1 /*
2 * SPDX-FileCopyrightText: 2015-2021 Espressif Systems (Shanghai) CO LTD
3 *
4 * SPDX-License-Identifier: Apache-2.0
5 */
6
7 #include <strings.h>
8 #include "sdkconfig.h"
9 #include "esp_log.h"
10 #include "esp_efuse.h"
11 #include "esp_efuse_table.h"
12 #include "esp_flash_encrypt.h"
13 #include "esp_secure_boot.h"
14
15 #if CONFIG_IDF_TARGET_ESP32
16 #define CRYPT_CNT ESP_EFUSE_FLASH_CRYPT_CNT
17 #define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT
18 #else
19 #define CRYPT_CNT ESP_EFUSE_SPI_BOOT_CRYPT_CNT
20 #define WR_DIS_CRYPT_CNT ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT
21 #endif
22
23 static const char *TAG = "flash_encrypt";
24 #ifndef BOOTLOADER_BUILD
25
esp_flash_encryption_init_checks()26 void esp_flash_encryption_init_checks()
27 {
28 esp_flash_enc_mode_t mode;
29
30 #ifdef CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP
31 if (!esp_flash_encryption_enabled()) {
32 ESP_LOGE(TAG, "Flash encryption eFuse bit was not enabled in bootloader but CONFIG_SECURE_FLASH_ENC_ENABLED is on");
33 abort();
34 }
35 #endif
36
37 // First check is: if Release mode flash encryption & secure boot are enabled then
38 // FLASH_CRYPT_CNT *must* be write protected. This will have happened automatically
39 // if bootloader is IDF V4.0 or newer but may not have happened for previous ESP-IDF bootloaders.
40 #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
41 #ifdef CONFIG_SECURE_BOOT
42 if (esp_secure_boot_enabled() && esp_flash_encryption_enabled()) {
43 bool flash_crypt_cnt_wr_dis = esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT);
44 if (!flash_crypt_cnt_wr_dis) {
45 uint8_t flash_crypt_cnt = 0;
46 esp_efuse_read_field_blob(CRYPT_CNT, &flash_crypt_cnt, CRYPT_CNT[0]->bit_count);
47 if (flash_crypt_cnt == (1<<(CRYPT_CNT[0]->bit_count))-1) {
48 // If encryption counter is already max, no need to write protect it
49 // (this distinction is important on ESP32 ECO3 where write-procted FLASH_CRYPT_CNT also write-protects UART_DL_DIS)
50 return;
51 }
52 ESP_LOGE(TAG, "Flash encryption & Secure Boot together requires FLASH_CRYPT_CNT efuse to be write protected. Fixing now...");
53 esp_flash_write_protect_crypt_cnt();
54 }
55 }
56 #endif // CONFIG_SECURE_BOOT
57 #endif // CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
58
59 // Second check is to print a warning or error if the current running flash encryption mode
60 // doesn't match the expectation from project config (due to mismatched bootloader and app, probably)
61 mode = esp_get_flash_encryption_mode();
62 if (mode == ESP_FLASH_ENC_MODE_DEVELOPMENT) {
63 #ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
64 ESP_LOGE(TAG, "Flash encryption settings error: app is configured for RELEASE but efuses are set for DEVELOPMENT");
65 ESP_LOGE(TAG, "Mismatch found in security options in bootloader menuconfig and efuse settings. Device is not secure.");
66 #else
67 ESP_LOGW(TAG, "Flash encryption mode is DEVELOPMENT (not secure)");
68 #endif
69 } else if (mode == ESP_FLASH_ENC_MODE_RELEASE) {
70 ESP_LOGI(TAG, "Flash encryption mode is RELEASE");
71 }
72 }
73 #endif
74
esp_flash_write_protect_crypt_cnt(void)75 void esp_flash_write_protect_crypt_cnt(void)
76 {
77 esp_efuse_write_field_bit(WR_DIS_CRYPT_CNT);
78 }
79
esp_get_flash_encryption_mode(void)80 esp_flash_enc_mode_t esp_get_flash_encryption_mode(void)
81 {
82 bool flash_crypt_cnt_wr_dis = false;
83 #if CONFIG_IDF_TARGET_ESP32
84 uint8_t dis_dl_enc = 0, dis_dl_dec = 0, dis_dl_cache = 0;
85 #elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
86 uint8_t dis_dl_enc = 0;
87 uint8_t dis_dl_icache = 0;
88 uint8_t dis_dl_dcache = 0;
89 #elif CONFIG_IDF_TARGET_ESP32C3 || CONFIG_IDF_TARGET_ESP32H2
