Add efuse reading firmware and burning tool

This commit is contained in:
Renze Nicolai 2021-12-30 00:46:17 +01:00
parent 29afbb9631
commit 2e761530e5
14 changed files with 1913 additions and 0 deletions

10
build_efuse.sh Executable file
View file

@ -0,0 +1,10 @@
#!/usr/bin/bash
set -e
cd esp-idf
source ./export.sh
cd ../
cd efuse
idf.py build

2
efuse/.gitignore vendored Normal file
View file

@ -0,0 +1,2 @@
sdkconfig.old
build

6
efuse/CMakeLists.txt Normal file
View file

@ -0,0 +1,6 @@
# The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.5)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(appfs-test)

8
efuse/Makefile Normal file
View file

@ -0,0 +1,8 @@
#
# This is a project Makefile. It is assumed the directory this Makefile resides in is a
# project subdirectory.
#
PROJECT_NAME := hello-world
include $(IDF_PATH)/make/project.mk

39
efuse/burn.sh Executable file
View file

@ -0,0 +1,39 @@
#!/bin/bash
set -e # Exit script on error
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <port>"
exit 1
fi
PORT=$1
echo "Burning e-fuses for MCH2022 badge on port $PORT..."
# Set the flash/psram voltage to 3.3V
espefuse.py --port $PORT --do-not-confirm set_flash_voltage 3.3V # Ignore GPIO12 (MTDI) and force flash/psram voltage (using XPD efuses)
# Write protect the basic system settings
espefuse.py --port $PORT --do-not-confirm write_protect_efuse MAC # Disables writing to MAC, MAC_CRC, CIP_VER_REV1, CHIP_VERSION, CHIP_PACKAGE fuses
espefuse.py --port $PORT --do-not-confirm write_protect_efuse CODING_SCHEME # Disables writing to CODING_SCHEME, KEY_STATUS, FLASH_CRYPT_CONFIG, BLK3_PART_RESERVE
# Write protect the XPD fuses
espefuse.py --port $PORT --do-not-confirm write_protect_efuse XPD_SDIO_FORCE # Disables writing to XPD_SDIO_FORCE, XPD_SDIO_REG and XPD_SDIO_TIEH
# Write protect the SPI pad fuses
espefuse.py --port $PORT --do-not-confirm write_protect_efuse SPI_PAD_CONFIG_CLK # Disables writing to CHIP_VER_REV2 and all SPI_PAD_CONFIG_X fuses
# Write protect the JTAG disable fuse (don't allow people to disable JTAG)
espefuse.py --port $PORT --do-not-confirm write_protect_efuse JTAG_DISABLE
# Disable the BASIC ROM console (it causes problems with waking up from deep sleep)
espefuse.py --port $PORT --do-not-confirm burn_efuse CONSOLE_DEBUG_DISABLE
# Write protect the download mode disable efuse
espefuse.py --port $PORT --do-not-confirm write_protect_efuse UART_DOWNLOAD_DIS # Disables writing to FLASH_CRYPT_CNT, UART_DOWNLOAD_DIS and EFUSE_WR_DIS_FLASH_CRYPT_CNT
# Write protect the secure boot fuses (don't allow people to enable secure boot)
espefuse.py --port $PORT --do-not-confirm write_protect_efuse DISABLE_DL_ENCRYPT # Disables writing to CONSOLE_DEBUG_DISABLE, DISABLE_DL_ENCRYPT, DISABLE_DL_DECRYPT and DISABLE_DL_CACHE
espefuse.py --port $PORT --do-not-confirm write_protect_efuse ABS_DONE_0
espefuse.py --port $PORT --do-not-confirm write_protect_efuse ABS_DONE_1

View file

@ -0,0 +1,6 @@
idf_component_register(
SRCS "main.c"
"esp_efuse_custom_table.c"
INCLUDE_DIRS "."
"include"
)

4
efuse/main/component.mk Normal file
View file

@ -0,0 +1,4 @@
#
# "main" pseudo-component makefile.
#
# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)

