bootloader: Add support of anti-rollback

Added: * set a secure version in app/bootloader. * description anti-rollback to ota part * emulate the secure_version write and read operations * efuse_em partition. * a description about a rollback for native_ota_example. Closes: TW26335
2025-08-10 04:43:33 +00:00 · 2019-02-13 17:32:23 +08:00
parent 985e1c4c7f
commit e916cf52a3
22 changed files with 635 additions and 40 deletions
--- a/components/esp32/cpu_start.c
+++ b/components/esp32/cpu_start.c
@@ -186,7 +186,7 @@ void IRAM_ATTR call_start_cpu0()
        ESP_EARLY_LOGI(TAG, "App version:      %s", app_desc->version);
 #endif
 #ifdef CONFIG_APP_SECURE_VERSION
-        ESP_EARLY_LOGI(TAG, "Secure version:   %x", app_desc->secure_version);
+        ESP_EARLY_LOGI(TAG, "Secure version:   %d", app_desc->secure_version);
 #endif
 #ifdef CONFIG_APP_COMPILE_TIME_DATE
        ESP_EARLY_LOGI(TAG, "Compile time:     %s", app_desc->time);
@@ -514,6 +514,12 @@ static void main_task(void* args)
    // Now that the application is about to start, disable boot watchdog
 #ifndef CONFIG_BOOTLOADER_WDT_DISABLE_IN_USER_CODE
    rtc_wdt_disable();
+#endif
+#ifdef CONFIG_EFUSE_SECURE_VERSION_EMULATE
+    const esp_partition_t *efuse_partition = esp_partition_find_first(ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_DATA_EFUSE_EM, NULL);
+    if (efuse_partition) {
+        esp_efuse_init(efuse_partition->address, efuse_partition->size);
+    }
 #endif
    app_main();
    vTaskDelete(NULL);
--- a/components/esp32/esp_err_to_name.c
+++ b/components/esp32/esp_err_to_name.c
@@ -224,6 +224,22 @@ static const esp_err_msg_t esp_err_msg_table[] = {
 #   endif
 #   ifdef      ESP_ERR_OTA_VALIDATE_FAILED
    ERR_TBL_IT(ESP_ERR_OTA_VALIDATE_FAILED),                /*  5379 0x1503 Error if OTA app image is invalid */
+#   endif
+#   ifdef      ESP_ERR_OTA_SMALL_SEC_VER
+    ERR_TBL_IT(ESP_ERR_OTA_SMALL_SEC_VER),                  /*  5380 0x1504 Error if the firmware has a secure version
+                                                                            less than the running firmware. */
+#   endif
+#   ifdef      ESP_ERR_OTA_ROLLBACK_FAILED
+    ERR_TBL_IT(ESP_ERR_OTA_ROLLBACK_FAILED),                /*  5381 0x1505 Error if flash does not have valid firmware
+                                                                            in passive partition and hence rollback is
+                                                                            not possible */
+#   endif
+#   ifdef      ESP_ERR_OTA_ROLLBACK_INVALID_STATE
+    ERR_TBL_IT(ESP_ERR_OTA_ROLLBACK_INVALID_STATE),         /*  5382 0x1506 Error if current active firmware is still
+                                                                            marked in pending validation state
+                                                                            (ESP_OTA_IMG_PENDING_VERIFY), essentially
+                                                                            first boot of firmware image post upgrade
+                                                                            and hence firmware upgrade is not possible */
 #   endif
    // components/bootloader_support/include/esp_image_format.h
 #   ifdef      ESP_ERR_IMAGE_BASE
--- a/components/esp32/include/esp_flash_data_types.h
+++ b/components/esp32/include/esp_flash_data_types.h
@@ -72,6 +72,7 @@ typedef struct {
 #define PART_SUBTYPE_DATA_RF  0x01
 #define PART_SUBTYPE_DATA_WIFI 0x02
 #define PART_SUBTYPE_DATA_NVS_KEYS 0x04
+#define PART_SUBTYPE_DATA_EFUSE_EM 0x05

 #define PART_TYPE_END 0xff
 #define PART_SUBTYPE_END 0xff