1 /*
2  * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
3  *
4  * SPDX-License-Identifier: Apache-2.0
5  */
6 
7 #include <strings.h>
8 #include "bootloader_flash_priv.h"
9 #include "bootloader_random.h"
10 #include "esp_image_format.h"
11 #include "esp_flash_encrypt.h"
12 #include "esp_flash_partitions.h"
13 #include "esp_secure_boot.h"
14 #include "esp_efuse.h"
15 #include "esp_efuse_table.h"
16 #include "esp_log.h"
17 #include "hal/wdt_hal.h"
18 #include "hal/efuse_hal.h"
19 #include "soc/soc_caps.h"
20 #ifdef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
21 #include "soc/sensitive_reg.h"
22 #endif
23 
24 #include "esp_mcuboot_image.h"
25 
26 #if CONFIG_IDF_TARGET_ESP32
27 #define CRYPT_CNT ESP_EFUSE_FLASH_CRYPT_CNT
28 #define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT
29 #else
30 #define CRYPT_CNT ESP_EFUSE_SPI_BOOT_CRYPT_CNT
31 #define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT
32 #endif
33 
34 #define FLASH_ENC_CNT_MAX (CRYPT_CNT[0]->bit_count)
35 
36 /* This file implements FLASH ENCRYPTION related APIs to perform
37  * various operations such as programming necessary flash encryption
38  * eFuses, detect whether flash encryption is enabled (by reading eFuse)
39  * and if required encrypt the partitions in flash memory
40  */
41 
42 static const char *TAG = "flash_encrypt";
43 
44 /* Static functions for stages of flash encryption */
45 static esp_err_t encrypt_bootloader(void);
46 static esp_err_t encrypt_primary_slot(void);
47 static size_t get_flash_encrypt_cnt_value(void);
48 
49 /**
50  * This former inlined function must not be defined in the header file anymore.
51  * As it depends on efuse component, any use of it outside of `bootloader_support`,
52  * would require the caller component to include `efuse` as part of its `REQUIRES` or
53  * `PRIV_REQUIRES` entries.
54  * Attribute IRAM_ATTR must be specified for the app build.
55  */
esp_flash_encryption_enabled(void)56 bool IRAM_ATTR esp_flash_encryption_enabled(void)
57 {
58 #ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
59     return efuse_hal_flash_encryption_enabled();
60 #else
61     uint32_t flash_crypt_cnt = 0;
62 #if CONFIG_IDF_TARGET_ESP32
63     esp_efuse_read_field_blob(ESP_EFUSE_FLASH_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count);
64 #else
65     esp_efuse_read_field_blob(ESP_EFUSE_SPI_BOOT_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count);
66 #endif
67     /* __builtin_parity is in flash, so we calculate parity inline */
68     bool enabled = false;
69     while (flash_crypt_cnt) {
70         if (flash_crypt_cnt & 1) {
71             enabled = !enabled;
72         }
73         flash_crypt_cnt >>= 1;
74     }
75     return enabled;
76 #endif // CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
77 }
78 
get_flash_encrypt_cnt_value(void)79 static size_t get_flash_encrypt_cnt_value(void)
80 {
81     size_t flash_crypt_cnt = 0;
82     esp_efuse_read_field_cnt(CRYPT_CNT, &flash_crypt_cnt);
83     return flash_crypt_cnt;
84 }
85 
esp_flash_encrypt_initialized_once(void)86 bool esp_flash_encrypt_initialized_once(void)
87 {
88     return get_flash_encrypt_cnt_value() != 0;
89 }
90 
esp_flash_encrypt_is_write_protected(bool print_error)91 bool esp_flash_encrypt_is_write_protected(bool print_error)
92 {
93     if (esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT)) {
94         if (print_error) {
95             ESP_LOGE(TAG, "Flash Encryption cannot be enabled (CRYPT_CNT (%d) is write protected)", get_flash_encrypt_cnt_value());
96         }
97         return true;
98     }
99     return false;
100 }
101 
esp_flash_encrypt_state(void)102 bool esp_flash_encrypt_state(void)
103 {
104     size_t flash_crypt_cnt = get_flash_encrypt_cnt_value();
105     bool flash_crypt_wr_dis = esp_flash_encrypt_is_write_protected(false);
106 
107     ESP_LOGV(TAG, "CRYPT_CNT %d, write protection %d", flash_crypt_cnt, flash_crypt_wr_dis);
108 
109     if (flash_crypt_cnt % 2 == 1) {
110         /* Flash is already encrypted */
111         int left = (FLASH_ENC_CNT_MAX - flash_crypt_cnt) / 2;
