Merge branch 'feature/apply_new_version_logic_v4.4' into 'release/v4.4'

all: Apply new version logic (major * 100 + minor) (v4.4) See merge request espressif/esp-idf!22481
espressif · Mar 10, 2023 · 8232f23 · 8232f23
2 parents 1500d70 + df09f86
commit 8232f23
Show file tree

Hide file tree

Showing 64 changed files with 659 additions and 152 deletions.
diff --git a/components/bootloader/Kconfig.projbuild b/components/bootloader/Kconfig.projbuild
@@ -428,17 +428,22 @@ menu "Security features"
         select MBEDTLS_ECDSA_C
         depends on SECURE_SIGNED_ON_BOOT || SECURE_SIGNED_ON_UPDATE
 
+    config SECURE_ESP32_SUPPORTS_RSA
+        bool
+        default y if ESP32_REV_MIN_FULL >= 300
+        depends on IDF_TARGET_ESP32
+
     config SECURE_BOOT_SUPPORTS_RSA
         bool
         default y
-        depends on ESP32_REV_MIN_3 || IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32S3
+        # RSA secure boot is supported in ESP32 revision >= v3.0
+        depends on SECURE_ESP32_SUPPORTS_RSA || IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32S3 # NOERROR
 
     config SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
         bool
         default y
         depends on IDF_TARGET_ESP32S2 || IDF_TARGET_ESP32C3 || IDF_TARGET_ESP32S3
 
-
     config SECURE_SIGNED_APPS_NO_SECURE_BOOT
         bool "Require signed app images"
         depends on !SECURE_BOOT
@@ -508,7 +513,8 @@ menu "Security features"
     config SECURE_BOOT
         bool "Enable hardware Secure Boot in bootloader (READ DOCS FIRST)"
         default n
-        depends on IDF_TARGET_ESP32 || IDF_TARGET_ESP32S2 || ESP32C3_REV_MIN >= 3 || IDF_TARGET_ESP32S3
+        # Secure boot is not supported for ESP32-C3 revision < v0.3
+        depends on IDF_TARGET_ESP32 || IDF_TARGET_ESP32S2 || (IDF_TARGET_ESP32C3 && ESP32C3_REV_MIN_FULL >= 3) || IDF_TARGET_ESP32S3 # NOERROR
         select ESPTOOLPY_NO_STUB if !IDF_TARGET_ESP32 && !IDF_TARGET_ESP32S2
         help
             Build a bootloader which enables Secure Boot on first boot.
@@ -521,7 +527,7 @@ menu "Security features"
 
     choice SECURE_BOOT_VERSION
         bool "Select secure boot version"
-        default SECURE_BOOT_V2_ENABLED if ESP32_REV_MIN_3
+        default SECURE_BOOT_V2_ENABLED if ESP32_REV_MIN_FULL >= 300
         depends on SECURE_BOOT
         help
             Select the Secure Boot Version. Depends on the Chip Revision.
@@ -874,7 +880,7 @@ menu "Security features"
         default SECURE_ENABLE_SECURE_ROM_DL_MODE if SECURE_TARGET_HAS_SECURE_ROM_DL_MODE && !SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT # NOERROR
         default SECURE_INSECURE_ALLOW_DL_MODE
         depends on SECURE_BOOT_V2_ENABLED || SECURE_FLASH_ENC_ENABLED
-        depends on !IDF_TARGET_ESP32 || ESP32_REV_MIN_3
+        depends on !(IDF_TARGET_ESP32 && ESP32_REV_MIN_FULL < 300)
 
         config SECURE_DISABLE_ROM_DL_MODE
             bool "UART ROM download mode (Permanently disabled (recommended))"

