Merge branch 'feature/secure_features_are_enabled_correctly' into 'ma…

…ster'

security: Adds new APIs to check that all eFuse security features are enabled correctly

Closes IDF-1814

See merge request espressif/esp-idf!19532

components/bootloader_support/include/esp_flash_encrypt.h

@@ -8,6 +8,7 @@
 #include <stdbool.h>
 #include "esp_attr.h"
 #include "esp_err.h"
+#include "soc/soc_caps.h"
 #ifndef BOOTLOADER_BUILD
 #include "spi_flash_mmap.h"
 #endif
@@ -184,6 +185,19 @@ void esp_flash_encryption_init_checks(void);
  */
 esp_err_t esp_flash_encryption_enable_secure_features(void);
 
+/** @brief Returns the verification status for all physical security features of flash encryption in release mode
+ *
+ * If the device has flash encryption feature configured in the release mode,
+ * then it is highly recommended to call this API in the application startup code.
+ * This API verifies the sanity of the eFuse configuration against
+ * the release (production) mode of the flash encryption feature.
+ *
+ * @return
+ *  - True - all eFuses are configured correctly
+ *  - False - not all eFuses are configured correctly.
+ */
+bool esp_flash_encryption_cfg_verify_release_mode(void);
+
 /** @brief Switches Flash Encryption from "Development" to "Release"
  *
  * If already in "Release" mode, the function will do nothing.

components/bootloader_support/include/esp_secure_boot.h

@@ -269,6 +269,19 @@ esp_err_t esp_secure_boot_get_signature_blocks_for_running_app(bool digest_publi
  */
 esp_err_t esp_secure_boot_enable_secure_features(void);
 
+/** @brief Returns the verification status for all physical security features of secure boot in release mode
+ *
+ * If the device has secure boot feature configured in the release mode,
+ * then it is highly recommended to call this API in the application startup code.
+ * This API verifies the sanity of the eFuse configuration against
+ * the release (production) mode of the secure boot feature.
+ *
+ * @return
+ *  - True - all eFuses are configured correctly
+ *  - False - not all eFuses are configured correctly.
+ */
+bool esp_secure_boot_cfg_verify_release_mode(void);
+
 #ifdef __cplusplus
 }
 #endif

components/bootloader_support/src/esp32c2/secure_boot_secure_features.c

@@ -45,5 +45,17 @@ esp_err_t esp_secure_boot_enable_secure_features(void)
 
     esp_efuse_write_field_bit(ESP_EFUSE_SECURE_BOOT_EN);
 
+#ifndef CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS
+    // Secure boot and Flash encryption share one eFuse key block so they can not be set separately.
+    // CONFIG_SECURE_BOOT_FLASH_ENC_KEYS_BURN_TOGETHER option is used to burn SB and FE at the same time.
+    // SB key is readable, the corresponding bit in RD_DIS is unset.
+    //   We set write-protection for RD_DIS to ensure that the SB key is always readable.
+    // FE key is read-protected, the corresponding bit in RD_DIS is set.
+    ESP_LOGI(TAG, "Prevent read disabling of additional efuses...");
+    esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_RD_DIS);
+#else
+    ESP_LOGW(TAG, "Allowing read disabling of additional efuses - SECURITY COMPROMISED");
+#endif
+
     return ESP_OK;
 }

