components/bootloader_support/src/secure_boot.c

   1 // Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
   2 //
   3 // Licensed under the Apache License, Version 2.0 (the "License");
   4 // you may not use this file except in compliance with the License.
   5 // You may obtain a copy of the License at
   6
   7 //     http://www.apache.org/licenses/LICENSE-2.0
   8 //
   9 // Unless required by applicable law or agreed to in writing, software
  10 // distributed under the License is distributed on an "AS IS" BASIS,
  11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  12 // See the License for the specific language governing permissions and
  13 // limitations under the License.
  14
  15 #include <string.h>
  16
  17 #include "esp_attr.h"
  18 #include "esp_types.h"
  19 #include "esp_log.h"
  20
  21 #include "rom/cache.h"
  22 #include "rom/ets_sys.h"
  23 #include "rom/secure_boot.h"
  24
  25 #include "soc/dport_reg.h"
  26 #include "soc/io_mux_reg.h"
  27 #include "soc/efuse_reg.h"
  28 #include "soc/rtc_cntl_reg.h"
  29
  30 #include "sdkconfig.h"
  31
  32 #include "bootloader_flash.h"
  33 #include "bootloader_random.h"
  34 #include "esp_image_format.h"
  35 #include "esp_secure_boot.h"
  36 #include "esp_flash_encrypt.h"
  37 #include "esp_efuse.h"
  38
  39 static const char* TAG = "secure_boot";
  40
  41 /**
  42  *  @function :     secure_boot_generate
  43  *  @description:   generate boot digest (aka "abstract") & iv
  44  *
  45  *  @inputs:        image_len - length of image to calculate digest for
  46  */
  47 static bool secure_boot_generate(uint32_t image_len){
  48     esp_err_t err;
  49     esp_secure_boot_iv_digest_t digest;
  50     const uint32_t *image;
  51
  52     /* hardware secure boot engine only takes full blocks, so round up the
  53        image length. The additional data should all be 0xFF.
  54     */
  55     if (image_len % sizeof(digest.iv) != 0) {
  56         image_len = (image_len / sizeof(digest.iv) + 1) * sizeof(digest.iv);
  57     }
  58     ets_secure_boot_start();
  59     ets_secure_boot_rd_iv((uint32_t *)digest.iv);
  60     ets_secure_boot_hash(NULL);
  61     /* iv stored in sec 0 */
  62     err = bootloader_flash_erase_sector(0);
  63     if (err != ESP_OK)
  64     {
  65         ESP_LOGE(TAG, "SPI erase failed: 0x%x", err);
  66         return false;
  67     }
  68
  69     /* generate digest from image contents */
  70     image = bootloader_mmap(ESP_BOOTLOADER_OFFSET, image_len);
  71     if (!image) {
  72         ESP_LOGE(TAG, "bootloader_mmap(0x1000, 0x%x) failed", image_len);
  73         return false;
  74     }
  75     for (int i = 0; i < image_len; i+= sizeof(digest.iv)) {
  76         ets_secure_boot_hash(&image[i/sizeof(uint32_t)]);
  77     }
  78     bootloader_munmap(image);
  79
  80     ets_secure_boot_obtain();
  81     ets_secure_boot_rd_abstract((uint32_t *)digest.digest);
  82     ets_secure_boot_finish();
  83
  84     ESP_LOGD(TAG, "write iv+digest to flash");
  85     err = bootloader_flash_write(FLASH_OFFS_SECURE_BOOT_IV_DIGEST, &digest,
  86                            sizeof(digest), esp_flash_encryption_enabled());
  87     if (err != ESP_OK) {
  88         ESP_LOGE(TAG, "SPI write failed: 0x%x", err);
  89         return false;
  90     }
  91     Cache_Read_Enable(0);
  92     return true;
  93 }
  94
  95 /* Burn values written to the efuse write registers */
  96 static inline void burn_efuses()
  97 {
  98 #ifdef CONFIG_SECURE_BOOT_TEST_MODE
  99     ESP_LOGE(TAG, "SECURE BOOT TEST MODE. Not really burning any efuses! NOT SECURE");
 100 #else
 101     esp_efuse_burn_new_values();
 102 #endif
 103 }
 104
 105 esp_err_t esp_secure_boot_permanently_enable(void) {
 106     esp_err_t err;
 107     uint32_t image_len = 0;
 108     if (esp_secure_boot_enabled())
 109     {
 110         ESP_LOGI(TAG, "bootloader secure boot is already enabled, continuing..");
 111         return ESP_OK;