diff --git a/components/bootloader/subproject/main/component.mk b/components/bootloader/subproject/main/component.mk
@@ -17,7 +17,7 @@ ifdef CONFIG_IDF_TARGET_ESP32
     ifndef CONFIG_SPI_FLASH_ROM_DRIVER_PATCH
         LINKER_SCRIPTS += $(IDF_PATH)/components/esp_rom/$(IDF_TARGET)/ld/$(IDF_TARGET).rom.spiflash.ld
     endif
-    ifdef CONFIG_ESP32_REV_MIN_3
+    ifeq ($(shell expr $(CONFIG_ESP32_REV_MIN_FULL) \>= 300), 1)
         LINKER_SCRIPTS += $(IDF_PATH)/components/esp_rom/$(IDF_TARGET)/ld/$(IDF_TARGET).rom.eco3.ld
     endif
 endif

diff --git a/components/bootloader_support/include/esp_app_format.h b/components/bootloader_support/include/esp_app_format.h
@@ -79,8 +79,15 @@ typedef struct {
                                 * pin and sets this field to 0xEE=disabled) */
     uint8_t spi_pin_drv[3];     /*!< Drive settings for the SPI flash pins (read by ROM bootloader) */
     esp_chip_id_t chip_id;      /*!< Chip identification number */
-    uint8_t min_chip_rev;       /*!< Minimum chip revision supported by image */
-    uint8_t reserved[8];       /*!< Reserved bytes in additional header space, currently unused */
+    uint8_t min_chip_rev;       /*!< Minimal chip revision supported by image
+                                 * After the Major and Minor revision eFuses were introduced into the chips, this field is no longer used.
+                                 * But for compatibility reasons, we keep this field and the data in it.
+                                 * Use min_chip_rev_full instead.
+                                 * The software interprets this as a Major version for most of the chips and as a Minor version for the ESP32-C3.
+                                 */
+    uint16_t min_chip_rev_full; /*!< Minimal chip revision supported by image, in format: major * 100 + minor */
+    uint16_t max_chip_rev_full; /*!< Maximal chip revision supported by image, in format: major * 100 + minor */
+    uint8_t reserved[4];        /*!< Reserved bytes in additional header space, currently unused */
     uint8_t hash_appended;      /*!< If 1, a SHA256 digest "simple hash" (of the entire image) is appended after the checksum.
                                  * Included in image length. This digest
                                  * is separate to secure boot and only used for detecting corruption.

diff --git a/components/bootloader_support/include/esp_secure_boot.h b/components/bootloader_support/include/esp_secure_boot.h
@@ -200,7 +200,7 @@ typedef struct {
  */
 esp_err_t esp_secure_boot_verify_ecdsa_signature_block(const esp_secure_boot_sig_block_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
 
-#if !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_3
+#if !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_FULL >= 300
 /**
  * @brief Structure to hold public key digests calculated from the signature blocks of a single image.
  *
@@ -223,7 +223,7 @@ typedef struct {
  *
  */
 esp_err_t esp_secure_boot_verify_rsa_signature_block(const ets_secure_boot_signature_t *sig_block, const uint8_t *image_digest, uint8_t *verified_digest);
-#endif // !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_3
+#endif // !CONFIG_IDF_TARGET_ESP32 || CONFIG_ESP32_REV_MIN_FULL >= 300
 
 /** @brief Legacy ECDSA verification function
  *

diff --git a/components/bootloader_support/src/bootloader_clock_init.c b/components/bootloader_support/src/bootloader_clock_init.c
@@ -7,6 +7,7 @@
 #include "soc/soc.h"
 #include "soc/rtc.h"
 #include "soc/efuse_periph.h"
+#include "soc/chip_revision.h"
 #include "soc/rtc_cntl_reg.h"
 #if CONFIG_IDF_TARGET_ESP32
 #include "soc/dport_reg.h"
@@ -33,7 +34,7 @@ __attribute__((weak)) void bootloader_clock_configure(void)
      * document). For rev. 0, switch to 240 instead if it has been enabled
      * previously.
      */
-    if (efuse_hal_get_major_chip_version() == 0 &&
+    if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 100) &&
             DPORT_REG_GET_FIELD(DPORT_CPU_PER_CONF_REG, DPORT_CPUPERIOD_SEL) == DPORT_CPUPERIOD_SEL_240) {
         cpu_freq_mhz = 240;
     }

