1 /*
2 * SPDX-FileCopyrightText: 2015-2022 Espressif Systems (Shanghai) CO LTD
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <strings.h>
8 #include "bootloader_flash_priv.h"
9 #include "bootloader_random.h"
10 #include "esp_image_format.h"
11 #include "esp_flash_encrypt.h"
12 #include "esp_flash_partitions.h"
13 #include "esp_secure_boot.h"
14 #include "esp_efuse.h"
15 #include "esp_efuse_table.h"
16 #include "esp_log.h"
17 #include "hal/wdt_hal.h"
18 #include "hal/efuse_hal.h"
19 #include "soc/soc_caps.h"
20 #ifdef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
21 #include "soc/sensitive_reg.h"
22 #endif
23
24 #include "esp_mcuboot_image.h"
25
26 #if CONFIG_IDF_TARGET_ESP32
27 #define CRYPT_CNT ESP_EFUSE_FLASH_CRYPT_CNT
28 #define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT
29 #else
30 #define CRYPT_CNT ESP_EFUSE_SPI_BOOT_CRYPT_CNT
31 #define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT
32 #endif
33
34 #define FLASH_ENC_CNT_MAX (CRYPT_CNT[0]->bit_count)
35
36 /* This file implements FLASH ENCRYPTION related APIs to perform
37 * various operations such as programming necessary flash encryption
38 * eFuses, detect whether flash encryption is enabled (by reading eFuse)
39 * and if required encrypt the partitions in flash memory
40 */
41
42 static const char *TAG = "flash_encrypt";
43
44 /* Static functions for stages of flash encryption */
45 static esp_err_t encrypt_bootloader(void);
46 static esp_err_t encrypt_primary_slot(void);
47 static size_t get_flash_encrypt_cnt_value(void);
48
49 /**
50 * This former inlined function must not be defined in the header file anymore.
51 * As it depends on efuse component, any use of it outside of `bootloader_support`,
52 * would require the caller component to include `efuse` as part of its `REQUIRES` or
53 * `PRIV_REQUIRES` entries.
54 * Attribute IRAM_ATTR must be specified for the app build.
55 */
esp_flash_encryption_enabled(void)56 bool IRAM_ATTR esp_flash_encryption_enabled(void)
57 {
58 #ifndef CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
59 return efuse_hal_flash_encryption_enabled();
60 #else
61 uint32_t flash_crypt_cnt = 0;
62 #if CONFIG_IDF_TARGET_ESP32
63 esp_efuse_read_field_blob(ESP_EFUSE_FLASH_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count);
64 #else
65 esp_efuse_read_field_blob(ESP_EFUSE_SPI_BOOT_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count);
66 #endif
67 /* __builtin_parity is in flash, so we calculate parity inline */
68 bool enabled = false;
69 while (flash_crypt_cnt) {
70 if (flash_crypt_cnt & 1) {
71 enabled = !enabled;
72 }
73 flash_crypt_cnt >>= 1;
74 }
75 return enabled;
76 #endif // CONFIG_EFUSE_VIRTUAL_KEEP_IN_FLASH
77 }
78
get_flash_encrypt_cnt_value(void)79 static size_t get_flash_encrypt_cnt_value(void)
80 {
81 size_t flash_crypt_cnt = 0;
82 esp_efuse_read_field_cnt(CRYPT_CNT, &flash_crypt_cnt);
83 return flash_crypt_cnt;
84 }
85
esp_flash_encrypt_initialized_once(void)86 bool esp_flash_encrypt_initialized_once(void)
87 {
88 return get_flash_encrypt_cnt_value() != 0;
89 }
90
esp_flash_encrypt_is_write_protected(bool print_error)91 bool esp_flash_encrypt_is_write_protected(bool print_error)
92 {
93 if (esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT)) {
94 if (print_error) {
95 ESP_LOGE(TAG, "Flash Encryption cannot be enabled (CRYPT_CNT (%d) is write protected)", get_flash_encrypt_cnt_value());
96 }
97 return true;
98 }
99 return false;
100 }
101
esp_flash_encrypt_state(void)102 bool esp_flash_encrypt_state(void)
103 {
104 size_t flash_crypt_cnt = get_flash_encrypt_cnt_value();
105 bool flash_crypt_wr_dis = esp_flash_encrypt_is_write_protected(false);
106
107 ESP_LOGV(TAG, "CRYPT_CNT %d, write protection %d", flash_crypt_cnt, flash_crypt_wr_dis);