 112     }
 113
 114     err = esp_image_verify_bootloader(&image_len);
 115     if (err != ESP_OK) {
 116         ESP_LOGE(TAG, "bootloader image appears invalid! error %d", err);
 117         return err;
 118     }
 119
 120     uint32_t dis_reg = REG_READ(EFUSE_BLK0_RDATA0_REG);
 121     bool efuse_key_read_protected = dis_reg & EFUSE_RD_DIS_BLK2;
 122     bool efuse_key_write_protected = dis_reg & EFUSE_WR_DIS_BLK2;
 123     if (efuse_key_read_protected == false
 124         && efuse_key_write_protected == false
 125         && REG_READ(EFUSE_BLK2_RDATA0_REG) == 0
 126         && REG_READ(EFUSE_BLK2_RDATA1_REG) == 0
 127         && REG_READ(EFUSE_BLK2_RDATA2_REG) == 0
 128         && REG_READ(EFUSE_BLK2_RDATA3_REG) == 0
 129         && REG_READ(EFUSE_BLK2_RDATA4_REG) == 0
 130         && REG_READ(EFUSE_BLK2_RDATA5_REG) == 0
 131         && REG_READ(EFUSE_BLK2_RDATA6_REG) == 0
 132         && REG_READ(EFUSE_BLK2_RDATA7_REG) == 0) {
 133         ESP_LOGI(TAG, "Generating new secure boot key...");
 134         uint32_t buf[8];
 135         bootloader_fill_random(buf, sizeof(buf));
 136         for (int i = 0; i < 8; i++) {
 137             ESP_LOGV(TAG, "EFUSE_BLK2_WDATA%d_REG = 0x%08x", i, buf[i]);
 138             REG_WRITE(EFUSE_BLK2_WDATA0_REG + 4*i, buf[i]);
 139         }
 140         bzero(buf, sizeof(buf));
 141         burn_efuses();
 142         ESP_LOGI(TAG, "Read & write protecting new key...");
 143         REG_WRITE(EFUSE_BLK0_WDATA0_REG, EFUSE_WR_DIS_BLK2 | EFUSE_RD_DIS_BLK2);
 144         burn_efuses();
 145         efuse_key_read_protected = true;
 146         efuse_key_write_protected = true;
 147
 148     } else {
 149         ESP_LOGW(TAG, "Using pre-loaded secure boot key in EFUSE block 2");
 150     }
 151
 152     ESP_LOGI(TAG, "Generating secure boot digest...");
 153     if (false == secure_boot_generate(image_len)){
 154         ESP_LOGE(TAG, "secure boot generation failed");
 155         return ESP_FAIL;
 156     }
 157     ESP_LOGI(TAG, "Digest generation complete.");
 158
 159 #ifndef CONFIG_SECURE_BOOT_TEST_MODE
 160     if (!efuse_key_read_protected) {
 161         ESP_LOGE(TAG, "Pre-loaded key is not read protected. Refusing to blow secure boot efuse.");
 162         return ESP_ERR_INVALID_STATE;
 163     }
 164     if (!efuse_key_write_protected) {
 165         ESP_LOGE(TAG, "Pre-loaded key is not write protected. Refusing to blow secure boot efuse.");
 166         return ESP_ERR_INVALID_STATE;
 167     }
 168 #endif
 169
 170     ESP_LOGI(TAG, "blowing secure boot efuse...");
 171     ESP_LOGD(TAG, "before updating, EFUSE_BLK0_RDATA6 %x", REG_READ(EFUSE_BLK0_RDATA6_REG));
 172
 173     uint32_t new_wdata6 = EFUSE_RD_ABS_DONE_0;
 174
 175 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG
 176     ESP_LOGI(TAG, "Disable JTAG...");
 177     new_wdata6 |= EFUSE_RD_DISABLE_JTAG;
 178 #else
 179     ESP_LOGW(TAG, "Not disabling JTAG - SECURITY COMPROMISED");
 180 #endif
 181
 182 #ifndef CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC
 183     ESP_LOGI(TAG, "Disable ROM BASIC interpreter fallback...");
 184     new_wdata6 |= EFUSE_RD_CONSOLE_DEBUG_DISABLE;
 185 #else
 186     ESP_LOGW(TAG, "Not disabling ROM BASIC fallback - SECURITY COMPROMISED");
 187 #endif
 188
 189     REG_WRITE(EFUSE_BLK0_WDATA6_REG, new_wdata6);
 190     burn_efuses();
 191     uint32_t after = REG_READ(EFUSE_BLK0_RDATA6_REG);
 192     ESP_LOGD(TAG, "after updating, EFUSE_BLK0_RDATA6 %x", after);
 193     if (after & EFUSE_RD_ABS_DONE_0) {
 194         ESP_LOGI(TAG, "secure boot is now enabled for bootloader image");
 195         return ESP_OK;
 196     } else {
 197 #ifdef CONFIG_SECURE_BOOT_TEST_MODE
 198         ESP_LOGE(TAG, "secure boot not enabled due to test mode");
 199 #else
 200         ESP_LOGE(TAG, "secure boot not enabled for bootloader image, EFUSE_RD_ABS_DONE_0 is probably write protected!");
 201 #endif
 202         return ESP_ERR_INVALID_STATE;
 203     }
 204 }