112         if (flash_crypt_wr_dis) {
113             left = 0; /* can't update FLASH_CRYPT_CNT, no more flashes */
114         }
115         ESP_LOGI(TAG, "flash encryption is enabled (%d plaintext flashes left)", left);
116         return true;
117     }
118     return false;
119 }
120 
esp_flash_encrypt_check_and_update(void)121 esp_err_t esp_flash_encrypt_check_and_update(void)
122 {
123     bool flash_encryption_enabled = esp_flash_encrypt_state();
124     if (!flash_encryption_enabled) {
125 #ifndef CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
126         if (esp_flash_encrypt_is_write_protected(true)) {
127             return ESP_FAIL;
128         }
129 
130         esp_err_t err = esp_flash_encrypt_init();
131         if (err != ESP_OK) {
132             ESP_LOGE(TAG, "Initialization of Flash encryption key failed (%d)", err);
133             return err;
134         }
135 
136         err = esp_flash_encrypt_contents();
137         if (err != ESP_OK) {
138             ESP_LOGE(TAG, "Encryption flash contents failed (%d)", err);
139             return err;
140         }
141 
142         err = esp_flash_encrypt_enable();
143         if (err != ESP_OK) {
144             ESP_LOGE(TAG, "Enabling of Flash encryption failed (%d)", err);
145             return err;
146         }
147 #else
148         ESP_LOGE(TAG, "flash encryption is not enabled, and SECURE_FLASH_REQUIRE_ALREADY_ENABLED "
149                       "is set, refusing to boot.");
150         return ESP_ERR_INVALID_STATE;
151 #endif // CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
152     }
153     return ESP_OK;
154 }
155 
check_and_generate_encryption_keys(void)156 static esp_err_t check_and_generate_encryption_keys(void)
157 {
158     size_t key_size = 32;
159 #ifdef CONFIG_IDF_TARGET_ESP32
160     enum { BLOCKS_NEEDED = 1 };
161     esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
162         ESP_EFUSE_KEY_PURPOSE_FLASH_ENCRYPTION,
163     };
164     esp_efuse_coding_scheme_t coding_scheme = esp_efuse_get_coding_scheme(EFUSE_BLK_ENCRYPT_FLASH);
165     if (coding_scheme != EFUSE_CODING_SCHEME_NONE && coding_scheme != EFUSE_CODING_SCHEME_3_4) {
166         ESP_LOGE(TAG, "Unknown/unsupported CODING_SCHEME value 0x%x", coding_scheme);
167         return ESP_ERR_NOT_SUPPORTED;
168     }
169     if (coding_scheme == EFUSE_CODING_SCHEME_3_4) {
170         key_size = 24;
171     }
172 #else
173 #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_AES256
174     enum { BLOCKS_NEEDED = 2 };
175     esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
176         ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1,
177         ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2,
178     };
179     if (esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY, NULL)) {
180         ESP_LOGE(TAG, "XTS_AES_128_KEY is already in use, XTS_AES_256_KEY_1/2 can not be used");
181         return ESP_ERR_INVALID_STATE;
182     }
183 #else
184 #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_AES128_DERIVED
185     enum { BLOCKS_NEEDED = 1 };
186     esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
187         ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY_DERIVED_FROM_128_EFUSE_BITS,
188     };
189     key_size = 16;
190 #else
191     enum { BLOCKS_NEEDED = 1 };
192     esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
193         ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY,
194     };
195 #endif // CONFIG_SECURE_FLASH_ENCRYPTION_AES128_DERIVED
196 #endif // CONFIG_SECURE_FLASH_ENCRYPTION_AES256
197 #endif // CONFIG_IDF_TARGET_ESP32
198 
199     /* Initialize all efuse block entries to invalid (max) value */
200     esp_efuse_block_t blocks[BLOCKS_NEEDED] = {[0 ... BLOCKS_NEEDED-1] = EFUSE_BLK_KEY_MAX};
201     bool has_key = true;
202     for (unsigned i = 0; i < BLOCKS_NEEDED; i++) {
203         bool tmp_has_key = esp_efuse_find_purpose(purposes[i], &blocks[i]);
204         if (tmp_has_key) { // For ESP32: esp_efuse_find_purpose() always returns True, need to check whether the key block is used or not.
