1 // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6
7 // http://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14
15 #include <strings.h>
16
17 #include "bootloader_flash_priv.h"
18 #include "bootloader_random.h"
19 #include "bootloader_utility.h"
20 #include "esp_image_format.h"
21 #include "esp_flash_encrypt.h"
22 #include "esp_flash_partitions.h"
23 #include "esp_secure_boot.h"
24 #include "esp_log.h"
25 #include "esp32s2/rom/secure_boot.h"
26 #include "esp32s2/rom/cache.h"
27 #include "esp_efuse.h"
28 #include "esp_efuse_table.h"
29 #include "hal/wdt_hal.h"
30
31 static const char *TAG = "flash_encrypt";
32
33 /* Static functions for stages of flash encryption */
34 static esp_err_t initialise_flash_encryption(void);
35 static esp_err_t encrypt_flash_contents(uint32_t flash_crypt_cnt, bool flash_crypt_wr_dis) __attribute__((unused));
36 static esp_err_t encrypt_bootloader(void);
37 static esp_err_t encrypt_and_load_partition_table(esp_partition_info_t *partition_table, int *num_partitions);
38 static esp_err_t encrypt_partition(int index, const esp_partition_info_t *partition);
39
esp_flash_encrypt_check_and_update(void)40 esp_err_t esp_flash_encrypt_check_and_update(void)
41 {
42 uint8_t flash_crypt_wr_dis = 0;
43 uint32_t flash_crypt_cnt = 0;
44
45 esp_efuse_read_field_blob(ESP_EFUSE_SPI_BOOT_CRYPT_CNT, &flash_crypt_cnt, 3);
46 esp_efuse_read_field_blob(ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT, &flash_crypt_wr_dis, 1);
47
48 ESP_LOGV(TAG, "SPI_BOOT_CRYPT_CNT 0x%x", flash_crypt_cnt);
49 ESP_LOGV(TAG, "EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT 0x%x", flash_crypt_wr_dis);
50
51 _Static_assert(EFUSE_SPI_BOOT_CRYPT_CNT == 0x7, "assuming CRYPT_CNT is only 3 bits wide");
52
53 if (__builtin_parity(flash_crypt_cnt) == 1) {
54 /* Flash is already encrypted */
55 int left = (flash_crypt_cnt == 1) ? 1 : 0;
56 if (flash_crypt_wr_dis) {
57 left = 0; /* can't update FLASH_CRYPT_CNT, no more flashes */
58 }
59 ESP_LOGI(TAG, "flash encryption is enabled (%d plaintext flashes left)", left);
60 return ESP_OK;
61 } else {
62
63 #ifndef CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
64 /* Flash is not encrypted, so encrypt it! */
65 return encrypt_flash_contents(flash_crypt_cnt, flash_crypt_wr_dis);
66 #else
67 ESP_LOGE(TAG, "flash encryption is not enabled, and SECURE_FLASH_REQUIRE_ALREADY_ENABLED "
68 "is set, refusing to boot.");
69 return ESP_ERR_INVALID_STATE;
70 #endif // CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED
71
72 }
73 }
74
check_and_generate_encryption_keys(void)75 static esp_err_t check_and_generate_encryption_keys(void)
76 {
77 esp_efuse_block_t aes_128_key_block;
78 esp_efuse_block_t aes_256_key_block_1;
79 esp_efuse_block_t aes_256_key_block_2;
80
81 bool has_aes128 = esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY, &aes_128_key_block);
82 bool has_aes256_1 = esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1, &aes_256_key_block_1);
83 bool has_aes256_2 = esp_efuse_find_purpose(ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2, &aes_256_key_block_2);
84 bool has_key = has_aes128 || (has_aes256_1 && has_aes256_2);
85 bool dis_write = false;
86 bool dis_read = false;
87
88 // If there are keys set, they must be write and read protected!
