1 /*
2 * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <strings.h>
8 #include "sdkconfig.h"
9 #include "esp_log.h"
10 #include "esp_efuse.h"
11 #include "esp_efuse_table.h"
12 #include "esp_secure_boot.h"
13 #include "hal/efuse_hal.h"
14
15 #ifndef BOOTLOADER_BUILD
16 static __attribute__((unused)) const char *TAG = "secure_boot";
17
18 #ifdef CONFIG_SECURE_BOOT
efuse_batch_write_begin(bool * need_fix)19 static void efuse_batch_write_begin(bool *need_fix)
20 {
21 if (*need_fix == false) {
22 esp_efuse_batch_write_begin();
23 }
24 *need_fix = true;
25 }
26
update_efuses(bool need_fix,esp_err_t err)27 static void update_efuses(bool need_fix, esp_err_t err)
28 {
29 if (need_fix) {
30 if (err != ESP_OK) {
31 ESP_LOGE(TAG, "Can not be fixed (err=0x%x).", err);
32 esp_efuse_batch_write_cancel();
33 } else {
34 err = esp_efuse_batch_write_commit();
35 if (err != ESP_OK) {
36 ESP_LOGE(TAG, "Error programming eFuses (err=0x%x)", err);
37 return;
38 } else {
39 ESP_LOGI(TAG, "Fixed");
40 }
41 }
42 }
43 }
44 #ifdef CONFIG_SECURE_BOOT_V1_ENABLED
secure_boot_v1_check(bool * need_fix)45 static esp_err_t secure_boot_v1_check(bool *need_fix)
46 {
47 esp_err_t err = ESP_OK;
48 esp_efuse_block_t block = EFUSE_BLK_SECURE_BOOT;
49 if (!esp_efuse_get_key_dis_read(block)) {
50 efuse_batch_write_begin(need_fix);
51 ESP_LOGW(TAG, "eFuse BLOCK%d should not be readable. Fixing..", block);
52 err = esp_efuse_set_key_dis_read(block);
53 }
54 if (!esp_efuse_get_key_dis_write(block)) {
55 efuse_batch_write_begin(need_fix);
56 ESP_LOGW(TAG, "eFuse BLOCK%d should not be writeable. Fixing..", block);
57 if (err == ESP_OK) {
58 err = esp_efuse_set_key_dis_write(block);
59 }
60 }
61 return err;
62 }
63 #elif SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS == 1 && CONFIG_SECURE_BOOT_V2_ENABLED
secure_boot_v2_check(bool * need_fix)64 static esp_err_t secure_boot_v2_check(bool *need_fix)
65 {
66 esp_err_t err = ESP_OK;
67 esp_efuse_block_t block = EFUSE_BLK_SECURE_BOOT;
68 #ifndef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
69 if (esp_efuse_get_key_dis_read(block)) {
70 ESP_LOGE(TAG, "eFuse BLOCK%d should be readable", block);
71 abort();
72 // This code is not achievable because the bootloader will not boot an app in this state.
73 // But we keep it here just in case (any unexpected behavior).
74 }
75 #endif
76 if (esp_efuse_block_is_empty(block)) {
77 ESP_LOGE(TAG, "eFuse BLOCK%d should not be empty", block);
78 abort();
79 // This code is not achievable because the bootloader will not boot an app in this state.
80 // But we keep it here just in case (any unexpected behavior).
81 }
82 if (!esp_efuse_get_key_dis_write(block)) {
83 efuse_batch_write_begin(need_fix);
84 ESP_LOGW(TAG, "eFuse BLOCK%d should not be writeable. Fixing..", block);
85 err = esp_efuse_set_key_dis_write(block);
86 }
87 return err;
88 }
89 #elif SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS > 1 && CONFIG_SECURE_BOOT_V2_ENABLED
secure_boot_v2_check(bool * need_fix)90 static esp_err_t secure_boot_v2_check(bool *need_fix)
91 {
92 esp_err_t err = ESP_OK;
93 esp_efuse_purpose_t purpose[SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS] = {
94 ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST0,
95 ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST1,
96 ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST2,
97 };
98
99 for (unsigned i = 0; i < SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS; ++i) {
100 esp_efuse_block_t block;
101 if (esp_efuse_find_purpose(purpose[i], &block)) {
102 if (!esp_efuse_get_digest_revoke(i)) {
103 if (esp_efuse_get_key_dis_read(block)) {
104 ESP_LOGE(TAG, "eFuse BLOCK%d should be readable", block);
105 abort();
106 // This state is not expected unless the eFuses have been manually misconfigured.