108
109 if (flash_crypt_cnt % 2 == 1) {
110 /* Flash is already encrypted */
111 int left = (FLASH_ENC_CNT_MAX - flash_crypt_cnt) / 2;
112 if (flash_crypt_wr_dis) {
113 left = 0; /* can't update FLASH_CRYPT_CNT, no more flashes */
114 }
115 ESP_LOGI(TAG, "flash encryption is enabled (%d plaintext flashes left)", left);
116 return true;
117 }
118 return false;
119 }
120
esp_flash_encrypt_check_and_update(void)121 esp_err_t esp_flash_encrypt_check_and_update(void)
122 {
123 bool flash_encryption_enabled = esp_flash_encrypt_state();
124 if (!flash_encryption_enabled) {
125 #ifndef CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
126 if (esp_flash_encrypt_is_write_protected(true)) {
127 return ESP_FAIL;
128 }
129
130 esp_err_t err = esp_flash_encrypt_init();
131 if (err != ESP_OK) {
132 ESP_LOGE(TAG, "Initialization of Flash encryption key failed (%d)", err);
133 return err;
134 }
135
136 err = esp_flash_encrypt_contents();
137 if (err != ESP_OK) {
138 ESP_LOGE(TAG, "Encryption flash contents failed (%d)", err);
139 return err;
140 }
141
142 err = esp_flash_encrypt_enable();
143 if (err != ESP_OK) {
144 ESP_LOGE(TAG, "Enabling of Flash encryption failed (%d)", err);
145 return err;
146 }
147 #else
148 ESP_LOGE(TAG, "flash encryption is not enabled, and SECURE_FLASH_REQUIRE_ALREADY_ENABLED "
149 "is set, refusing to boot.");
150 return ESP_ERR_INVALID_STATE;
151 #endif // CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
152 }
153 return ESP_OK;
154 }
155
check_and_generate_encryption_keys(void)156 static esp_err_t check_and_generate_encryption_keys(void)
157 {
158 size_t key_size = 32;
159 #ifdef CONFIG_IDF_TARGET_ESP32
160 enum { BLOCKS_NEEDED = 1 };
161 esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
162 ESP_EFUSE_KEY_PURPOSE_FLASH_ENCRYPTION,
163 };
164 esp_efuse_coding_scheme_t coding_scheme = esp_efuse_get_coding_scheme(EFUSE_BLK_ENCRYPT_FLASH);
165 if (coding_scheme != EFUSE_CODING_SCHEME_NONE && coding_scheme != EFUSE_CODING_SCHEME_3_4) {
166 ESP_LOGE(TAG, "Unknown/unsupported CODING_SCHEME value 0x%x", coding_scheme);
167 return ESP_ERR_NOT_SUPPORTED;
168 }
169 if (coding_scheme == EFUSE_CODING_SCHEME_3_4) {
170 key_size = 24;
171 }
172 #else
173 #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_AES256
174 enum { BLOCKS_NEEDED = 2 };
175 esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
176 ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1,
177 ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2,
178 };
179 if (esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY, NULL)) {
180 ESP_LOGE(TAG, "XTS_AES_128_KEY is already in use, XTS_AES_256_KEY_1/2 can not be used");
181 return ESP_ERR_INVALID_STATE;
182 }
183 #else
184 #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_AES128_DERIVED
185 enum { BLOCKS_NEEDED = 1 };
186 esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
187 ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY_DERIVED_FROM_128_EFUSE_BITS,
188 };
189 key_size = 16;
190 #else
191 enum { BLOCKS_NEEDED = 1 };
192 esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
193 ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY,
194 };
195 #endif // CONFIG_SECURE_FLASH_ENCRYPTION_AES128_DERIVED
196 #endif // CONFIG_SECURE_FLASH_ENCRYPTION_AES256
197 #endif // CONFIG_IDF_TARGET_ESP32
198
199 /* Initialize all efuse block entries to invalid (max) value */
200 esp_efuse_block_t blocks[BLOCKS_NEEDED] = {[0 ... BLOCKS_NEEDED-1] = EFUSE_BLK_KEY_MAX};
201 bool has_key = true;
202 for (unsigned i = 0; i < BLOCKS_NEEDED; i++) {
203 bool tmp_has_key = esp_efuse_find_purpose(purposes[i], &blocks[i]);
204 if (tmp_has_key) { // For ESP32: esp_efuse_find_purpose() always returns True, need to check whether the key block is used or not.