205             tmp_has_key &= !esp_efuse_key_block_unused(blocks[i]);
206         }
207         if (i == 1 && tmp_has_key != has_key) {
208             ESP_LOGE(TAG, "Invalid efuse key blocks: Both AES-256 key blocks must be set.");
209             return ESP_ERR_INVALID_STATE;
210         }
211         has_key &= tmp_has_key;
212     }
213 
214     if (!has_key) {
215         /* Generate key */
216         uint8_t keys[BLOCKS_NEEDED][32] = { 0 };
217         ESP_LOGI(TAG, "Generating new flash encryption key...");
218         for (unsigned i = 0; i < BLOCKS_NEEDED; ++i) {
219             bootloader_fill_random(keys[i], key_size);
220         }
221         ESP_LOGD(TAG, "Key generation complete");
222 
223         esp_err_t err = esp_efuse_write_keys(purposes, keys, BLOCKS_NEEDED);
224         if (err != ESP_OK) {
225             if (err == ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS) {
226                 ESP_LOGE(TAG, "Not enough free efuse key blocks (need %d) to continue", BLOCKS_NEEDED);
227             } else {
228                 ESP_LOGE(TAG, "Failed to write efuse block with purpose (err=0x%x). Can't continue.", err);
229             }
230             return err;
231         }
232     } else {
233         for (unsigned i = 0; i < BLOCKS_NEEDED; i++) {
234             if (!esp_efuse_get_key_dis_write(blocks[i])
235                 || !esp_efuse_get_key_dis_read(blocks[i])
236                 || !esp_efuse_get_keypurpose_dis_write(blocks[i])) { // For ESP32: no keypurpose, it returns always True.
237                 ESP_LOGE(TAG, "Invalid key state, check read&write protection for key and keypurpose(if exists)");
238                 return ESP_ERR_INVALID_STATE;
239             }
240         }
241         ESP_LOGI(TAG, "Using pre-loaded flash encryption key in efuse");
242     }
243     return ESP_OK;
244 }
245 
esp_flash_encrypt_init(void)246 esp_err_t esp_flash_encrypt_init(void)
247 {
248     if (esp_flash_encryption_enabled() || esp_flash_encrypt_initialized_once()) {
249         return ESP_OK;
250     }
251 
252     /* Very first flash encryption pass: generate keys, etc. */
253 
254     esp_efuse_batch_write_begin(); /* Batch all efuse writes at the end of this function */
255 
256     /* Before first flash encryption pass, need to initialise key & crypto config */
257     esp_err_t err = check_and_generate_encryption_keys();
258     if (err != ESP_OK) {
259         esp_efuse_batch_write_cancel();
260         return err;
261     }
262 
263     err = esp_flash_encryption_enable_secure_features();
264     if (err != ESP_OK) {
265         esp_efuse_batch_write_cancel();
266         return err;
267     }
268 
269     err = esp_efuse_batch_write_commit();
270     if (err != ESP_OK) {
271         ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err);
272         return err;
273     }
274 
275     return ESP_OK;
276 }
277 
278 /* Encrypt all flash data that should be encrypted */
esp_flash_encrypt_contents(void)279 esp_err_t esp_flash_encrypt_contents(void)
280 {
281     esp_err_t err;
282 
283 #ifdef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
284     REG_WRITE(SENSITIVE_XTS_AES_KEY_UPDATE_REG, 1);