107 }
108 if (esp_efuse_block_is_empty(block)) {
109 ESP_LOGE(TAG, "eFuse BLOCK%d should not be empty", block);
110 abort();
111 // This state is not expected unless the eFuses have been manually misconfigured.
112 }
113 if (!esp_efuse_get_key_dis_write(block)) {
114 efuse_batch_write_begin(need_fix);
115 ESP_LOGW(TAG, "eFuse BLOCK%d should not be writeable. Fixing..", block);
116 if (err == ESP_OK) {
117 err = esp_efuse_set_key_dis_write(block);
118 }
119 }
120 }
121 if (!esp_efuse_get_keypurpose_dis_write(block)) {
122 efuse_batch_write_begin(need_fix);
123 ESP_LOGW(TAG, "The KEY_PURPOSE_SECURE_BOOT_DIGEST%d should be write-protected. Fixing..", block);
124 if (err == ESP_OK) {
125 err = esp_efuse_set_keypurpose_dis_write(block);
126 }
127 }
128 } else {
129 if (!esp_efuse_get_digest_revoke(i)) {
130 #ifndef CONFIG_SECURE_BOOT_ALLOW_UNUSED_DIGEST_SLOTS
131 efuse_batch_write_begin(need_fix);
132 ESP_LOGW(TAG, "Unused SECURE_BOOT_DIGEST%d should be revoked. Fixing..", i);
133 if (err == ESP_OK) {
134 err = esp_efuse_set_digest_revoke(i);
135 }
136 #else
137 ESP_LOGW(TAG, "Unused SECURE_BOOT_DIGEST%d should be revoked. It will not be fixed due to the config", i);
138 #endif
139 }
140 }
141 }
142 return err;
143 }
144 #endif
145 #endif // CONFIG_SECURE_BOOT
146
147 #if (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME) && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
148
check_signature_on_update_check(void)149 static void check_signature_on_update_check(void)
150 {
151 // We rely on the keys used to sign this app to verify the next app on OTA, so make sure there is at
152 // least one to avoid a stuck firmware
153 esp_image_sig_public_key_digests_t digests = { 0 };
154
155 esp_err_t err = esp_secure_boot_get_signature_blocks_for_running_app(false, &digests);
156
157 if (err != ESP_OK || digests.num_digests == 0) {
158 ESP_LOGE(TAG, "This app is not signed, but check signature on update is enabled in config. It won't be possible to verify any update.");
159 abort();
160 }
161 #if CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT && SECURE_BOOT_NUM_BLOCKS > 1
162 if (digests.num_digests > 1) {
163 ESP_LOGW(TAG, "App has %d signatures. Only the first position of signature blocks is used to verify any update", digests.num_digests);
164 }
165 #endif
166 }
167 #endif // (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME) && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
168
esp_secure_boot_init_checks(void)169 void esp_secure_boot_init_checks(void)
170 {
171 #ifdef CONFIG_SECURE_BOOT
172
173 if (esp_secure_boot_enabled()) {
174 bool need_fix = false;
175 #ifdef CONFIG_SECURE_BOOT_V1_ENABLED
176 esp_err_t err = secure_boot_v1_check(&need_fix);
177 #else
178 esp_err_t err = secure_boot_v2_check(&need_fix);
179 #endif
180 update_efuses(need_fix, err);
181 } else {
182 ESP_LOGE(TAG, "Mismatch in secure boot settings: the app config is enabled but eFuse not");
183 }
184 #endif // CONFIG_SECURE_BOOT
185
186
187 #if (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME) && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
188 check_signature_on_update_check();
189 #endif // (CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME) && CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
190
191 }
192
193 #ifdef CONFIG_IDF_TARGET_ESP32
esp_secure_boot_cfg_verify_release_mode(void)194 bool esp_secure_boot_cfg_verify_release_mode(void)
195 {
196 bool result = false;
197 bool secure;
198
199 bool secure_boot_v1 = esp_efuse_read_field_bit(ESP_EFUSE_ABS_DONE_0);
200 bool chip_supports_sbv2 = efuse_hal_chip_revision() >= 300;