90 uint8_t dis_dl_enc = 0;
91 uint8_t dis_dl_icache = 0;
92 #endif
93
94 esp_flash_enc_mode_t mode = ESP_FLASH_ENC_MODE_DEVELOPMENT;
95
96 if (esp_flash_encryption_enabled()) {
97 /* Check if FLASH CRYPT CNT is write protected */
98
99 flash_crypt_cnt_wr_dis = esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT);
100 if (!flash_crypt_cnt_wr_dis) {
101 uint8_t flash_crypt_cnt = 0;
102 esp_efuse_read_field_blob(CRYPT_CNT, &flash_crypt_cnt, CRYPT_CNT[0]->bit_count);
103 if (flash_crypt_cnt == (1 << (CRYPT_CNT[0]->bit_count)) - 1) {
104 flash_crypt_cnt_wr_dis = true;
105 }
106 }
107
108 if (flash_crypt_cnt_wr_dis) {
109
110 #if CONFIG_IDF_TARGET_ESP32
111 dis_dl_cache = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_CACHE);
112 dis_dl_enc = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT);
113 dis_dl_dec = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT);
114 /* Check if DISABLE_DL_DECRYPT, DISABLE_DL_ENCRYPT & DISABLE_DL_CACHE are set */
115 if ( dis_dl_cache && dis_dl_enc && dis_dl_dec ) {
116 mode = ESP_FLASH_ENC_MODE_RELEASE;
117 }
118 #elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
119 dis_dl_enc = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
120 dis_dl_icache = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
121 dis_dl_dcache = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE);
122
123 if (dis_dl_enc && dis_dl_icache && dis_dl_dcache) {
124 mode = ESP_FLASH_ENC_MODE_RELEASE;
125 }
126 #elif CONFIG_IDF_TARGET_ESP32C3 || CONFIG_IDF_TARGET_ESP32H2
127 dis_dl_enc = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
128 dis_dl_icache = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
129
130 if (dis_dl_enc && dis_dl_icache) {
131 mode = ESP_FLASH_ENC_MODE_RELEASE;
132 }
133 #endif
134 }
135 } else {
136 mode = ESP_FLASH_ENC_MODE_DISABLED;
137 }
138
139 return mode;
140 }
141
esp_flash_encryption_set_release_mode(void)142 void esp_flash_encryption_set_release_mode(void)
143 {
144 esp_flash_enc_mode_t mode = esp_get_flash_encryption_mode();
145 if (mode == ESP_FLASH_ENC_MODE_RELEASE) {
146 return;
147 }
148 if (mode == ESP_FLASH_ENC_MODE_DISABLED) {
149 ESP_LOGE(TAG, "Flash encryption eFuse is not enabled, abort..");
150 abort();
151 return;
152 }
153 // ESP_FLASH_ENC_MODE_DEVELOPMENT -> ESP_FLASH_ENC_MODE_RELEASE
154 esp_efuse_batch_write_begin();
155 if (!esp_efuse_read_field_bit(WR_DIS_CRYPT_CNT)) {
156 size_t flash_crypt_cnt = 0;
157 esp_efuse_read_field_cnt(CRYPT_CNT, &flash_crypt_cnt);
158 if (flash_crypt_cnt != CRYPT_CNT[0]->bit_count) {
159 esp_efuse_write_field_cnt(CRYPT_CNT, CRYPT_CNT[0]->bit_count - flash_crypt_cnt);
160 }
161 }
162 #if CONFIG_IDF_TARGET_ESP32
163 esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_CACHE);
164 esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT);
165 esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT);
166 #elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
167 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
168 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
169 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE);
170 #elif CONFIG_IDF_TARGET_ESP32C3 || CONFIG_IDF_TARGET_ESP32H2
171 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
172 esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
173 #else
174 ESP_LOGE(TAG, "Flash Encryption support not added, abort..");
175 abort();
176 #endif
177 esp_efuse_disable_rom_download_mode();
178 esp_efuse_batch_write_commit();
179
180 if (esp_get_flash_encryption_mode() != ESP_FLASH_ENC_MODE_RELEASE) {
181 ESP_LOGE(TAG, "Flash encryption mode is DEVELOPMENT, abort..");
182 abort();
183 }
184 ESP_LOGI(TAG, "Flash encryption mode is RELEASE");
185 }
186