285 #endif
286 
287     err = encrypt_bootloader();
288     if (err != ESP_OK) {
289         return err;
290     }
291 
292     /* If the primary slot executable application is not encrypted,
293      * then encrypt it
294      */
295     err = encrypt_primary_slot();
296     if (err != ESP_OK) {
297         return err;
298     }
299 
300     /* Unconditionally encrypts remaining regions
301      * This will need changes when implementing multi-slot support
302      */
303     ESP_LOGI(TAG, "Encrypting remaining flash...");
304     uint32_t region_addr = CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS;
305     size_t region_size = CONFIG_ESP_APPLICATION_SIZE;
306     err = esp_flash_encrypt_region(region_addr, region_size);
307     if (err != ESP_OK) {
308         return err;
309     }
310 
311 #ifdef CONFIG_ESP_BOOT_SWAP_USING_SCRATCH
312     region_addr = CONFIG_ESP_SCRATCH_OFFSET;
313     region_size = CONFIG_ESP_SCRATCH_SIZE;
314     err = esp_flash_encrypt_region(region_addr, region_size);
315     if (err != ESP_OK) {
316         return err;
317     }
318 #endif
319 
320 #if defined(CONFIG_ESP_IMAGE_NUMBER) && (CONFIG_ESP_IMAGE_NUMBER == 2)
321     region_addr = CONFIG_ESP_IMAGE1_PRIMARY_START_ADDRESS;
322     region_size = CONFIG_ESP_APPLICATION_SIZE;
323     err = esp_flash_encrypt_region(region_addr, region_size);
324     if (err != ESP_OK) {
325         return err;
326     }
327     region_addr = CONFIG_ESP_IMAGE1_SECONDARY_START_ADDRESS;
328     region_size = CONFIG_ESP_APPLICATION_SIZE;
329     err = esp_flash_encrypt_region(region_addr, region_size);
330     if (err != ESP_OK) {
331         return err;
332     }
333 #endif
334 
335     ESP_LOGI(TAG, "Flash encryption completed");
336 
337     return ESP_OK;
338 }
339 
esp_flash_encrypt_enable(void)340 esp_err_t esp_flash_encrypt_enable(void)
341 {
342     esp_err_t err = ESP_OK;
343     if (!esp_flash_encryption_enabled()) {
344 
345         if (esp_flash_encrypt_is_write_protected(true)) {
346             return ESP_FAIL;
347         }
348 
349         size_t flash_crypt_cnt = get_flash_encrypt_cnt_value();
350 
351 #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
352         // Go straight to max, permanently enabled
353         ESP_LOGI(TAG, "Setting CRYPT_CNT for permanent encryption");
354         size_t new_flash_crypt_cnt = FLASH_ENC_CNT_MAX - flash_crypt_cnt;
355 #else
356         /* Set least significant 0-bit in flash_crypt_cnt */
357         size_t new_flash_crypt_cnt = 1;
358 #endif
359         ESP_LOGD(TAG, "CRYPT_CNT %d -> %d", flash_crypt_cnt, new_flash_crypt_cnt);
360         err = esp_efuse_write_field_cnt(CRYPT_CNT, new_flash_crypt_cnt);
361 
362 #if defined(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE) && defined(CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED)
363         // For AES128_DERIVED, FE key is 16 bytes and XTS_KEY_LENGTH_256 is 0.
364         // It is important to protect XTS_KEY_LENGTH_256 from further changing it to 1. Set write protection for this bit.
365         // Burning WR_DIS_CRYPT_CNT, blocks further changing of eFuses: DOWNLOAD_DIS_MANUAL_ENCRYPT, SPI_BOOT_CRYPT_CNT, [XTS_KEY_LENGTH_256], SECURE_BOOT_EN.