89 if(has_key && has_aes128) {
90 dis_write = esp_efuse_get_key_dis_write(aes_128_key_block);
91 dis_read = esp_efuse_get_key_dis_read(aes_128_key_block);
92 } else if (has_key && has_aes256_1 && has_aes256_2) {
93 dis_write = esp_efuse_get_key_dis_write(aes_256_key_block_1) && esp_efuse_get_key_dis_write(aes_256_key_block_2);
94 dis_read = esp_efuse_get_key_dis_read(aes_256_key_block_1) && esp_efuse_get_key_dis_read(aes_256_key_block_2);
95 }
96
97 if (!has_key && (has_aes256_1 || has_aes256_2)) {
98 ESP_LOGE(TAG, "Invalid efuse key blocks: Both AES-256 key blocks must be set.");
99 return ESP_ERR_INVALID_STATE;
100 }
101
102 if(has_key && (!dis_read || !dis_write)) {
103 ESP_LOGE(TAG, "Invalid key state, a key was set but not read and write protected.");
104 return ESP_ERR_INVALID_STATE;
105 }
106
107 if(!has_key && !dis_write && !dis_read) {
108 ESP_LOGI(TAG, "Generating new flash encryption key...");
109 #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_AES256
110 enum { BLOCKS_NEEDED = 2 };
111 esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
112 ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1,
113 ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2,
114 };
115 #else
116 enum { BLOCKS_NEEDED = 1 };
117 esp_efuse_purpose_t purposes[BLOCKS_NEEDED] = {
118 ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY,
119 };
120 #endif
121 uint8_t keys[BLOCKS_NEEDED][32] = { 0 };
122 for (int i = 0; i < BLOCKS_NEEDED; ++i) {
123 bootloader_fill_random(keys[i], 32);
124 }
125
126 esp_err_t err = esp_efuse_write_keys(purposes, keys, BLOCKS_NEEDED);
127 if (err != ESP_OK) {
128 if (err == ESP_ERR_NOT_ENOUGH_UNUSED_KEY_BLOCKS) {
129 ESP_LOGE(TAG, "Not enough free efuse key blocks (need %d) to continue", BLOCKS_NEEDED);
130 } else {
131 ESP_LOGE(TAG, "Failed to write efuse block with purpose (err=0x%x). Can't continue.", err);
132 }
133 return err;
134 }
135 ESP_LOGD(TAG, "Key generation complete");
136 return ESP_OK;
137
138 } else {
139 ESP_LOGI(TAG, "Using pre-existing key in efuse");
140 return ESP_OK;
141 }
142 }
143
initialise_flash_encryption(void)144 static esp_err_t initialise_flash_encryption(void)
145 {
146 esp_efuse_batch_write_begin(); /* Batch all efuse writes at the end of this function */
147
148 esp_err_t key_state = check_and_generate_encryption_keys();
149 if (key_state != ESP_OK) {
150 esp_efuse_batch_write_cancel();
151 return key_state;
152 }
153
154 #ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC
155 ESP_LOGI(TAG, "Disable UART bootloader encryption...");
156 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
157 #else
158 ESP_LOGW(TAG, "Not disabling UART bootloader encryption");
159 #endif
160
161 #ifndef CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE
162 ESP_LOGI(TAG, "Disable UART bootloader cache...");
163 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE);
164 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
165 #else
166 ESP_LOGW(TAG, "Not disabling UART bootloader cache - SECURITY COMPROMISED");
167 #endif
168
169 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG
170 ESP_LOGI(TAG, "Disable JTAG...");
171 esp_efuse_write_field_bit(ESP_EFUSE_HARD_DIS_JTAG);
172 #else
173 ESP_LOGW(TAG, "Not disabling JTAG - SECURITY COMPROMISED");
174 #endif
175
176 esp_efuse_write_field_bit(ESP_EFUSE_DIS_BOOT_REMAP);
177 esp_efuse_write_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT);
178
179 esp_err_t err = esp_efuse_batch_write_commit();
180 if (err != ESP_OK) {
181 ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err);
182 }
183
184 return err;