diff --git a/components/bootloader_support/src/bootloader_common_loader.c b/components/bootloader_support/src/bootloader_common_loader.c
@@ -22,6 +22,8 @@
 #include "soc/gpio_periph.h"
 #include "soc/rtc.h"
 #include "soc/efuse_reg.h"
+#include "soc/chip_revision.h"
+#include "hal/efuse_ll.h"
 #include "hal/efuse_hal.h"
 #include "soc/soc_memory_types.h"
 #include "hal/gpio_ll.h"
@@ -31,6 +33,7 @@
 #include "bootloader_flash_priv.h"
 
 #define ESP_PARTITION_HASH_LEN 32 /* SHA-256 digest length */
+#define IS_MAX_REV_SET(max_chip_rev_full) (((max_chip_rev_full) != 65535) && ((max_chip_rev_full) != 0))
 
 static const char* TAG = "boot_comm";
 
@@ -60,34 +63,38 @@ int bootloader_common_get_active_otadata(esp_ota_select_entry_t *two_otadata)
     return bootloader_common_select_otadata(two_otadata, valid_two_otadata, true);
 }
 
-esp_err_t bootloader_common_check_chip_validity(const esp_image_header_t* img_hdr, esp_image_type type)
+esp_err_t __attribute__((optimize("-Os"))) bootloader_common_check_chip_validity(const esp_image_header_t* img_hdr, esp_image_type type)
 {
     esp_err_t err = ESP_OK;
     esp_chip_id_t chip_id = CONFIG_IDF_FIRMWARE_CHIP_ID;
     if (chip_id != img_hdr->chip_id) {
         ESP_LOGE(TAG, "mismatch chip ID, expected %d, found %d", chip_id, img_hdr->chip_id);
         err = ESP_FAIL;
-    }
-
+    } else {
 #ifndef CONFIG_IDF_ENV_FPGA
-#if defined(CONFIG_IDF_TARGET_ESP32) || defined(CONFIG_IDF_TARGET_ESP32S2) || defined(CONFIG_IDF_TARGET_ESP32H2)
-    uint8_t revision = efuse_hal_get_major_chip_version();
-    // min_chip_rev keeps the MAJOR wafer version for these chips
-#else
-    uint8_t revision = efuse_hal_get_minor_chip_version();
-    // min_chip_rev keeps the MINOR wafer version for these chips
-#endif
-    if (revision < img_hdr->min_chip_rev) {
-        /* To fix this error, please update mininum supported chip revision from configuration,
-         * located in TARGET (e.g. ESP32) specific options under "Component config" menu */
-        ESP_LOGE(TAG, "This chip is revision %d but the application is configured for minimum revision %d. Can't run.", revision, img_hdr->min_chip_rev);
-        err = ESP_FAIL;
-    } else if (revision != img_hdr->min_chip_rev) {
-#ifdef BOOTLOADER_BUILD
-        ESP_LOGI(TAG, "chip revision: %d, min. %s chip revision: %d", revision, type == ESP_IMAGE_BOOTLOADER ? "bootloader" : "application", img_hdr->min_chip_rev);
-#endif
-    }
+        unsigned revision = efuse_hal_chip_revision();
+        unsigned int major_rev = revision / 100;
+        unsigned int minor_rev = revision % 100;
+        unsigned min_rev = img_hdr->min_chip_rev_full;
+        if (type == ESP_IMAGE_BOOTLOADER || type == ESP_IMAGE_APPLICATION) {
+            if (!ESP_CHIP_REV_ABOVE(revision, min_rev)) {
+                ESP_LOGE(TAG, "Image requires chip rev >= v%d.%d, but chip is v%d.%d",
+                         min_rev / 100, min_rev % 100,
+                         major_rev, minor_rev);
+                err = ESP_FAIL;
+            }
+        }
+        if (type == ESP_IMAGE_APPLICATION) {
+            unsigned max_rev = img_hdr->max_chip_rev_full;
+            if ((IS_MAX_REV_SET(max_rev) && (revision > max_rev) && !efuse_ll_get_disable_wafer_version_major())) {
+                ESP_LOGE(TAG, "Image requires chip rev <= v%d.%d, but chip is v%d.%d",
+                         max_rev / 100, max_rev % 100,
+                         major_rev, minor_rev);
+                err = ESP_FAIL;
+            }
+        }
 #endif // CONFIG_IDF_ENV_FPGA
+    }
 