205 tmp_has_key &= !esp_efuse_key_block_unused(blocks[i]);
206 }
207 if (i == 1 && tmp_has_key != has_key) {
208 ESP_LOGE(TAG, "Invalid efuse key blocks: Both AES-256 key blocks must be set.");
209 return ESP_ERR_INVALID_STATE;
210 }
211 has_key &= tmp_has_key;
212 }
213
214 if (!has_key) {
215 /* Generate key */
216 uint8_t keys[BLOCKS_NEEDED][32] = { 0 };
217 ESP_LOGI(TAG, "Generating new flash encryption key...");
218 for (unsigned i = 0; i < BLOCKS_NEEDED; ++i) {
219 bootloader_fill_random(keys[i], key_size);
220 }
221 ESP_LOGD(TAG, "Key generation complete");
222
223 esp_err_t err = esp_efuse_write_keys(purposes, keys, BLOCKS_NEEDED);
224 if (err != ESP_OK) {
225 if (err == ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS) {
226 ESP_LOGE(TAG, "Not enough free efuse key blocks (need %d) to continue", BLOCKS_NEEDED);
227 } else {
228 ESP_LOGE(TAG, "Failed to write efuse block with purpose (err=0x%x). Can't continue.", err);
229 }
230 return err;
231 }
232 } else {
233 for (unsigned i = 0; i < BLOCKS_NEEDED; i++) {
234 if (!esp_efuse_get_key_dis_write(blocks[i])
235 || !esp_efuse_get_key_dis_read(blocks[i])
236 || !esp_efuse_get_keypurpose_dis_write(blocks[i])) { // For ESP32: no keypurpose, it returns always True.
237 ESP_LOGE(TAG, "Invalid key state, check read&write protection for key and keypurpose(if exists)");
238 return ESP_ERR_INVALID_STATE;
239 }
240 }
241 ESP_LOGI(TAG, "Using pre-loaded flash encryption key in efuse");
242 }
243 return ESP_OK;
244 }
245
esp_flash_encrypt_init(void)246 esp_err_t esp_flash_encrypt_init(void)
247 {
248 if (esp_flash_encryption_enabled() || esp_flash_encrypt_initialized_once()) {
249 return ESP_OK;
250 }
251
252 /* Very first flash encryption pass: generate keys, etc. */
253
254 esp_efuse_batch_write_begin(); /* Batch all efuse writes at the end of this function */
255
256 /* Before first flash encryption pass, need to initialise key & crypto config */
257 esp_err_t err = check_and_generate_encryption_keys();
258 if (err != ESP_OK) {
259 esp_efuse_batch_write_cancel();
260 return err;
261 }
262
263 err = esp_flash_encryption_enable_secure_features();
264 if (err != ESP_OK) {
265 esp_efuse_batch_write_cancel();
266 return err;
267 }
268
269 err = esp_efuse_batch_write_commit();
270 if (err != ESP_OK) {
271 ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err);
272 return err;
273 }
274
275 return ESP_OK;
276 }
277
278 /* Encrypt all flash data that should be encrypted */
esp_flash_encrypt_contents(void)279 esp_err_t esp_flash_encrypt_contents(void)
280 {
281 esp_err_t err;
282
283 #ifdef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
284 REG_WRITE(SENSITIVE_XTS_AES_KEY_UPDATE_REG, 1);
285 #endif
286
287 err = encrypt_bootloader();
288 if (err != ESP_OK) {
