_size > 0 && "must erase the partition before writing to it");
if (it->wrote_size == 0 && it->partial_bytes == 0 && size > 0 && data_bytes[0] != ESP_IMAGE_HEADER_MAGIC) {
- ESP_LOGE(TAG, "OTA image has invalid magic byte (expected 0xE9, saw 0x%02x", data_bytes[0]);
+ ESP_LOGE(TAG, "OTA image has invalid magic byte (expected 0xE9, saw 0x%02x)", data_bytes[0]);
return ESP_ERR_OTA_VALIDATE_FAILED;
}
#pragma once
#include "esp_flash_partitions.h"
#include "esp_image_format.h"
+#include "esp_app_format.h"
#ifdef __cplusplus
extern "C" {
/**
* @brief Returns esp_app_desc structure for app partition. This structure includes app version.
- *
+ *
* Returns a description for the requested app partition.
* @param[in] partition App partition description.
* @param[out] app_desc Structure of info about app.
*/
esp_err_t bootloader_common_get_partition_description(const esp_partition_pos_t *partition, esp_app_desc_t *app_desc);
+/**
+ * @brief Check if the image (bootloader and application) has valid chip ID and revision
+ *
+ * @param img_hdr: image header
+ * @return
+ * - ESP_OK: image and chip are matched well
+ * - ESP_FAIL: image doesn't match to the chip
+ */
+esp_err_t bootloader_common_check_chip_validity(const esp_image_header_t* img_hdr);
+
/**
* @brief Configure VDDSDIO, call this API to rise VDDSDIO to 1.9V when VDDSDIO regulator is enabled as 1.8V mode.
*/
// limitations under the License.
#pragma once
+/**
+ * @brief ESP chip ID
+ *
+ */
+typedef enum {
+ ESP_CHIP_ID_ESP32 = 0x0000, /*!< chip ID: ESP32 */
+ ESP_CHIP_ID_INVALID = 0xFFFF /*!< Invalid chip ID (we defined it to make sure the esp_chip_id_t is 2 bytes size) */
+} __attribute__((packed)) esp_chip_id_t;
+
+/** @cond */
+_Static_assert(sizeof(esp_chip_id_t) == 2, "esp_chip_id_t should be 16 bit");
+/** @endcond */
+
/**
* @brief SPI flash mode, used in esp_image_header_t
*/
* the IDF bootloader uses software to configure the WP
* pin and sets this field to 0xEE=disabled) */
uint8_t spi_pin_drv[3]; /*!< Drive settings for the SPI flash pins (read by ROM bootloader) */
- uint8_t reserved[11]; /*!< Reserved bytes in ESP32 additional header space, currently unused */
+ esp_chip_id_t chip_id; /*!< Chip identification number */
+ uint8_t min_chip_rev; /*!< Minimum chip revision supported by image */
+ uint8_t reserved[8]; /*!< Reserved bytes in additional header space, currently unused */
uint8_t hash_appended; /*!< If 1, a SHA256 digest "simple hash" (of the entire image) is appended after the checksum.
* Included in image length. This digest
* is separate to secure boot and only used for detecting corruption.