     return err;
 }

diff --git a/components/bootloader_support/src/bootloader_flash_config_esp32.c b/components/bootloader_support/src/bootloader_flash_config_esp32.c
@@ -17,6 +17,7 @@
 #include "soc/spi_reg.h"
 #include "soc/soc_caps.h"
 #include "soc/soc_pins.h"
+#include "soc/chip_revision.h"
 #include "hal/efuse_hal.h"
 #include "hal/gpio_hal.h"
 #include "flash_qio_mode.h"
@@ -169,16 +170,13 @@ int bootloader_flash_get_wp_pin(void)
     return CONFIG_SPIRAM_SPIWP_SD3_PIN; // can be set for app when DIO or DOUT config used for PSRAM only
 #else
     // no custom value, find it based on the package eFuse value
-    uint8_t chip_ver;
-    uint32_t pkg_ver = bootloader_common_get_chip_ver_pkg();
-    switch(pkg_ver) {
+    switch(bootloader_common_get_chip_ver_pkg()) {
     case EFUSE_RD_CHIP_VER_PKG_ESP32U4WDH:
     case EFUSE_RD_CHIP_VER_PKG_ESP32D2WDQ5:
         return ESP32_D2WD_WP_GPIO;
     case EFUSE_RD_CHIP_VER_PKG_ESP32PICOD4:
         /* Same package IDs are used for ESP32-PICO-V3 and ESP32-PICO-D4, silicon version differentiates */
-        chip_ver = efuse_hal_get_major_chip_version();
-        return (chip_ver < 3) ? ESP32_D2WD_WP_GPIO : ESP32_PICO_V3_GPIO;
+        return !ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 300) ? ESP32_D2WD_WP_GPIO : ESP32_PICO_V3_GPIO;
     case EFUSE_RD_CHIP_VER_PKG_ESP32PICOV302:
         return ESP32_PICO_V3_GPIO;
     default:

diff --git a/components/bootloader_support/src/esp32c3/bootloader_esp32c3.c b/components/bootloader_support/src/esp32c3/bootloader_esp32c3.c
@@ -23,6 +23,7 @@
 #include "soc/extmem_reg.h"
 #include "soc/io_mux_reg.h"
 #include "soc/system_reg.h"
+#include "soc/chip_revision.h"
 #include "esp32c3/rom/efuse.h"
 #include "esp32c3/rom/spi_flash.h"
 #include "esp32c3/rom/cache.h"
@@ -259,7 +260,7 @@ static inline void bootloader_hardware_init(void)
 {
     // This check is always included in the bootloader so it can
     // print the minimum revision error message later in the boot
-    if (efuse_hal_get_minor_chip_version() < 3) {
+    if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 3)) {
         REGI2C_WRITE_MASK(I2C_ULP, I2C_ULP_IR_FORCE_XPD_IPH, 1);
         REGI2C_WRITE_MASK(I2C_BIAS, I2C_BIAS_DREG_1P1_PVT, 12);
     }
@@ -272,8 +273,7 @@ static inline void bootloader_ana_reset_config(void)
       For ECO2: fix brownout reset bug, support swt & brownout reset;
       For ECO3: fix clock glitch reset bug, support all reset, include: swt & brownout & clock glitch reset.
     */
-    uint8_t chip_version = efuse_hal_get_minor_chip_version();
-    switch (chip_version) {
+    switch (efuse_hal_chip_revision()) {
         case 0:
         case 1:
             //Enable WDT reset. Disable BOR and GLITCH reset