289 return err;
290 }
291
292 /* If the primary slot executable application is not encrypted,
293 * then encrypt it
294 */
295 err = encrypt_primary_slot();
296 if (err != ESP_OK) {
297 return err;
298 }
299
300 /* Unconditionally encrypts remaining regions
301 * This will need changes when implementing multi-slot support
302 */
303 ESP_LOGI(TAG, "Encrypting remaining flash...");
304 uint32_t region_addr = CONFIG_ESP_IMAGE0_SECONDARY_START_ADDRESS;
305 size_t region_size = CONFIG_ESP_APPLICATION_SIZE;
306 err = esp_flash_encrypt_region(region_addr, region_size);
307 if (err != ESP_OK) {
308 return err;
309 }
310
311 #ifdef CONFIG_ESP_BOOT_SWAP_USING_SCRATCH
312 region_addr = CONFIG_ESP_SCRATCH_OFFSET;
313 region_size = CONFIG_ESP_SCRATCH_SIZE;
314 err = esp_flash_encrypt_region(region_addr, region_size);
315 if (err != ESP_OK) {
316 return err;
317 }
318 #endif
319
320 #if defined(CONFIG_ESP_IMAGE_NUMBER) && (CONFIG_ESP_IMAGE_NUMBER == 2)
321 region_addr = CONFIG_ESP_IMAGE1_PRIMARY_START_ADDRESS;
322 region_size = CONFIG_ESP_APPLICATION_SIZE;
323 err = esp_flash_encrypt_region(region_addr, region_size);
324 if (err != ESP_OK) {
325 return err;
326 }
327 region_addr = CONFIG_ESP_IMAGE1_SECONDARY_START_ADDRESS;
328 region_size = CONFIG_ESP_APPLICATION_SIZE;
329 err = esp_flash_encrypt_region(region_addr, region_size);
330 if (err != ESP_OK) {
331 return err;
332 }
333 #endif
334
335 ESP_LOGI(TAG, "Flash encryption completed");
336
337 return ESP_OK;
338 }
339
esp_flash_encrypt_enable(void)340 esp_err_t esp_flash_encrypt_enable(void)
341 {
342 esp_err_t err = ESP_OK;
343 if (!esp_flash_encryption_enabled()) {
344
345 if (esp_flash_encrypt_is_write_protected(true)) {
346 return ESP_FAIL;
347 }
348
349 size_t flash_crypt_cnt = get_flash_encrypt_cnt_value();
350
351 #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
352 // Go straight to max, permanently enabled
353 ESP_LOGI(TAG, "Setting CRYPT_CNT for permanent encryption");
354 size_t new_flash_crypt_cnt = FLASH_ENC_CNT_MAX - flash_crypt_cnt;
355 #else
356 /* Set least significant 0-bit in flash_crypt_cnt */
357 size_t new_flash_crypt_cnt = 1;
358 #endif
359 ESP_LOGD(TAG, "CRYPT_CNT %d -> %d", flash_crypt_cnt, new_flash_crypt_cnt);
360 err = esp_efuse_write_field_cnt(CRYPT_CNT, new_flash_crypt_cnt);
361
362 #if defined(CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE) && defined(CONFIG_SOC_FLASH_ENCRYPTION_XTS_AES_128_DERIVED)
363 // For AES128_DERIVED, FE key is 16 bytes and XTS_KEY_LENGTH_256 is 0.
364 // It is important to protect XTS_KEY_LENGTH_256 from further changing it to 1. Set write protection for this bit.
365 // Burning WR_DIS_CRYPT_CNT, blocks further changing of eFuses: DOWNLOAD_DIS_MANUAL_ENCRYPT, SPI_BOOT_CRYPT_CNT, [XTS_KEY_LENGTH_256], SECURE_BOOT_EN.