components/bootloader_support/src/flash_encrypt.c

@@ -218,3 +218,206 @@ void esp_flash_encryption_set_release_mode(void)
     }
     ESP_LOGI(TAG, "Flash encryption mode is RELEASE");
 }
+
+#ifdef CONFIG_IDF_TARGET_ESP32
+bool esp_flash_encryption_cfg_verify_release_mode(void)
+{
+    bool result = false;
+    bool secure;
+
+    secure = esp_flash_encryption_enabled();
+    result = secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not enabled Flash Encryption (FLASH_CRYPT_CNT->1 or max)");
+    }
+
+    uint8_t crypt_config = 0;
+    esp_efuse_read_field_blob(ESP_EFUSE_ENCRYPT_CONFIG, &crypt_config, 4);
+    if (crypt_config != EFUSE_FLASH_CRYPT_CONFIG) {
+        result &= false;
+        ESP_LOGW(TAG, "ENCRYPT_CONFIG must be set 0xF (set ENCRYPT_CONFIG->0xF)");
+    }
+
+    uint8_t flash_crypt_cnt = 0;
+    esp_efuse_read_field_blob(ESP_EFUSE_FLASH_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count);
+    if (flash_crypt_cnt != (1 << (ESP_EFUSE_FLASH_CRYPT_CNT[0]->bit_count)) - 1) {
+        if (!esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT)) {
+            result &= false;
+            ESP_LOGW(TAG, "Not release mode of Flash Encryption (set FLASH_CRYPT_CNT->max or WR_DIS_FLASH_CRYPT_CNT->1)");
+        }
+    }
+
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled UART bootloader encryption (set DISABLE_DL_ENCRYPT->1)");
+    }
+
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled UART bootloader decryption (set DISABLE_DL_DECRYPT->1)");
+    }
+
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_DL_CACHE);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled UART bootloader MMU cache (set DISABLE_DL_CACHE->1)");
+    }
+
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_JTAG);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled JTAG (set DISABLE_JTAG->1)");
+    }
+
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_CONSOLE_DEBUG_DISABLE);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled ROM BASIC interpreter fallback (set CONSOLE_DEBUG_DISABLE->1)");
+    }
+
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_RD_DIS_BLK1);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not read-protected flash ecnryption key (set RD_DIS_BLK1->1)");
+    }
+
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_BLK1);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not write-protected flash ecnryption key (set WR_DIS_BLK1->1)");
+    }
+    return result;
+}
+#else // not CONFIG_IDF_TARGET_ESP32
+bool esp_flash_encryption_cfg_verify_release_mode(void)
+{
+    bool result = false;
+    bool secure;
+
+    secure = esp_flash_encryption_enabled();
+    result = secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not enabled Flash Encryption (SPI_BOOT_CRYPT_CNT->1 or max)");
+    }
+
+    uint8_t flash_crypt_cnt = 0;
+    esp_efuse_read_field_blob(ESP_EFUSE_SPI_BOOT_CRYPT_CNT, &flash_crypt_cnt, ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count);
+    if (flash_crypt_cnt != (1 << (ESP_EFUSE_SPI_BOOT_CRYPT_CNT[0]->bit_count)) - 1) {
+        if (!esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_SPI_BOOT_CRYPT_CNT)) {
+            result &= false;
+            ESP_LOGW(TAG, "Not release mode of Flash Encryption (set SPI_BOOT_CRYPT_CNT->max or WR_DIS_SPI_BOOT_CRYPT_CNT->1)");
+        }
+    }
+
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled UART bootloader encryption (set DIS_DOWNLOAD_MANUAL_ENCRYPT->1)");
+    }
+
+#if SOC_EFUSE_DIS_DOWNLOAD_DCACHE
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled UART bootloader Dcache (set DIS_DOWNLOAD_DCACHE->1)");
+    }
+#endif
+
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled UART bootloader cache (set DIS_DOWNLOAD_ICACHE->1)");
+    }
+
+#if SOC_EFUSE_DIS_PAD_JTAG
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_PAD_JTAG);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled JTAG PADs (set DIS_PAD_JTAG->1)");
+    }
+#endif
+
+#if SOC_EFUSE_DIS_USB_JTAG
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_USB_JTAG);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled USB JTAG (set DIS_USB_JTAG->1)");
+    }
+#endif
+
+#if SOC_EFUSE_DIS_DIRECT_BOOT
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DIRECT_BOOT);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled direct boot mode (set DIS_DIRECT_BOOT->1)");
+    }
+#endif
+
+#if SOC_EFUSE_HARD_DIS_JTAG
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_HARD_DIS_JTAG);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled JTAG (set HARD_DIS_JTAG->1)");
+    }
+#endif
+
+#if SOC_EFUSE_DIS_BOOT_REMAP
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_BOOT_REMAP);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled boot from RAM (set DIS_BOOT_REMAP->1)");
+    }
+#endif
+
+#if SOC_EFUSE_DIS_LEGACY_SPI_BOOT
+    secure = esp_efuse_read_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT);
+    result &= secure;
+    if (!secure) {
+        ESP_LOGW(TAG, "Not disabled Legcy SPI boot (set DIS_LEGACY_SPI_BOOT->1)");
+    }
+#endif
+
+    esp_efuse_purpose_t purposes[] = {
+#if SOC_FLASH_ENCRYPTION_XTS_AES_256
+        ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_1,
+        ESP_EFUSE_KEY_PURPOSE_XTS_AES_256_KEY_2,
+#endif
+#if SOC_FLASH_ENCRYPTION_XTS_AES_128
+        ESP_EFUSE_KEY_PURPOSE_XTS_AES_128_KEY,
+#endif
+    };
+    // S2 and S3 chips have both XTS_AES_128_KEY and XTS_AES_256_KEY_1/2.
+    // The check below does not take into account that XTS_AES_128_KEY and XTS_AES_256_KEY_1/2
+    // are mutually exclusive because this will make the chip not functional.
+    // Only one type key must be configured in eFuses.
+    secure = false;
+    for (unsigned i = 0; i < sizeof(purposes) / sizeof(esp_efuse_purpose_t); i++) {
+        esp_efuse_block_t block;
+        if (esp_efuse_find_purpose(purposes[i], &block)) {
+            secure = esp_efuse_get_key_dis_read(block);
+            result &= secure;
+            if (!secure) {
+                ESP_LOGW(TAG, "Not read-protected Flash encryption key in BLOCK%d (set RD_DIS_KEY%d->1)", block, block - EFUSE_BLK_KEY0);
+            }
+            secure = esp_efuse_get_key_dis_write(block);
+            result &= secure;
+            if (!secure) {
+                ESP_LOGW(TAG, "Not write-protected Flash encryption key in BLOCK%d (set WR_DIS_KEY%d->1)", block, block - EFUSE_BLK_KEY0);
+            }
+
+#if SOC_EFUSE_KEY_PURPOSE_FIELD
+            secure = esp_efuse_get_keypurpose_dis_write(block);
+            result &= secure;
+            if (!secure) {
+                ESP_LOGW(TAG, "Not write-protected KEY_PURPOSE for BLOCK%d (set WR_DIS_KEY_PURPOSE%d->1)", block, block - EFUSE_BLK_KEY0);
+            }
+#endif
+        }
+    }
+    result &= secure;
+
+    return result;
+}
+#endif // not CONFIG_IDF_TARGET_ESP32