1 /*
2 * SPDX-FileCopyrightText: 2017-2022 Espressif Systems (Shanghai) CO LTD
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <stdlib.h>
8 #include "sdkconfig.h"
9 #include "esp_efuse.h"
10 #include "esp_efuse_utility.h"
11 #include "esp_efuse_table.h"
12 #include "esp_types.h"
13 #include "assert.h"
14 #include "esp_err.h"
15 #include "esp_fault.h"
16 #include "esp_log.h"
17 #include "soc/efuse_periph.h"
18 #include "sys/param.h"
19
20 static __attribute__((unused)) const char *TAG = "efuse";
21
22 #ifdef CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD
23 #define APP_SEC_VER_SIZE_EFUSE_FIELD CONFIG_BOOTLOADER_APP_SEC_VER_SIZE_EFUSE_FIELD
24 #else
25 #define APP_SEC_VER_SIZE_EFUSE_FIELD 4 // smallest possible size for all chips
26 #endif
27
28 // Reset efuse write registers
esp_efuse_reset(void)29 void esp_efuse_reset(void)
30 {
31 esp_efuse_utility_reset();
32 }
33
esp_efuse_read_secure_version(void)34 uint32_t esp_efuse_read_secure_version(void)
35 {
36 uint32_t secure_version = 0;
37 size_t size = MIN(APP_SEC_VER_SIZE_EFUSE_FIELD, esp_efuse_get_field_size(ESP_EFUSE_SECURE_VERSION));
38 esp_efuse_read_field_blob(ESP_EFUSE_SECURE_VERSION, &secure_version, size);
39 return __builtin_popcount(secure_version & ((1ULL << size) - 1));
40 }
41
esp_efuse_check_secure_version(uint32_t secure_version)42 bool esp_efuse_check_secure_version(uint32_t secure_version)
43 {
44 uint32_t sec_ver_hw = esp_efuse_read_secure_version();
45 /* Additional copies for Anti FI check */
46 uint32_t sec_ver_hw_c1 = esp_efuse_read_secure_version();
47 uint32_t sec_ver_hw_c2 = esp_efuse_read_secure_version();
48 ESP_FAULT_ASSERT(sec_ver_hw == sec_ver_hw_c1);
49 ESP_FAULT_ASSERT(sec_ver_hw == sec_ver_hw_c2);
50
51 bool ret_status = (secure_version >= sec_ver_hw);
52 /* Anti FI check */
53 ESP_FAULT_ASSERT(ret_status == (secure_version >= sec_ver_hw));
54 return ret_status;
55 }
56
esp_efuse_update_secure_version(uint32_t secure_version)57 esp_err_t esp_efuse_update_secure_version(uint32_t secure_version)
58 {
59 size_t size = MIN(APP_SEC_VER_SIZE_EFUSE_FIELD, esp_efuse_get_field_size(ESP_EFUSE_SECURE_VERSION));
60 if (size < secure_version) {
61 ESP_LOGE(TAG, "Max secure version is %d. Given %"PRIu32" version can not be written.", size, secure_version);
62 return ESP_ERR_INVALID_ARG;
63 }
64 esp_efuse_coding_scheme_t coding_scheme = esp_efuse_get_coding_scheme(ESP_EFUSE_SECURE_VERSION_NUM_BLOCK);
65 if (coding_scheme != EFUSE_CODING_SCHEME_NONE) {
66 ESP_LOGE(TAG, "Anti rollback is not supported with any coding scheme.");
67 return ESP_ERR_NOT_SUPPORTED;
68 }
69 uint32_t sec_ver_hw = esp_efuse_read_secure_version();
70 // If secure_version is the same as in eFuse field than it is ok just go out.
71 if (sec_ver_hw < secure_version) {
72 uint32_t num_bit_hw = (1ULL << sec_ver_hw) - 1;
73 uint32_t num_bit_app = (1ULL << secure_version) - 1;
74 // Repeated programming of programmed bits is strictly forbidden
75 uint32_t new_bits = num_bit_app - num_bit_hw; // get only new bits
76 esp_efuse_write_field_blob(ESP_EFUSE_SECURE_VERSION, &new_bits, size);
77 ESP_LOGI(TAG, "Anti-rollback is set. eFuse field is updated(%"PRIu32").", secure_version);
78 } else if (sec_ver_hw > secure_version) {
79 ESP_LOGE(TAG, "Anti-rollback is not set. secure_version of app is lower that eFuse field(%"PRIu32").", sec_ver_hw);
80 return ESP_FAIL;
81 }
82 return ESP_OK;
83 }
84