366 esp_efuse_write_field_bit(WR_DIS_CRYPT_CNT);
367 #endif
368 }
369
370 ESP_LOGI(TAG, "Flash encryption completed");
371
372 #ifdef CONFIG_EFUSE_VIRTUAL
373 ESP_LOGW(TAG, "Flash encryption not really completed. Must disable virtual efuses");
374 #endif
375
376 return err;
377 }
378
encrypt_bootloader(void)379 static esp_err_t encrypt_bootloader(void)
380 {
381 esp_err_t err;
382 uint32_t image_length;
383 /* Check for plaintext bootloader (verification will fail if it's already encrypted) */
384 if (esp_image_verify_bootloader(&image_length) == ESP_OK) {
385 ESP_LOGI(TAG, "Encrypting bootloader...");
386
387 err = esp_flash_encrypt_region(ESP_BOOTLOADER_OFFSET, CONFIG_ESP_BOOTLOADER_SIZE);
388 if (err != ESP_OK) {
389 ESP_LOGE(TAG, "Failed to encrypt bootloader in place: 0x%x", err);
390 return err;
391 }
392 ESP_LOGI(TAG, "Bootloader encrypted successfully");
393 } else {
394 ESP_LOGW(TAG, "No valid bootloader was found");
395 return ESP_ERR_NOT_FOUND;
396 }
397
398 return ESP_OK;
399 }
400
verify_img_header(uint32_t addr,const esp_image_load_header_t * image,bool silent)401 static esp_err_t verify_img_header(uint32_t addr, const esp_image_load_header_t *image, bool silent)
402 {
403 esp_err_t err = ESP_OK;
404
405 if (image->header_magic != ESP_LOAD_HEADER_MAGIC) {
406 if (!silent) {
407 ESP_LOGE(TAG, "image at 0x%x has invalid magic byte",
408 addr);
409 }
410 err = ESP_ERR_IMAGE_INVALID;
411 }
412
413 return err;
414 }
415
encrypt_primary_slot(void)416 static esp_err_t encrypt_primary_slot(void)
417 {
418 esp_err_t err;
419
420 esp_image_load_header_t img_header;
421
422 /* Check if the slot is plaintext or encrypted, 0x20 offset is for skipping
423 * MCUboot header
424 */
425 err = bootloader_flash_read(CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS + 0x20,
426 &img_header, sizeof(esp_image_load_header_t), true);
427 if (err != ESP_OK) {
428 ESP_LOGE(TAG, "Failed to read slot img header");
429 return err;
430 } else {
431 err = verify_img_header(CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS,
432 &img_header, true);
433 }
434
435 if (err == ESP_OK) {
436 ESP_LOGI(TAG, "Encrypting primary slot...");
437
438 err = esp_flash_encrypt_region(CONFIG_ESP_IMAGE0_PRIMARY_START_ADDRESS,
439 CONFIG_ESP_APPLICATION_SIZE);
440 if (err != ESP_OK) {
441 ESP_LOGE(TAG, "Failed to encrypt slot in place: 0x%x", err);
442 return err;
443 }
444 } else {
445 ESP_LOGW(TAG, "Slot already encrypted or no valid image was found");
446 }
447
448 return ESP_OK;
449 }
450
esp_flash_encrypt_region(uint32_t src_addr,size_t data_length)451 esp_err_t esp_flash_encrypt_region(uint32_t src_addr, size_t data_length)
452 {
453 esp_err_t err;
454 uint32_t buf[FLASH_SECTOR_SIZE / sizeof(uint32_t)];
455
456 if (src_addr % FLASH_SECTOR_SIZE != 0) {
457 ESP_LOGE(TAG, "esp_flash_encrypt_region bad src_addr 0x%x", src_addr);
458 return ESP_FAIL;
459 }
460
461 wdt_hal_context_t rtc_wdt_ctx = RWDT_HAL_CONTEXT_DEFAULT();
462 for (size_t i = 0; i < data_length; i += FLASH_SECTOR_SIZE) {
463 wdt_hal_write_protect_disable(&rtc_wdt_ctx);
464 wdt_hal_feed(&rtc_wdt_ctx);
465 wdt_hal_write_protect_enable(&rtc_wdt_ctx);
466 uint32_t sec_start = i + src_addr;
467 err = bootloader_flash_read(sec_start, buf, FLASH_SECTOR_SIZE, true);
468 if (err != ESP_OK) {
469 goto flash_failed;
470 }
471 err = bootloader_flash_erase_sector(sec_start / FLASH_SECTOR_SIZE);
472 if (err != ESP_OK) {
473 goto flash_failed;
474 }
475 err = bootloader_flash_write(sec_start, buf, FLASH_SECTOR_SIZE, true);
476 if (err != ESP_OK) {
477 goto flash_failed;
478 }
479 }
480 return ESP_OK;
481
482 flash_failed:
483 ESP_LOGE(TAG, "flash operation failed: 0x%x", err);
484 return err;
485 }
486