#include "esp_image_format.h"
#include "bootloader_sha.h"
#include "sys/param.h"
+#include "esp_efuse.h"
#define ESP_PARTITION_HASH_LEN 32 /* SHA-256 digest length */
}
#endif // CONFIG_BOOTLOADER_VDDSDIO_BOOST
}
+
+esp_err_t bootloader_common_check_chip_validity(const esp_image_header_t* img_hdr)
+{
+ esp_err_t err = ESP_OK;
+ esp_chip_id_t chip_id = CONFIG_IDF_FIRMWARE_CHIP_ID;
+ if (chip_id != img_hdr->chip_id) {
+ ESP_LOGE(TAG, "image has invalid chip ID, expected at least %d, found %d", chip_id, img_hdr->chip_id);
+ err = ESP_FAIL;
+ }
+ uint8_t revision = esp_efuse_get_chip_ver();
+ if (revision < img_hdr->min_chip_rev) {
+ ESP_LOGE(TAG, "image has invalid chip revision, expected at least %d, found %d", revision, img_hdr->min_chip_rev);
+ err = ESP_FAIL;
+ } else if (revision != img_hdr->min_chip_rev) {
+ ESP_LOGI(TAG, "This chip is revision %d but project was configured for minimum revision %d. "\
+ "Suggest setting project minimum revision to %d if safe to do so.",
+ revision, img_hdr->min_chip_rev, revision);
+ }
+ return err;
+}
#include "soc/spi_periph.h"
#include "sdkconfig.h"
+#include "esp_efuse.h"
#include "esp_image_format.h"
#include "esp_secure_boot.h"
#include "esp_flash_encrypt.h"
ESP_LOGE(TAG, "failed to load bootloader header!");
return ESP_FAIL;
}
+
+ /* Check chip ID and minimum chip revision that supported by this image */
+ uint8_t revision = esp_efuse_get_chip_ver();
+ ESP_LOGI(TAG, "Chip Revision: %d", revision);
+ if (bootloader_common_check_chip_validity(&fhdr) != ESP_OK) {
+ return ESP_FAIL;
+ }
+
bootloader_init_flash_configure(&fhdr);
#if (CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ == 240)
//Check if ESP32 is rated for a CPU frequency of 160MHz only
#include <bootloader_random.h>
#include <bootloader_sha.h>
#include "bootloader_util.h"
+#include "bootloader_common.h"
/* Checking signatures as part of verifying images is necessary:
- Always if secure boot is enabled
}
err = ESP_ERR_IMAGE_INVALID;
}
+ if (bootloader_common_check_chip_validity(image) != ESP_OK) {
+ err = ESP_ERR_IMAGE_INVALID;
+ }
if (!silent) {
if (image->spi_mode > ESP_IMAGE_SPI_MODE_SLOW_READ) {
ESP_LOGW(TAG, "image at 0x%x has invalid SPI mode %d", src_addr, image->spi_mode);
esp_err_t flash_ret = esp_flash_init_default_chip();
assert(flash_ret == ESP_OK);
- uint8_t revision = esp_efuse_get_chip_ver();
- ESP_LOGI(TAG, "Chip Revision: %d", revision);
- if (revision > CONFIG_ESP32_REV_MIN) {
- ESP_LOGW(TAG, "Chip revision is higher than the one configured in menuconfig. Suggest to upgrade it.");
- } else if(revision != CONFIG_ESP32_REV_MIN) {
- ESP_LOGE(TAG, "ESP-IDF can't support this chip revision. Modify minimum supported revision in menuconfig");
- abort();
- }
-
#ifdef CONFIG_PM_ENABLE
esp_pm_impl_init();
#ifdef CONFIG_PM_DFS_INIT_AUTO
ESPTOOL_ELF2IMAGE_OPTIONS :=
+ifdef CONFIG_ESP32_REV_MIN
+ESPTOOL_ELF2IMAGE_OPTIONS += --min-rev $(CONFIG_ESP32_REV_MIN)
+endif
+
ifdef CONFIG_SECURE_BOOT_ENABLED
ifndef CONFIG_SECURE_BOOT_ALLOW_SHORT_APP_PARTITION
ifndef IS_BOOTLOADER_BUILD
-Subproject commit 1a7dbf787e7e504acdeaea074d15a5ccaf87e9e8
+Subproject commit 4f1e825d2d1ee33b896b3977905fb29ac6cc0794
set(ESPTOOLPY_ELF2IMAGE_OPTIONS ${ESPTOOLPY_ELF2IMAGE_OPTIONS} --secure-pad)
endif()
+if(CONFIG_ESP32_REV_MIN)
+ set(ESPTOOLPY_ELF2IMAGE_OPTIONS ${ESPTOOLPY_ELF2IMAGE_OPTIONS} --min-rev ${CONFIG_ESP32_REV_MIN})
+endif()
+
if(CONFIG_ESPTOOLPY_FLASHSIZE_DETECT)
# Set ESPFLASHSIZE to 'detect' *after* elf2image options are generated,
# as elf2image can't have 'detect' as an option...
projects / esp-idf / commitdiff