185 }
186
187 /* Encrypt all flash data that should be encrypted */
encrypt_flash_contents(uint32_t spi_boot_crypt_cnt,bool flash_crypt_wr_dis)188 static esp_err_t encrypt_flash_contents(uint32_t spi_boot_crypt_cnt, bool flash_crypt_wr_dis)
189 {
190 esp_err_t err;
191 esp_partition_info_t partition_table[ESP_PARTITION_TABLE_MAX_ENTRIES];
192 int num_partitions;
193
194 /* If the last spi_boot_crypt_cnt bit is burned or write-disabled, the
195 device can't re-encrypt itself. */
196 if (flash_crypt_wr_dis || spi_boot_crypt_cnt == EFUSE_SPI_BOOT_CRYPT_CNT) {
197 ESP_LOGE(TAG, "Cannot re-encrypt data SPI_BOOT_CRYPT_CNT 0x%02x write disabled %d", spi_boot_crypt_cnt, flash_crypt_wr_dis);
198 return ESP_FAIL;
199 }
200
201 if (spi_boot_crypt_cnt == 0) {
202 /* Very first flash of encrypted data: generate keys, etc. */
203 err = initialise_flash_encryption();
204 if (err != ESP_OK) {
205 return err;
206 }
207 }
208
209 err = encrypt_bootloader();
210 if (err != ESP_OK) {
211 return err;
212 }
213
214 err = encrypt_and_load_partition_table(partition_table, &num_partitions);
215 if (err != ESP_OK) {
216 return err;
217 }
218
219 /* Now iterate the just-loaded partition table, looking for entries to encrypt */
220 for (int i = 0; i < num_partitions; i++) {
221 err = encrypt_partition(i, &partition_table[i]);
222 if (err != ESP_OK) {
223 return err;
224 }
225 }
226
227 ESP_LOGD(TAG, "All flash regions checked for encryption pass");
228
229 /* Set least significant 0-bit in spi_boot_crypt_cnt */
230 int ffs_inv = __builtin_ffs((~spi_boot_crypt_cnt) & 0x7);
231 /* ffs_inv shouldn't be zero, as zero implies spi_boot_crypt_cnt == 0xFF */
232 uint32_t new_spi_boot_crypt_cnt = (1 << (ffs_inv - 1));
233 ESP_LOGD(TAG, "SPI_BOOT_CRYPT_CNT 0x%x -> 0x%x", spi_boot_crypt_cnt, new_spi_boot_crypt_cnt + spi_boot_crypt_cnt);
234
235 esp_efuse_write_field_blob(ESP_EFUSE_SPI_BOOT_CRYPT_CNT, &new_spi_boot_crypt_cnt, 3);
236
237 #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
238 //Secure SPI boot cnt after its update if needed.
239 const uint32_t spi_boot_cnt_wr_dis = 1;
240 ESP_LOGI(TAG, "Write protecting SPI_CRYPT_CNT eFuse");
241 esp_efuse_write_field_blob(ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT, &spi_boot_cnt_wr_dis, 1);
242 #endif
243 ESP_LOGI(TAG, "Flash encryption completed");
244
245 return ESP_OK;
246 }
247
encrypt_bootloader(void)248 static esp_err_t encrypt_bootloader(void)
249 {
250 esp_err_t err;
251 uint32_t image_length;
252 /* Check for plaintext bootloader (verification will fail if it's already encrypted) */
253 if (esp_image_verify_bootloader(&image_length) == ESP_OK) {
254 ESP_LOGD(TAG, "bootloader is plaintext. Encrypting...");
255
256 #if CONFIG_SECURE_BOOT_V2_ENABLED
257 /* The image length obtained from esp_image_verify_bootloader includes the sector boundary padding and the signature block lengths */
258 if (ESP_BOOTLOADER_OFFSET + image_length > ESP_PARTITION_TABLE_OFFSET) {
259 ESP_LOGE(TAG, "Bootloader is too large to fit Secure Boot V2 signature sector and partition table (configured offset 0x%x)", ESP_PARTITION_TABLE_OFFSET);
260 return ESP_ERR_INVALID_SIZE;
261 }
262 #endif // CONFIG_SECURE_BOOT_V2_ENABLED
263
264 err = esp_flash_encrypt_region(ESP_BOOTLOADER_OFFSET, image_length);
265 if (err != ESP_OK) {
266 ESP_LOGE(TAG, "Failed to encrypt bootloader in place: 0x%x", err);
267 return err;
268 }
269
270 ESP_LOGI(TAG, "bootloader encrypted successfully");
271 return err;
272 }
273 else {
274 ESP_LOGW(TAG, "no valid bootloader was found");
275 return ESP_ERR_NOT_FOUND;
276 }
277 }
278
