Commit 84da51b6 authored by Almir Okato's avatar Almir Okato Committed by Gustavo Henrique Nihei
Browse files

espressif: add downgrade prevention feature 



Signed-off-by: default avatarAlmir Okato <almir.okato@espressif.com>
parent 421730e8

boot/espressif/hal/include/mcuboot_config/mcuboot_config.h

+12 −0
Original line number Diff line number Diff line
@@ -84,6 +84,18 @@ 
 */

#define MCUBOOT_VALIDATE_PRIMARY_SLOT



#ifdef CONFIG_ESP_DOWNGRADE_PREVENTION

#define MCUBOOT_DOWNGRADE_PREVENTION 1

/* MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER is used later as bool value so it is

 * always defined, (unlike MCUBOOT_DOWNGRADE_PREVENTION which is only used in

 * preprocessor condition and my be not defined) */

#  ifdef CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER

#    define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 1

#  else

#    define MCUBOOT_DOWNGRADE_PREVENTION_SECURITY_COUNTER 0

#  endif

#endif



/*

 * Flash abstraction

 */

boot/espressif/port/esp32/bootloader.conf

+6 −0
Original line number Diff line number Diff line
@@ -12,6 +12,12 @@ CONFIG_ESP_MCUBOOT_WDT_ENABLE=y 
CONFIG_ESP_SCRATCH_OFFSET=0x210000

CONFIG_ESP_SCRATCH_SIZE=0x40000



# When enabled, prevents updating image to an older version

# CONFIG_ESP_DOWNGRADE_PREVENTION=y

# This option makes downgrade prevention rely also on security

# counter (defined using imgtool) instead of only image version

# CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=y



# Enables the MCUboot Serial Recovery, that allows the use of

# MCUMGR to upload a firmware through the serial port

# CONFIG_ESP_MCUBOOT_SERIAL=y

boot/espressif/port/esp32c3/bootloader.conf

+6 −0
Original line number Diff line number Diff line
@@ -12,6 +12,12 @@ CONFIG_ESP_MCUBOOT_WDT_ENABLE=y 
CONFIG_ESP_SCRATCH_OFFSET=0x210000

CONFIG_ESP_SCRATCH_SIZE=0x40000



# When enabled, prevents updating image to an older version

# CONFIG_ESP_DOWNGRADE_PREVENTION=y

# This option makes downgrade prevention rely also on security

# counter (defined using imgtool) instead of only image version

# CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=y



# Enables the MCUboot Serial Recovery, that allows the use of

# MCUMGR to upload a firmware through the serial port

# CONFIG_ESP_MCUBOOT_SERIAL=y

boot/espressif/port/esp32s2/bootloader.conf

+6 −0
Original line number Diff line number Diff line
@@ -12,6 +12,12 @@ CONFIG_ESP_MCUBOOT_WDT_ENABLE=y 
CONFIG_ESP_SCRATCH_OFFSET=0x210000

CONFIG_ESP_SCRATCH_SIZE=0x40000



# When enabled, prevents updating image to an older version

# CONFIG_ESP_DOWNGRADE_PREVENTION=y

# This option makes downgrade prevention rely also on security

# counter (defined using imgtool) instead of only image version

# CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=y



# Enables the MCUboot Serial Recovery, that allows the use of

# MCUMGR to upload a firmware through the serial port

# CONFIG_ESP_MCUBOOT_SERIAL=y

boot/espressif/port/esp32s3/bootloader.conf

+6 −0
Original line number Diff line number Diff line
@@ -12,6 +12,12 @@ CONFIG_ESP_MCUBOOT_WDT_ENABLE=y 
CONFIG_ESP_SCRATCH_OFFSET=0x210000

CONFIG_ESP_SCRATCH_SIZE=0x40000



# When enabled, prevents updating image to an older version

# CONFIG_ESP_DOWNGRADE_PREVENTION=y

# This option makes downgrade prevention rely also on security

# counter (defined using imgtool) instead of only image version

# CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=y



# Enables multi image, if it is not defined, it is assumed

# only one updatable image

# CONFIG_ESP_IMAGE_NUMBER=2

CRA Git | Maintained and supported by SUSTech CRA and CCSE