Initially, ESP-IDF used the do_global_ctors() function to run global
constructors. This was done to accommodate Xtensa targets that emit
.ctors.* sections, which are ordered in descending order.
For RISC-V, compilation used .init_array.* sections, which are designed
to have ascending order. Priority constructors in .init_array.* sections
were correctly processed in ascending order. However, non-priority
.init_array section was processed in descending order, as it was done
for Xtensa .ctors.
Starting with ESP-IDF v6.0, the implementation switched to the standard
LibC behavior (__libc_init_array()), which processes both priority and
non-priority constructors in ascending order.
To achieve this, a breaking changes were introduced:
- Xtensa .ctors.* priority entries converted to .init_array.* format
(ascending), to be passed to __libc_init_array().
- Processing order of non-priority .init_array and .ctors sections was
changed from descending to ascending.
Also, this change introduces .preinit_array for linking. This may be
needed for some C++ or sanitizer features.
Related to https://github.com/espressif/esp-idf/issues/15529
Similar to how the secondary init functions were already registered
via ESP_SYSTEM_INIT_FN, do the same for the core init functions.
This MR doesn't actually move the init functions into respective
components yet. This has to be carefully done in follow-up MRs.
In ESP32-H2, the ECDSA peripheral by default uses the TRNG (hardware)
generated k value but it can be overridden to software supplied k.
This can happen through by overriding the `ECDSA_SOFTWARE_SET_K` bit
in the configuration register. Even though the HAL API is not exposed
for this but still it could be achieved by direct register
programming. And for this scenario, if sufficiently random k is not
supplied by the software then it could posses a security risk.
In this change, we are unconditionally programming the efuse
`ESP_EFUSE_ECDSA_FORCE_USE_HARDWARE_K` bit during startup security
checks itself. Additionally, same is ensured in the `esp_efuse_write_key`
API as well. This always enforces the hardware k mode in the ECDSA
peripheral and ensures strongest possible security.
For cases where the bootloader is not enabled with the security features
ends up receiving an incorrect application with flash encryption enabled
should not really program any security efuses.
In the startup sequence, we first used to program the ROM DL mode
configuration but now we check for the flash encryption related checks
first. If the flash encryption related checks finds that flash
encryption is not enabled on the device then it aborts the boot process.
This is the case with `CONFIG_SECURE_FLASH_CHECK_ENC_EN_IN_APP` enabled.
This would at-least ensure that accidental program of security enabled
application does not really program any ROM DL mode efuses and there is
chance to recover the device.
sizeof(time_t) was previously switched from 4 to 8, ROM functions that use
time_t or dependent types (such as "struct stat") are no longer called due as
they still treat sizeof(time_t) as 4 (see commit
24c20d188e).
However, there is a ROM callpath that was left out. If putchar is the first
stdio print related call, the call path will result in cantwrite() ->
__swsetup_r() -> __smakebuf_r() -> __swhatbuf_r() using the ROM "struct stat"
(where sizeof(time_t)==4).
Instead of removing all printf related ROM newlib functions (which will result
in increased binary size), this commit adds a workaround to setup the stdio
files before any print related calls occur.
This results in cantwrite() always returning false, thus the callpath described
above never being reached.
Closes https://github.com/espressif/esp-idf/issues/9269
Functions used for burning this efuse would log, but at this point
esp_log is not initialized. Moved to a later point in the startup process.
Closes https://github.com/espressif/esp-idf/issues/9457
This commit marks all functions in interrupt_controller_hal.h, cpu_ll.h and cpu_hal.h as deprecated.
Users should use functions from esp_cpu.h instead.
* Some components have initialization dependencies. To account for
them, simple numeric priority values are introduced.
* esp_system_init_fn_array moved into Flash from DRAM
* System init functions defined using ESP_SYSTEM_INIT_FN now return
an error code. This enables simpler and more consistent error
handling in the init functions. Returning an error from an init
function is now a valid approach — the startup code will print
an error and abort.
Moved the following kconfig options out of the target component:
* ESP32_X_BROWNOUT_* -> esp_system
* ESP32_X_DEBUG_OCDAWARE -> esp_system
* APP_NO_BLOBS -> build type (main kconfig)
* This function has been accidentally removed.
It is necessary to provide the emergency
exception memory pool size for C++ code.
Since our libstdc++ always has exceptions
enabled, this function must exist here even if
-fno-exception is set for user code.
