Add chip revision into image header

Check chip id and chip revision before boot app image Closes https://github.com/espressif/esp-idf/issues/4000
2025-08-30 13:56:36 +00:00 · 2019-09-16 11:47:23 +08:00
parent a06b88d7f6
commit 0af56e2815
12 changed files with 78 additions and 16 deletions
--- a/components/bootloader_support/src/bootloader_common.c
+++ b/components/bootloader_support/src/bootloader_common.c
@@ -33,6 +33,7 @@
 #include "esp_image_format.h"
 #include "bootloader_sha.h"
 #include "sys/param.h"
+#include "esp_efuse.h"

 #define ESP_PARTITION_HASH_LEN 32 /* SHA-256 digest length */

@@ -275,3 +276,23 @@ void bootloader_common_vddsdio_configure()
    }
 #endif // CONFIG_BOOTLOADER_VDDSDIO_BOOST
 }
+
+esp_err_t bootloader_common_check_chip_validity(const esp_image_header_t* img_hdr)
+{
+    esp_err_t err = ESP_OK;
+    esp_chip_id_t chip_id = CONFIG_IDF_FIRMWARE_CHIP_ID;
+    if (chip_id != img_hdr->chip_id) {
+        ESP_LOGE(TAG, "image has invalid chip ID, expected at least %d, found %d", chip_id, img_hdr->chip_id);
+        err = ESP_FAIL;
+    }
+    uint8_t revision = esp_efuse_get_chip_ver();
+    if (revision < img_hdr->min_chip_rev) {
+        ESP_LOGE(TAG, "image has invalid chip revision, expected at least %d, found %d", revision, img_hdr->min_chip_rev);
+        err = ESP_FAIL;
+    } else if (revision != img_hdr->min_chip_rev) {
+        ESP_LOGI(TAG, "This chip is revision %d but project was configured for minimum revision %d. "\
+                 "Suggest setting project minimum revision to %d if safe to do so.",
+                 revision, img_hdr->min_chip_rev, revision);
+    }
+    return err;
+}
--- a/components/bootloader_support/src/bootloader_init.c
+++ b/components/bootloader_support/src/bootloader_init.c
@@ -40,6 +40,7 @@
 #include "soc/rtc_wdt.h"

 #include "sdkconfig.h"
+#include "esp_efuse.h"
 #include "esp_image_format.h"
 #include "esp_secure_boot.h"
 #include "esp_flash_encrypt.h"
@@ -126,6 +127,14 @@ static esp_err_t bootloader_main()
        ESP_LOGE(TAG, "failed to load bootloader header!");
        return ESP_FAIL;
    }
+
+    /* Check chip ID and minimum chip revision that supported by this image */
+    uint8_t revision = esp_efuse_get_chip_ver();
+    ESP_LOGI(TAG, "Chip Revision: %d", revision);
+    if (bootloader_common_check_chip_validity(&fhdr) != ESP_OK) {
+        return ESP_FAIL;
+    }
+
    bootloader_init_flash_configure(&fhdr);
 #if (CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ == 240)
    //Check if ESP32 is rated for a CPU frequency of 160MHz only
--- a/components/bootloader_support/src/esp_image_format.c
+++ b/components/bootloader_support/src/esp_image_format.c
@@ -24,6 +24,7 @@
 #include <bootloader_random.h>
 #include <bootloader_sha.h>
 #include "bootloader_util.h"
+#include "bootloader_common.h"

 /* Checking signatures as part of verifying images is necessary:
   - Always if secure boot is enabled
@@ -280,6 +281,9 @@ static esp_err_t verify_image_header(uint32_t src_addr, const esp_image_header_t
        }
        err = ESP_ERR_IMAGE_INVALID;
    }
+    if (bootloader_common_check_chip_validity(image) != ESP_OK) {
+        err = ESP_ERR_IMAGE_INVALID;
+    }
    if (!silent) {
        if (image->spi_mode > ESP_IMAGE_SPI_MODE_SLOW_READ) {
            ESP_LOGW(TAG, "image at 0x%x has invalid SPI mode %d", src_addr, image->spi_mode);