diff --git a/components/efuse/esp32/esp_efuse_fields.c b/components/efuse/esp32/esp_efuse_fields.c
@@ -13,6 +13,7 @@
 #include "esp_err.h"
 #include "esp_log.h"
 #include "soc/efuse_periph.h"
+#include "soc/chip_revision.h"
 #include "hal/efuse_hal.h"
 #include "bootloader_random.h"
 #include "sys/param.h"
@@ -41,9 +42,9 @@ void esp_efuse_disable_basic_rom_console(void)
 
 esp_err_t esp_efuse_disable_rom_download_mode(void)
 {
-#ifndef CONFIG_ESP32_REV_MIN_3
+#if CONFIG_ESP32_REV_MIN_FULL < 300
     /* Check if we support this revision at all */
-    if (efuse_hal_get_major_chip_version() < 3) {
+    if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 300)) {
         return ESP_ERR_NOT_SUPPORTED;
     }
 #endif

diff --git a/components/efuse/include/esp_efuse.h b/components/efuse/include/esp_efuse.h
@@ -741,7 +741,7 @@ esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpo
 esp_err_t esp_efuse_write_keys(const esp_efuse_purpose_t purposes[], uint8_t keys[][32], unsigned number_of_keys);
 
 
-#if CONFIG_ESP32_REV_MIN_3 || !CONFIG_IDF_TARGET_ESP32
+#if CONFIG_ESP32_REV_MIN_FULL >= 300 || !CONFIG_IDF_TARGET_ESP32
 /**
  * @brief Read key digests from efuse. Any revoked/missing digests will be marked as NULL
  *

diff --git a/components/efuse/src/esp_efuse_api_key_esp32.c b/components/efuse/src/esp_efuse_api_key_esp32.c
@@ -233,7 +233,7 @@ esp_err_t esp_efuse_write_keys(const esp_efuse_purpose_t purposes[], uint8_t key
     return err;
 }
 
-#if CONFIG_ESP32_REV_MIN_3
+#if CONFIG_ESP32_REV_MIN_FULL >= 300
 esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *trusted_keys)
 {
     if (trusted_keys == NULL) {
@@ -242,4 +242,4 @@ esp_err_t esp_secure_boot_read_key_digests(ets_secure_boot_key_digests_t *truste
     trusted_keys->key_digests[0] = (const void *)esp_efuse_utility_get_read_register_address(EFUSE_BLK_SECURE_BOOT);
     return ESP_OK;
 }
-#endif // CONFIG_ESP32_REV_MIN_3
+#endif // CONFIG_ESP32_REV_MIN_FULL >= 300
diff --git a/components/esp32/Kconfig b/components/esp32/Kconfig
@@ -13,30 +13,77 @@ menu "ESP32-specific"
         prompt "Minimum Supported ESP32 Revision"
         default ESP32_REV_MIN_0
         help
-            Minimum revision that ESP-IDF would support.
-            ESP-IDF performs different strategy on different esp32 revision.
+            Required minimum chip revision. ESP-IDF will check for it and
+            reject to boot if the chip revision fails the check.
+            This ensures the chip used will have some modifications (features, or bugfixes).
+
+            The complied binary will only support chips above this revision,
+            this will also help to reduce binary size.
 