201 bool secure_boot_v2 = (chip_supports_sbv2) ? esp_efuse_read_field_bit(ESP_EFUSE_ABS_DONE_1) : false;
202 result = secure_boot_v1 || secure_boot_v2;
203 if (secure_boot_v1 && secure_boot_v2) {
204 ESP_LOGI(TAG, "ABS_DONE_0=1 (V1) and ABS_DONE_1=1 (V2)");
205 ESP_LOGI(TAG, "Secure boot V2 shall take the precedence");
206 } else if (!secure_boot_v1 && !secure_boot_v2) {
207 result = false;
208 ESP_LOGE(TAG, "Not enabled Secure Boot V1 (set ABS_DONE_0->1)");
209 if (chip_supports_sbv2) {
210 ESP_LOGE(TAG, "Not enabled Secure Boot V2 (set ABS_DONE_1->1)");
211 }
212 }
213
214 if (secure_boot_v1 && !secure_boot_v2) {
215 secure = esp_efuse_read_field_bit(ESP_EFUSE_RD_DIS_BLK2);
216 result &= secure;
217 if (!secure) {
218 ESP_LOGW(TAG, "Not read-protected secure boot key (set RD_DIS_BLK2->1)");
219 }
220 }
221
222 secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_BLK2);
223 result &= secure;
224 if (!secure) {
225 ESP_LOGW(TAG, "Not write-protected secure boot key (set WR_DIS_BLK2->1)");
226 }
227
228 secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_JTAG);
229 result &= secure;
230 if (!secure) {
231 ESP_LOGW(TAG, "Not disabled JTAG (set DISABLE_JTAG->1)");
232 }
233
234 secure = esp_efuse_read_field_bit(ESP_EFUSE_CONSOLE_DEBUG_DISABLE);
235 result &= secure;
236 if (!secure) {
237 ESP_LOGW(TAG, "Not disabled ROM BASIC interpreter fallback (set CONSOLE_DEBUG_DISABLE->1)");
238 }
239
240 if (secure_boot_v2) {
241 secure = esp_efuse_read_field_bit(ESP_EFUSE_UART_DOWNLOAD_DIS);
242 result &= secure;
243 if (!secure) {
244 ESP_LOGW(TAG, "Not disabled UART ROM Download mode (set UART_DOWNLOAD_DIS->1)");
245 }
246
247 secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_EFUSE_RD_DISABLE);
248 result &= secure;
249 if (!secure) {
250 ESP_LOGW(TAG, "Not disabled write-protection for read-protection (set WR_DIS_EFUSE_RD_DISABLE->1)");
251 }
252 }
253
254 return result;
255 }
256 #else // not CONFIG_IDF_TARGET_ESP32
esp_secure_boot_cfg_verify_release_mode(void)257 bool esp_secure_boot_cfg_verify_release_mode(void)
258 {
259 bool result = false;
260 bool secure;
261
262 secure = esp_secure_boot_enabled();
263 result = secure;
264 if (!secure) {
265 ESP_LOGW(TAG, "Not enabled Secure Boot (SECURE_BOOT_EN->1)");
266 }
267
268 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MODE);
269 bool en_secure_download = esp_efuse_read_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD);
270 if (!secure && !en_secure_download) {
271 result &= false;
272 ESP_LOGW(TAG, "Download mode has not been changed, disable it or set security mode:");
273 ESP_LOGW(TAG, "Not disabled ROM Download mode (DIS_DOWNLOAD_MODE->1)");
274 ESP_LOGW(TAG, "Not enabled Security download mode (ENABLE_SECURITY_DOWNLOAD->1)");
275 }
276
277 #if SOC_EFUSE_DIS_BOOT_REMAP
278 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_BOOT_REMAP);
279 result &= secure;
280 if (!secure) {
281 ESP_LOGW(TAG, "Not disabled boot from RAM (set DIS_BOOT_REMAP->1)");
282 }
283 #endif
284
285 #if SOC_EFUSE_DIS_LEGACY_SPI_BOOT
286 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT);
287 result &= secure;
288 if (!secure) {
289 ESP_LOGW(TAG, "Not disabled Legcy SPI boot (set DIS_LEGACY_SPI_BOOT->1)");
290 }
291 #endif
292
293 #if SOC_EFUSE_DIS_DIRECT_BOOT
294 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);
295 result &= secure;
296 if (!secure) {
297 ESP_LOGW(TAG, "Not disabled direct boot mode (set DIS_DIRECT_BOOT->1)");
298 }
299 #endif
300
301 #if SOC_EFUSE_HARD_DIS_JTAG
302 secure = esp_efuse_read_field_bit(ESP_EFUSE_HARD_DIS_JTAG);
303 result &= secure;
304 if (!secure) {
305 ESP_LOGW(TAG, "Not disabled JTAG (set HARD_DIS_JTAG->1)");
306 }
307 #endif
308
309 #if SOC_EFUSE_SOFT_DIS_JTAG
