From 25f2dc20775de8a15672687169f0191074600b1f Mon Sep 17 00:00:00 2001 From: Gustavo Henrique Nihei Date: Thu, 30 Dec 2021 11:51:03 -0300 Subject: [PATCH] risc-v/esp32c3: Enable the creation of encrypted Flash partitions Signed-off-by: Gustavo Henrique Nihei --- arch/risc-v/src/esp32c3/Kconfig | 10 +++++ .../risc-v/src/esp32c3/esp32c3_spiflash_mtd.c | 37 +++++++++++++------ .../risc-v/src/esp32c3/esp32c3_spiflash_mtd.h | 5 ++- boards/risc-v/esp32c3/esp32c3-devkit/Kconfig | 5 +++ .../esp32c3-devkit/src/esp32c3_spiflash.c | 27 ++++++++++++-- 5 files changed, 69 insertions(+), 15 deletions(-) diff --git a/arch/risc-v/src/esp32c3/Kconfig b/arch/risc-v/src/esp32c3/Kconfig index 7b3cdd1719..1e0b498eb7 100644 --- a/arch/risc-v/src/esp32c3/Kconfig +++ b/arch/risc-v/src/esp32c3/Kconfig @@ -778,6 +778,11 @@ config ESP32C3_WIFI_FS_MOUNTPT ---help--- Mount point of Wi-Fi storage file system. +config ESP32C3_WIFI_MTD_ENCRYPT + bool "Encrypt Wi-Fi MTD partition" + default y + depends on ESP32C3_SECURE_FLASH_ENC_ENABLED + config ESP32C3_WIFI_MTD_OFFSET hex "Wi-Fi MTD partition offset" default 0x280000 if !ESP32C3_HAVE_OTA_PARTITION @@ -891,6 +896,11 @@ if ESP32C3_HAVE_OTA_PARTITION comment "Application Image OTA Update support" +config ESP32C3_OTA_PARTITION_ENCRYPT + bool "Encrypt OTA partitions" + default y + depends on ESP32C3_SECURE_FLASH_ENC_ENABLED + config ESP32C3_OTA_PRIMARY_SLOT_OFFSET hex "Application image primary slot offset" default 0x10000 diff --git a/arch/risc-v/src/esp32c3/esp32c3_spiflash_mtd.c b/arch/risc-v/src/esp32c3/esp32c3_spiflash_mtd.c index c9933f7c69..68dc75d791 100644 --- a/arch/risc-v/src/esp32c3/esp32c3_spiflash_mtd.c +++ b/arch/risc-v/src/esp32c3/esp32c3_spiflash_mtd.c @@ -691,30 +691,40 @@ static int esp32c3_ioctl(struct mtd_dev_s *dev, int cmd, * Name: esp32c3_spiflash_alloc_mtdpart * * Description: - * Allocate SPI Flash MTD. + * Allocate an MTD partition from the ESP32-C3 SPI Flash. * * Input Parameters: - * None + * mtd_offset - MTD Partition offset from the base address in SPI Flash. + * mtd_size - Size for the MTD partition. + * encrypted - Flag indicating whether the newly allocated partition will + * have its content encrypted. * * Returned Value: - * SPI Flash MTD data pointer if success or NULL if fail. + * ESP32-C3 SPI Flash MTD data pointer if success or NULL if fail. * ****************************************************************************/ struct mtd_dev_s *esp32c3_spiflash_alloc_mtdpart(uint32_t mtd_offset, - uint32_t mtd_size) + uint32_t mtd_size, + bool encrypted) { - struct esp32c3_mtd_dev_s *priv = - (struct esp32c3_mtd_dev_s *)&g_esp32c3_spiflash; - const esp32c3_spiflash_chip_t *chip = &(*priv->data)->chip; + const struct esp32c3_mtd_dev_s *priv; + const esp32c3_spiflash_chip_t *chip; struct mtd_dev_s *mtd_part; uint32_t blocks; uint32_t startblock; uint32_t size; - ASSERT((mtd_offset + mtd_size) <= chip->chip_size); - ASSERT((mtd_offset % chip->sector_size) == 0); - ASSERT((mtd_size % chip->sector_size) == 0); + if (encrypted) + { + priv = &g_esp32c3_spiflash_encrypt; + } + else + { + priv = &g_esp32c3_spiflash; + } + + chip = &(*priv->data)->chip; finfo("ESP32-C3 SPI Flash information:\n"); finfo("\tID = 0x%" PRIx32 "\n", chip->device_id); @@ -724,6 +734,10 @@ struct mtd_dev_s *esp32c3_spiflash_alloc_mtdpart(uint32_t mtd_offset, finfo("\tSector size = %" PRId32 " KB\n", chip->sector_size / 1024); finfo("\tBlock size = %" PRId32 " KB\n", chip->block_size / 1024); + ASSERT((mtd_offset + mtd_size) <= chip->chip_size); + ASSERT((mtd_offset % chip->sector_size) == 0); + ASSERT((mtd_size % chip->sector_size) == 0); + if (mtd_size == 0) { size = chip->chip_size - mtd_offset; @@ -739,7 +753,8 @@ struct mtd_dev_s *esp32c3_spiflash_alloc_mtdpart(uint32_t mtd_offset, startblock = MTD_SIZE2BLK(priv, mtd_offset); blocks = MTD_SIZE2BLK(priv, size); - mtd_part = mtd_partition(&priv->mtd, startblock, blocks); + mtd_part = mtd_partition((struct mtd_dev_s *)&priv->mtd, startblock, + blocks); if (!mtd_part) { ferr("ERROR: Failed to create MTD partition\n"); diff --git a/arch/risc-v/src/esp32c3/esp32c3_spiflash_mtd.h b/arch/risc-v/src/esp32c3/esp32c3_spiflash_mtd.h index 3c3a261307..1d0700ac93 100644 --- a/arch/risc-v/src/esp32c3/esp32c3_spiflash_mtd.h +++ b/arch/risc-v/src/esp32c3/esp32c3_spiflash_mtd.h @@ -87,6 +87,8 @@ struct mtd_dev_s *esp32c3_spiflash_encrypt_mtd(void); * Input Parameters: * mtd_offset - MTD Partition offset from the base address in SPI Flash. * mtd_size - Size for the MTD partition. + * encrypted - Flag indicating whether the newly allocated partition will + * have its content encrypted. * * Returned Value: * SPI Flash MTD data pointer if success or NULL if fail. @@ -94,7 +96,8 @@ struct mtd_dev_s *esp32c3_spiflash_encrypt_mtd(void); ****************************************************************************/ struct mtd_dev_s *esp32c3_spiflash_alloc_mtdpart(uint32_t mtd_offset, - uint32_t mtd_size); + uint32_t mtd_size, + bool encrypted); #ifdef __cplusplus } diff --git a/boards/risc-v/esp32c3/esp32c3-devkit/Kconfig b/boards/risc-v/esp32c3/esp32c3-devkit/Kconfig index 0a8b03b6ab..1712a030b5 100644 --- a/boards/risc-v/esp32c3/esp32c3-devkit/Kconfig +++ b/boards/risc-v/esp32c3/esp32c3-devkit/Kconfig @@ -50,6 +50,11 @@ config ESP32C3_MERGE_BINS This is only useful when the path to binary files (e.g. bootloader) is provided via the ESPTOOL_BINDIR variable. +config ESP32C3_STORAGE_MTD_ENCRYPT + bool "Encrypt Storage MTD partition" + default y + depends on ESP32C3_SECURE_FLASH_ENC_ENABLED + config ESP32C3_STORAGE_MTD_OFFSET hex "Storage MTD base address in SPI Flash" default 0x180000 if !ESP32C3_HAVE_OTA_PARTITION diff --git a/boards/risc-v/esp32c3/esp32c3-devkit/src/esp32c3_spiflash.c b/boards/risc-v/esp32c3/esp32c3-devkit/src/esp32c3_spiflash.c index 5ca5874375..0c244bd774 100644 --- a/boards/risc-v/esp32c3/esp32c3-devkit/src/esp32c3_spiflash.c +++ b/boards/risc-v/esp32c3/esp32c3-devkit/src/esp32c3_spiflash.c @@ -52,6 +52,24 @@ #define ARRAYSIZE(x) (sizeof((x)) / sizeof((x)[0])) +#ifdef CONFIG_ESP32C3_OTA_PARTITION_ENCRYPT +# define OTA_ENCRYPT true +#else +# define OTA_ENCRYPT false +#endif + +#ifdef CONFIG_ESP32C3_WIFI_MTD_ENCRYPT +# define WIFI_ENCRYPT true +#else +# define WIFI_ENCRYPT false +#endif + +#ifdef CONFIG_ESP32C3_STORAGE_MTD_ENCRYPT +# define STORAGE_ENCRYPT true +#else +# define STORAGE_ENCRYPT false +#endif + /**************************************************************************** * Private Types ****************************************************************************/ @@ -130,7 +148,8 @@ static int init_ota_partitions(void) for (int i = 0; i < ARRAYSIZE(g_ota_partition_table); ++i) { const struct ota_partition_s *part = &g_ota_partition_table[i]; - mtd = esp32c3_spiflash_alloc_mtdpart(part->offset, part->size); + mtd = esp32c3_spiflash_alloc_mtdpart(part->offset, part->size, + OTA_ENCRYPT); ret = ftl_initialize(i, mtd); if (ret < 0) @@ -370,7 +389,8 @@ static int init_wifi_partition(void) FAR struct mtd_dev_s *mtd; mtd = esp32c3_spiflash_alloc_mtdpart(CONFIG_ESP32C3_WIFI_MTD_OFFSET, - CONFIG_ESP32C3_WIFI_MTD_SIZE); + CONFIG_ESP32C3_WIFI_MTD_SIZE, + WIFI_ENCRYPT); if (!mtd) { ferr("ERROR: Failed to alloc MTD partition of SPI Flash\n"); @@ -434,7 +454,8 @@ static int init_storage_partition(void) FAR struct mtd_dev_s *mtd; mtd = esp32c3_spiflash_alloc_mtdpart(CONFIG_ESP32C3_STORAGE_MTD_OFFSET, - CONFIG_ESP32C3_STORAGE_MTD_SIZE); + CONFIG_ESP32C3_STORAGE_MTD_SIZE, + STORAGE_ENCRYPT); if (!mtd) { ferr("ERROR: Failed to alloc MTD partition of SPI Flash\n");