         config ESP32_REV_MIN_0
-            bool "Rev 0"
+            bool "Rev v0.0 (ECO0)"
         config ESP32_REV_MIN_1
-            bool "Rev 1"
+            bool "Rev v1.0 (ECO1)"
+        config ESP32_REV_MIN_1_1
+            bool "Rev v1.1 (ECO1.1)"
         config ESP32_REV_MIN_2
-            bool "Rev 2"
+            bool "Rev v2.0 (ECO2)"
         config ESP32_REV_MIN_3
-            bool "Rev 3"
+            bool "Rev v3.0 (ECO3)"
+            select ESP_INT_WDT if ESP32_ECO3_CACHE_LOCK_FIX
+        config ESP32_REV_MIN_3_1
+            bool "Rev v3.1 (ECO4)"
             select ESP_INT_WDT if ESP32_ECO3_CACHE_LOCK_FIX
     endchoice
 
     config ESP32_REV_MIN
+        # we keep it for compatibility. Use ESP32_REV_MIN_FULL instead.
         int
         default 0 if ESP32_REV_MIN_0
-        default 1 if ESP32_REV_MIN_1
+        default 1 if ESP32_REV_MIN_1 || ESP32_REV_MIN_1_1
         default 2 if ESP32_REV_MIN_2
-        default 3 if ESP32_REV_MIN_3
+        default 3 if ESP32_REV_MIN_3 || ESP32_REV_MIN_3_1
+
+    config ESP32_REV_MIN_FULL
+        int
+        default 0 if ESP32_REV_MIN_0
+        default 100 if ESP32_REV_MIN_1
+        default 101 if ESP32_REV_MIN_1_1
+        default 200 if ESP32_REV_MIN_2
+        default 300 if ESP32_REV_MIN_3
+        default 301 if ESP32_REV_MIN_3_1
+
+    config ESP_REV_MIN_FULL
+        int
+        default ESP32_REV_MIN_FULL
+
+        #
+        # MAX Revision
+        #
+
+    choice ESP32_REV_MAX_FULL_STR
+        prompt "Maximum Supported ESP32 Revision"
+        config ESP32_REV_MAX_FULL_STR_OPT
+            bool "Rev v3.99"
+    endchoice
+
+    # Maximum revision that IDF supports.
+    # It can not be changed by user.
+    # Only Espressif can change it when a new version will be supported in IDF.
+    # Supports all chips starting from ESP32_REV_MIN_FULL to ESP32_REV_MAX_FULL
+
+    config ESP32_REV_MAX_FULL
+        int
+        default 399
+        # keep in sync the "Maximum Supported Revision" description with this value
+
+    config ESP_REV_MAX_FULL
+        int
+        default ESP32_REV_MAX_FULL
 
     config ESP32_DPORT_WORKAROUND
         bool
-        default "y" if !FREERTOS_UNICORE  && ESP32_REV_MIN < 2
+        default "y" if !FREERTOS_UNICORE  && ESP32_REV_MIN_FULL < 200
 
     choice ESP32_DEFAULT_CPU_FREQ_MHZ
         prompt "CPU frequency"
@@ -131,7 +178,7 @@ menu "ESP32-specific"
 
         config SPIRAM_CACHE_WORKAROUND
             bool "Enable workaround for bug in SPI RAM cache for Rev1 ESP32s"
-            depends on (SPIRAM_USE_MEMMAP || SPIRAM_USE_CAPS_ALLOC || SPIRAM_USE_MALLOC) && (ESP32_REV_MIN < 3)
+            depends on (SPIRAM_USE_MEMMAP || SPIRAM_USE_CAPS_ALLOC || SPIRAM_USE_MALLOC) && (ESP32_REV_MIN_FULL < 300)
             default "y"
             help
                 Revision 1 of the ESP32 has a bug that can cause a write to PSRAM not to take place in some situations
@@ -654,7 +701,7 @@ menu "ESP32-specific"
     choice ESP32_RTC_EXT_CRYST_ADDIT_CURRENT_METHOD
         prompt "Additional current for external 32kHz crystal"
         depends on ESP32_RTC_CLK_SRC_EXT_CRYS
-        depends on ESP32_REV_MIN <= 1
+        depends on ESP32_REV_MIN_FULL < 200
         default ESP32_RTC_EXT_CRYST_ADDIT_CURRENT_NONE
         help
             With some 32kHz crystal configurations, the X32N and X32P pins may not have enough