This commit renames all registers in xtensa/specreg.h to by adding the
prefix XT_REG_. This is done to avoid naming collisions with similar
variable names. A new register file, viz., xt_specreg.h is created. The
previous names are still available to use but have been deprecated.
Closes https://github.com/espressif/esp-idf/issues/12723
Merges https://github.com/espressif/esp-idf/pull/16040
This change addresses a rare but critical issue observed on certain
ESP32-C3 and ESP32-S3 devices, where secure boot verification
intermittently fails due to improper cleanup of crypto peripherals
during a restart.
Background – Restart Behavior in IDF
------------------------------------
In ESP-IDF, when the device restarts (via `esp_restart()` or due to a
panic/exception), a partial peripheral reset is performed followed by a
CPU reset. However, until now, crypto-related peripherals were not
included in this selective reset sequence.
Problem Scenario
----------------
If a restart occurs while the application is in the middle of a bignum
operation (i.e., using the MPI/Bignum peripheral), the ROM code may
encounter an inconsistent peripheral state during the subsequent boot.
This leads to transient RSA-PSS secure boot verification failures.
Following such a failure, the ROM typically triggers a full-chip reset
via the watchdog timer (WDT). This full reset clears the crypto
peripheral state, allowing secure boot verification to succeed on the
next boot.
Risk with Aggressive Revocation
-------------------------------
If secure boot aggressive revocation is enabled (disabled by default in
IDF), this transient verification failure could mistakenly lead to
revocation of the secure boot digest.
If your product configuration has aggressive revocation enabled,
applying this fix is strongly recommended.
Frequency of Occurrence
-----------------------
The issue is rare and only occurs in corner cases involving
simultaneous use of the MPI peripheral and an immediate CPU reset.
Fix
---
This fix ensures that all crypto peripherals are explicitly reset prior
to any software-triggered restart (including panic scenarios),
guaranteeing a clean peripheral state for the next boot and preventing
incorrect secure boot behavior.
Updated S3 to use PMS protection for writing to flash through cache. This means we get
a panic quicker for this illegal behavior than we did before, making the source of the error
easier to track down.
This commit updates updates the LLs of USB WRAP and USJ as follows:
- Added missing 'usb_wrap_ll.h' and 'usb_serial_jtag_ll.h' for the ESP32-P4
- Added LL cap macros to distinguish feature differences between the LLs of
different targets:
- '..._LL_EXT_PHY_SUPPORTED' indicates whether the USB WRAP/USJ supports
routing to an external FSLS PHY.
- '..._LL_SWAP_PHY_SUPPORTED' indicates whether the USB WRAP/USJ supports
swapping between multiple internal FSLS PHYs.
- Tidied up some RCC LL functions and their callers.
- Added 'usb_wrap_types.h' and 'usb_serial_jtag_types.h' to provide types used
in LLs.
- Fixed some spelling/naming issues as part of code-spell pre-commit
For targets that only contain a USJ peripheral (and not a DWC OTG), their
'usb_fsls_phy_ll.h' headers only contain a single function
('usb_fsls_phy_ll_int_jtag_enable()') whose feature is already covered by
functions in 'usb_serial_jtag_ll.h'. Thus, this header is redundant.
This commit does the following:
- Remove 'usb_fsls_phy_ll.h' for targets that only contain a USJ peripheral
- Rename 'usb_fsls_phy_[hal|ll].[h|c]' to `usb_wrap_[hal|ll].[h|c]` for targets
that contain a DWC OTG peripheral. This better reflects the underlying peripheral
that the LL header accesses.
This commit deprecates the "freertos/xtensa_context.h" and "xtensa/xtensa_context.h"
include paths. Users should use "xtensa_context.h" instead.
- Replace legacy include paths
- Removed some unnecessary includes of "xtensa_api.h"
- Add warning to compatibility header
This commit deprecates the "freertos/xtensa_api.h" and "xtensa/xtensa_api.h"
include paths. Users should use "xtensa_api.h" instead.
- Replace legacy include paths
- Removed some unnecessary includes of "xtensa_api.h"
- Replaced some calls with "esp_cpu_..." equivalents
- Add warning to compatibility header
If the TimerGroup 0 clock is disabled and then reenabled, the watchdog
registers (Flashboot protection included) will be re-enabled, and some
seconds later, will trigger an unintended reset.
Signed-off-by: Gustavo Henrique Nihei <gustavo.nihei@espressif.com>
1. Remove RTC_CLOCK_BBPLL_POWER_ON_WITH_USB Kconfig option
During sleep, BBPLL clock always gets disabled
esp_restart does not disable BBPLL clock, so that first stage bootloader log can be printed
2. Add a new Kconfig option PM_NO_AUTO_LS_ON_USJ_CONNECTED
When this option is selected, IDF will constantly monitor USB CDC port connection status.
As long as it gets connected to a HOST, automatic light-sleep will not happen.
Closes https://github.com/espressif/esp-idf/issues/8507
Spinlocks themselves do not constitute critical sections as after a spinlock is acquired, interrupts
can remain enabled. However, there are some places where spinlocks are used direclty instead of using
the portMUX_TYPE and portENTER_CRITICAL_...() APIs. This commit fixes those calls.
This commit marks all functions in interrupt_controller_hal.h, cpu_ll.h and cpu_hal.h as deprecated.
Users should use functions from esp_cpu.h instead.
1. Rename MACROs SYSTEM_WIFI_RST_EN register bit fields to be more recognizable
2. reset Bluetooth baseband and clock bits to fix the issue of task watchdog triggered during controller initialization due to invalid hardware state
This commit makes changes to cpu_ll.h, cpu_hal.h, and interrupt_controller_hal.h:
- Moved to esp_hw_support in order to be deprecated in the future
- HAL/LL API now route their calls to esp_cpu.h functions instead
Also updated soc_hal.h as follows:
- Removed __SOC_HAL_..._OTHER_CORES() macros as they dependend on cpu_hal.h
- Made soc_hal.h and soc_ll.h interfaces always inline, and removed soc_hal.c.
This commit also updates the XCHAL_ERRATUM_572 workaround by
- Removing it's HAL function and invoking the workaround it directly the bootloader
- Added missing workaround for the ESP32-S3
