*
* @inputs: bool
*/
-bool secure_boot_generate(uint32_t bin_len){
+static bool secure_boot_generate(uint32_t bin_len){
SpiFlashOpResult spiRet;
uint16_t i;
uint32_t buf[32];
return true;
}
+/* Burn values written to the efuse write registers */
+static inline void burn_efuses()
+{
+ REG_WRITE(EFUSE_CONF_REG, 0x5A5A); /* efuse_pgm_op_ena, force no rd/wr disable */
+ REG_WRITE(EFUSE_CMD_REG, 0x02); /* efuse_pgm_cmd */
+ while (REG_READ(EFUSE_CMD_REG)); /* wait for efuse_pagm_cmd=0 */
+ REG_WRITE(EFUSE_CONF_REG, 0x5AA5); /* efuse_read_op_ena, release force */
+ REG_WRITE(EFUSE_CMD_REG, 0x01); /* efuse_read_cmd */
+ while (REG_READ(EFUSE_CMD_REG)); /* wait for efuse_read_cmd=0 */
+}
/**
- * @function : secure_boot
- * @description: protect boot code in flash
+ * @function : secure_boot_generate_bootloader_digest
*
- * @inputs: bool
+ * @description: Called if the secure boot flag is set on the
+ * bootloader image in flash. If secure boot is not yet enabled for
+ * bootloader, this will generate the secure boot digest and enable
+ * secure boot by blowing the EFUSE_RD_ABS_DONE_0 efuse.
+ *
+ * This function does not verify secure boot of the bootloader (the
+ * ROM bootloader does this.)
+ *
+ * @return true if secure boot is enabled (either was already enabled,
+ * or is freshly enabled as a result of calling this function.)
*/
-bool secure_boot(void){
- uint32_t bin_len = 0;
- if (REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_RD_ABS_DONE_0)
- {
- ESP_LOGD(TAG, "already secure boot !");
- return true;
- } else {
- boot_cache_redirect( 0, 64*1024);
- bin_len = get_bin_len((uint32_t)MEM_CACHE(0x1000));
- if (bin_len == 0) {
- ESP_LOGE(TAG, "boot len is error");
- return false;
- }
- if (false == secure_boot_generate(bin_len)){
- ESP_LOGE(TAG, "secure boot generate failed");
- return false;
- }
- }
-
- REG_SET_BIT(EFUSE_BLK0_WDATA6_REG, EFUSE_RD_ABS_DONE_0);
- REG_WRITE(EFUSE_CONF_REG, 0x5A5A); /* efuse_pgm_op_ena, force no rd/wr disable */
- REG_WRITE(EFUSE_CMD_REG, 0x02); /* efuse_pgm_cmd */
- while (REG_READ(EFUSE_CMD_REG)); /* wait for efuse_pagm_cmd=0 */
- ESP_LOGW(TAG, "burn abstract_done_0");
- REG_WRITE(EFUSE_CONF_REG, 0x5AA5); /* efuse_read_op_ena, release force */
- REG_WRITE(EFUSE_CMD_REG, 0x01); /* efuse_read_cmd */
- while (REG_READ(EFUSE_CMD_REG)); /* wait for efuse_read_cmd=0 */
- ESP_LOGI(TAG, "read EFUSE_BLK0_RDATA6 %x", REG_READ(EFUSE_BLK0_RDATA6_REG));
- return true;
+bool secure_boot_generate_bootloader_digest(void) {
+ uint32_t bin_len = 0;
+ if (REG_READ(EFUSE_BLK0_RDATA6_REG) & EFUSE_RD_ABS_DONE_0)
+ {
+ ESP_LOGI(TAG, "bootloader secure boot is already enabled, continuing..");
+ return true;
+ }
+
+ boot_cache_redirect( 0, 64*1024);
+ bin_len = get_bin_len((uint32_t)MEM_CACHE(0x1000));