310 size_t soft_dis_jtag_cnt_val = 0;
311 esp_efuse_read_field_cnt(ESP_EFUSE_SOFT_DIS_JTAG, &soft_dis_jtag_cnt_val);
312 if (soft_dis_jtag_cnt_val != ESP_EFUSE_SOFT_DIS_JTAG[0]->bit_count) {
313 result &= secure;
314 ESP_LOGW(TAG, "Not disabled JTAG in the soft way (set SOFT_DIS_JTAG->max)");
315 }
316 #endif
317
318 #if SOC_EFUSE_DIS_PAD_JTAG
319 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_PAD_JTAG);
320 result &= secure;
321 if (!secure) {
322 ESP_LOGW(TAG, "Not disabled JTAG PADs (set DIS_PAD_JTAG->1)");
323 }
324 #endif
325
326 #if SOC_EFUSE_DIS_USB_JTAG
327 secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_USB_JTAG);
328 result &= secure;
329 if (!secure) {
330 ESP_LOGW(TAG, "Not disabled USB JTAG (set DIS_USB_JTAG->1)");
331 }
332 #endif
333
334 #ifdef CONFIG_SECURE_BOOT_ENABLE_AGGRESSIVE_KEY_REVOKE
335 secure = esp_efuse_read_field_bit(ESP_EFUSE_SECURE_BOOT_AGGRESSIVE_REVOKE);
336 result &= secure;
337 if (!secure) {
338 ESP_LOGW(TAG, "Not enabled AGGRESSIVE KEY REVOKE (set SECURE_BOOT_AGGRESSIVE_REVOKE->1)");
339 }
340 #endif
341
342 secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
343 result &= secure;
344 if (!secure) {
345 ESP_LOGW(TAG, "Not disabled write-protection for read-protection (set WR_DIS_RD_DIS->1)");
346 }
347
348 #if SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS == 1
349 unsigned purpose = ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_V2;
350 #else
351 unsigned purpose = ESP_EFUSE_KEY_PURPOSE_SECURE_BOOT_DIGEST0; // DIGEST0, DIGEST1 and DIGEST2
352 #endif
353 secure = false;
354 unsigned num_keys = 0;
355 for (unsigned i = 0; i < SOC_EFUSE_SECURE_BOOT_KEY_DIGESTS; ++i) {
356 esp_efuse_block_t block;
357 if (esp_efuse_find_purpose(purpose + i, &block)) {
358 // if chip has a few secure boot slots then we check all
359 #if SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY
360 bool revoke = esp_efuse_get_digest_revoke(i);
361 if (revoke) {
362 continue;
363 }
364 #endif
365 ++num_keys;
366 #if SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
367 secure = !esp_efuse_read_field_bit(ESP_EFUSE_RD_DIS_KEY0_HI);
368 #else
369 secure = !esp_efuse_get_key_dis_read(block);
370 #endif // !SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
371 result &= secure;
372 if (!secure) {
373 ESP_LOGE(TAG, "Secure boot key in BLOCK%d must NOT be read-protected (can not be used)", block);
374 #if SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY
375 ESP_LOGE(TAG, "Revoke this secure boot key (set SECURE_BOOT_KEY_REVOKE%d->1)", i);
376 #endif
377 }
378 secure = !esp_efuse_block_is_empty(block);
379 result &= secure;
380 if (!secure) {
381 ESP_LOGE(TAG, "Secure boot key in BLOCK%d must NOT be empty (can not be used)", block);
382 #if SOC_SUPPORT_SECURE_BOOT_REVOKE_KEY
383 ESP_LOGE(TAG, "Revoke this secure boot key (set SECURE_BOOT_KEY_REVOKE%d->1)", i);
384 #endif
385 }
386 secure = esp_efuse_get_key_dis_write(block);
387 result &= secure;
388 if (!secure) {
389 ESP_LOGW(TAG, "Not write-protected secure boot key in BLOCK%d (set WR_DIS_KEY%d->1)", block, block - EFUSE_BLK_KEY0);
390 }
391 #if SOC_EFUSE_KEY_PURPOSE_FIELD
392 secure = esp_efuse_get_keypurpose_dis_write(block);
393 result &= secure;
394 if (!secure) {
395 ESP_LOGW(TAG, "Not write-protected KEY_PURPOSE for BLOCK%d (set WR_DIS_KEY_PURPOSE%d->1)", block, block - EFUSE_BLK_KEY0);
396 }
397 #endif
398 }
399 }
400 result &= secure;
401
402 secure = (num_keys != 0);
403 result &= secure;
404 if (!secure) {
405 ESP_LOGE(TAG, "No secure boot key found");
406 }
407
408 return result;
409 }
410 #endif // not CONFIG_IDF_TARGET_ESP32
411
412 #endif // not BOOTLOADER_BUILD
413