encrypt_and_load_partition_table(esp_partition_info_t * partition_table,int * num_partitions)279 static esp_err_t encrypt_and_load_partition_table(esp_partition_info_t *partition_table, int *num_partitions)
280 {
281 esp_err_t err;
282 /* Check for plaintext partition table */
283 err = bootloader_flash_read(ESP_PARTITION_TABLE_OFFSET, partition_table, ESP_PARTITION_TABLE_MAX_LEN, false);
284 if (err != ESP_OK) {
285 ESP_LOGE(TAG, "Failed to read partition table data");
286 return err;
287 }
288 if (esp_partition_table_verify(partition_table, false, num_partitions) == ESP_OK) {
289 ESP_LOGD(TAG, "partition table is plaintext. Encrypting...");
290 esp_err_t err = esp_flash_encrypt_region(ESP_PARTITION_TABLE_OFFSET,
291 FLASH_SECTOR_SIZE);
292 if (err != ESP_OK) {
293 ESP_LOGE(TAG, "Failed to encrypt partition table in place. %x", err);
294 return err;
295 }
296 }
297 else {
298 ESP_LOGE(TAG, "Failed to read partition table data - not plaintext?");
299 return ESP_ERR_INVALID_STATE;
300 }
301
302 /* Valid partition table loded */
303 ESP_LOGI(TAG, "partition table encrypted and loaded successfully");
304 return ESP_OK;
305 }
306
307
encrypt_partition(int index,const esp_partition_info_t * partition)308 static esp_err_t encrypt_partition(int index, const esp_partition_info_t *partition)
309 {
310 esp_err_t err;
311 bool should_encrypt = (partition->flags & PART_FLAG_ENCRYPTED);
312
313 if (partition->type == PART_TYPE_APP) {
314 /* check if the partition holds a valid unencrypted app */
315 esp_image_metadata_t data_ignored;
316 err = esp_image_verify(ESP_IMAGE_VERIFY,
317 &partition->pos,
318 &data_ignored);
319 should_encrypt = (err == ESP_OK);
320 } else if (partition->type == PART_TYPE_DATA && partition->subtype == PART_SUBTYPE_DATA_OTA) {
321 /* check if we have ota data partition and the partition should be encrypted unconditionally */
322 should_encrypt = true;
323 }
324
325 if (!should_encrypt) {
326 return ESP_OK;
327 }
328 else {
329 /* should_encrypt */
330 ESP_LOGI(TAG, "Encrypting partition %d at offset 0x%x (length 0x%x)...", index, partition->pos.offset, partition->pos.size);
331
332 err = esp_flash_encrypt_region(partition->pos.offset, partition->pos.size);
333 ESP_LOGI(TAG, "Done encrypting");
334 if (err != ESP_OK) {
335 ESP_LOGE(TAG, "Failed to encrypt partition %d", index);
336 }
337 return err;
338 }
339 }
340
341
esp_flash_encrypt_region(uint32_t src_addr,size_t data_length)342 esp_err_t esp_flash_encrypt_region(uint32_t src_addr, size_t data_length)
343 {
344 esp_err_t err;
345 uint32_t buf[FLASH_SECTOR_SIZE / sizeof(uint32_t)];
346
347 if (src_addr % FLASH_SECTOR_SIZE != 0) {
348 ESP_LOGE(TAG, "esp_flash_encrypt_region bad src_addr 0x%x",src_addr);
349 return ESP_FAIL;
350 }
351
352 wdt_hal_context_t rtc_wdt_ctx = {.inst = WDT_RWDT, .rwdt_dev = &RTCCNTL};
353 for (size_t i = 0; i < data_length; i += FLASH_SECTOR_SIZE) {
354
355 wdt_hal_write_protect_disable(&rtc_wdt_ctx);
356 wdt_hal_feed(&rtc_wdt_ctx);
357 wdt_hal_write_protect_enable(&rtc_wdt_ctx);
358
359 uint32_t sec_start = i + src_addr;
360 err = bootloader_flash_read(sec_start, buf, FLASH_SECTOR_SIZE, false);
361 if (err != ESP_OK) {
362 goto flash_failed;
363 }
364 err = bootloader_flash_erase_sector(sec_start / FLASH_SECTOR_SIZE);
365 if (err != ESP_OK) {
366 goto flash_failed;
367 }
368 err = bootloader_flash_write(sec_start, buf, FLASH_SECTOR_SIZE, true);
369 if (err != ESP_OK) {
370 goto flash_failed;
371 }
372 }
373 return ESP_OK;
374
375 flash_failed:
376 ESP_LOGE(TAG, "flash operation failed: 0x%x", err);
377 return err;
378 }
379