+ if (bin_len == 0) {
+ ESP_LOGE(TAG, "Invalid bootloader image length zero.");
+ return false;
+ }
+ if (bin_len > 0x100000) {
+ ESP_LOGE(TAG, "Invalid bootloader image length %x", bin_len);
+ return false;
+ }
+
+ uint32_t dis_reg = REG_READ(EFUSE_BLK0_RDATA0_REG);
+ bool efuse_key_read_protected = dis_reg & EFUSE_RD_DIS_BLK2;
+ bool efuse_key_write_protected = dis_reg & EFUSE_WR_DIS_BLK2;
+ if (efuse_key_read_protected == false
+ && efuse_key_write_protected == false
+ && REG_READ(EFUSE_BLK2_RDATA0_REG) == 0
+ && REG_READ(EFUSE_BLK2_RDATA1_REG) == 0
+ && REG_READ(EFUSE_BLK2_RDATA2_REG) == 0
+ && REG_READ(EFUSE_BLK2_RDATA3_REG) == 0
+ && REG_READ(EFUSE_BLK2_RDATA4_REG) == 0
+ && REG_READ(EFUSE_BLK2_RDATA5_REG) == 0
+ && REG_READ(EFUSE_BLK2_RDATA6_REG) == 0
+ && REG_READ(EFUSE_BLK2_RDATA7_REG) == 0) {
+ ESP_LOGI(TAG, "Generating new secure boot key...");
+ /* reuse the secure boot IV generation function to generate
+ the key, as this generator uses the hardware RNG. */
+ uint32_t buf[32];
+ ets_secure_boot_rd_iv(buf);
+ for (int i = 0; i < 8; i++) {
+ ESP_LOGV(TAG, "EFUSE_BLK2_WDATA%d_REG = 0x%08x", i, buf[i]);
+ REG_WRITE(EFUSE_BLK2_WDATA0_REG + 4*i, buf[i]);
+ }
+ bzero(buf, sizeof(buf));
+ burn_efuses();
+ ESP_LOGI(TAG, "Read & write protecting new key...");
+ REG_WRITE(EFUSE_BLK0_WDATA0_REG, EFUSE_WR_DIS_BLK2 | EFUSE_RD_DIS_BLK2);
+ burn_efuses();
+ efuse_key_read_protected = true;
+ efuse_key_write_protected = true;
+
+ } else {
+ ESP_LOGW(TAG, "Using pre-loaded secure boot key in EFUSE block 2");
+ }
+
+ ESP_LOGI(TAG, "Generating secure boot digest...");
+ if (false == secure_boot_generate(bin_len)){
+ ESP_LOGE(TAG, "secure boot generation failed");
+ return false;
+ }
+ ESP_LOGI(TAG, "Digest generation complete.");
+
+ if (!efuse_key_read_protected) {
+ ESP_LOGE(TAG, "Pre-loaded key is not read protected. Refusing to blow secure boot efuse.");
+ return false;
+ }
+ if (!efuse_key_write_protected) {
+ ESP_LOGE(TAG, "Pre-loaded key is not write protected. Refusing to blow secure boot efuse.");
+ return false;
+ }
+ ESP_LOGI(TAG, "blowing secure boot efuse & disabling JTAG...");
+ ESP_LOGD(TAG, "before updating, EFUSE_BLK0_RDATA6 %x", REG_READ(EFUSE_BLK0_RDATA6_REG));
+ REG_WRITE(EFUSE_BLK0_WDATA6_REG,
+ EFUSE_RD_ABS_DONE_0 | EFUSE_RD_DISABLE_JTAG);
+ burn_efuses();
+ uint32_t after = REG_READ(EFUSE_BLK0_RDATA6_REG);
+ ESP_LOGD(TAG, "after updating, EFUSE_BLK0_RDATA6 %x", after);
+ if (after & EFUSE_RD_ABS_DONE_0) {
+ ESP_LOGI(TAG, "secure boot is now enabled for bootloader image");
+ return true;
+ } else {
+ ESP_LOGE(TAG, "secure boot not enabled for bootloader image, EFUSE_RD_ABS_DONE_0 is probably write protected!");
+ return false;
+ }
}
projects / esp-idf / commitdiff