366         esp_efuse_write_field_bit(WR_DIS_CRYPT_CNT);
367 #endif
368     }
369 
370     ESP_LOGI(TAG, "Flash encryption completed");
371 
372 #ifdef CONFIG_EFUSE_VIRTUAL
373     ESP_LOGW(TAG, "Flash encryption not really completed. Must disable virtual efuses");
374 #endif
375 
376     return err;
377 }
378 
encrypt_bootloader(void)379 static esp_err_t encrypt_bootloader(void)
380 {
381     esp_err_t err;
382     uint32_t image_length;
383     /* Check for plaintext bootloader (verification will fail if it's already encrypted) */
384     if (esp_image_verify_bootloader(&image_length) == ESP_OK) {
385         ESP_LOGI(TAG, "Encrypting bootloader...");
386 
387         err = esp_flash_encrypt_region(ESP_BOOTLOADER_OFFSET, CONFIG_ESP_BOOTLOADER_SIZE);
388         if (err != ESP_OK) {
389             ESP_LOGE(TAG, "Failed to encrypt bootloader in place: 0x%x", err);
390             return err;
391         }
392         ESP_LOGI(TAG, "Bootloader encrypted successfully");
393     } else {
394         ESP_LOGW(TAG, "No valid bootloader was found");
395         return ESP_ERR_NOT_FOUND;
396     }
397 
398     return ESP_OK;
399 }
400 
verify_img_header(uint32_t addr,const esp_image_load_header_t * image,bool silent)401 static esp_err_t verify_img_header(uint32_t addr, const esp_image_load_header_t *image, bool silent)
402 {
403     esp_err_t err = ESP_OK;
404 
405     if (image->header_magic != ESP_LOAD_HEADER_MAGIC) {
406         if (!silent) {
407             ESP_LOGE(TAG, "image at 0x%x has invalid magic byte",
408                      addr);
409         }
410         err = ESP_ERR_IMAGE_INVALID;
411     }
412 
413     return err;
414 }
415 
encrypt_primary_slot(void)416 static esp_err_t encrypt_primary_slot(void)
417 {
418     esp_err_t err;
419 
420     esp_image_load_header_t img_header;
421 
422     /* Check if the slot is plaintext or encrypted, 0x20 offset is for skipping
423      * MCUboot header
424      */
425     err = bootloader_flash_read(CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS + 0x20,
426                                 &img_header, sizeof(esp_image_load_header_t), true);
427     if (err != ESP_OK) {
428         ESP_LOGE(TAG, "Failed to read slot img header");
429         return err;
430     } else {
431         err = verify_img_header(CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS,
432                                 &img_header, true);
433     }
434 
435     if (err == ESP_OK) {
436         ESP_LOGI(TAG, "Encrypting primary slot...");
437 
438         err = esp_flash_encrypt_region(CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS,
439                                        CONFIG_ESP_APPLICATION_SIZE);
440         if (err != ESP_OK) {
441             ESP_LOGE(TAG, "Failed to encrypt slot in place: 0x%x", err);
442             return err;
443         }
444     } else {
445         ESP_LOGW(TAG, "Slot already encrypted or no valid image was found");
446     }
447 
448     return ESP_OK;
449 }
450 
esp_flash_encrypt_region(uint32_t src_addr,size_t data_length)451 esp_err_t esp_flash_encrypt_region(uint32_t src_addr, size_t data_length)
452 {
453     esp_err_t err;
454     uint32_t buf[FLASH_SECTOR_SIZE / sizeof(uint32_t)];
455 
456     if (src_addr % FLASH_SECTOR_SIZE != 0) {
457         ESP_LOGE(TAG, "esp_flash_encrypt_region bad src_addr 0x%x", src_addr);
458         return ESP_FAIL;
459     }
460 
461     wdt_hal_context_t rtc_wdt_ctx = RWDT_HAL_CONTEXT_DEFAULT();
462     for (size_t i = 0; i < data_length; i += FLASH_SECTOR_SIZE) {
463         wdt_hal_write_protect_disable(&rtc_wdt_ctx);
464         wdt_hal_feed(&rtc_wdt_ctx);
465         wdt_hal_write_protect_enable(&rtc_wdt_ctx);
466         uint32_t sec_start = i + src_addr;
467         err = bootloader_flash_read(sec_start, buf, FLASH_SECTOR_SIZE, true);
468         if (err != ESP_OK) {
469             goto flash_failed;
470         }
471         err = bootloader_flash_erase_sector(sec_start / FLASH_SECTOR_SIZE);
472         if (err != ESP_OK) {
473             goto flash_failed;
474         }
475         err = bootloader_flash_write(sec_start, buf, FLASH_SECTOR_SIZE, true);
476         if (err != ESP_OK) {
477             goto flash_failed;
478         }
479     }
480     return ESP_OK;
481 
482 flash_failed:
483     ESP_LOGE(TAG, "flash operation failed: 0x%x", err);
484     return err;
485 }
486