View file

@ -0,0 +1,106 @@
/*
* SPDX-FileCopyrightText: 2017-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#include "sdkconfig.h"
#include "esp_efuse.h"
#include <assert.h>
#include "esp_efuse_custom_table.h"
// md5_digest_table 6db56af37887e1bd4dd25861bbc384d1
// This file was generated from the file esp_efuse_custom_table.csv. DO NOT CHANGE THIS FILE MANUALLY.
// If you want to change some fields, you need to change esp_efuse_custom_table.csv file
// then run `efuse_common_table` or `efuse_custom_table` command it will generate this file.
// To show efuse_table run the command 'show_efuse_table'.
#define MAX_BLK_LEN CONFIG_EFUSE_MAX_BLK_LEN
// The last free bit in the block is counted over the entire file.
static const esp_efuse_desc_t WR_DIS_WR_DIS[] = {
{EFUSE_BLK0, 1, 1}, // Write protection for WR_DIS,
};
static const esp_efuse_desc_t WR_DIS_MAC_AND_CHIP_INFO[] = {
{EFUSE_BLK0, 3, 1}, // Write protection for MAC,
};
static const esp_efuse_desc_t WR_DIS_XPD[] = {
{EFUSE_BLK0, 5, 1}, // Write protection for XPD_SDIO_FORCE,
};
static const esp_efuse_desc_t WR_DIS_SPI_PAD[] = {
{EFUSE_BLK0, 6, 1}, // Write protection for CHIP_VER_REV2,
};
static const esp_efuse_desc_t WR_DIS_SCHEME_KEY_CRYPT[] = {
{EFUSE_BLK0, 10, 1}, // Write protection for CODING_SCHEME,
};
static const esp_efuse_desc_t WR_DIS_ABS_DONE_0[] = {
{EFUSE_BLK0, 12, 1}, // Write protection for ABS_DONE_0,
};
static const esp_efuse_desc_t WR_DIS_ABS_DONE_1[] = {
{EFUSE_BLK0, 13, 1}, // Write protection for ABS_DONE_1,
};
static const esp_efuse_desc_t WR_DIS_JTAG_DISABLE[] = {
{EFUSE_BLK0, 14, 1}, // Write protection for JTAG_DISABLE,
};
static const esp_efuse_desc_t WR_DIS_CONSOLE_DEBUG_AND_DISABLE_DL_CRYPT[] = {
{EFUSE_BLK0, 15, 1}, // Write protection for CONSOLE_DEBUG_DISABLE,
};
const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_WR_DIS[] = {
&WR_DIS_WR_DIS[0], // Write protection for WR_DIS
NULL
};
const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_MAC_AND_CHIP_INFO[] = {
&WR_DIS_MAC_AND_CHIP_INFO[0], // Write protection for MAC
NULL
};
const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_XPD[] = {
&WR_DIS_XPD[0], // Write protection for XPD_SDIO_FORCE
NULL
};
const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SPI_PAD[] = {
&WR_DIS_SPI_PAD[0], // Write protection for CHIP_VER_REV2
NULL
};
const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SCHEME_KEY_CRYPT[] = {
&WR_DIS_SCHEME_KEY_CRYPT[0], // Write protection for CODING_SCHEME
NULL
};
const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_ABS_DONE_0[] = {
&WR_DIS_ABS_DONE_0[0], // Write protection for ABS_DONE_0
NULL
};
const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_ABS_DONE_1[] = {
&WR_DIS_ABS_DONE_1[0], // Write protection for ABS_DONE_1
NULL
};
const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_JTAG_DISABLE[] = {
&WR_DIS_JTAG_DISABLE[0], // Write protection for JTAG_DISABLE
NULL
};
const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_CONSOLE_DEBUG_AND_DISABLE_DL_CRYPT[] = {
&WR_DIS_CONSOLE_DEBUG_AND_DISABLE_DL_CRYPT[0], // Write protection for CONSOLE_DEBUG_DISABLE
NULL
};

View file

@ -0,0 +1,16 @@
# After editing this file, run the command manually "make efuse_custom_table" or "idf.py efuse_custom_table"
# WR_DIS_EFUSE_RD_DISABLE, EFUSE_BLK0, 0, 1, Write protection for RD_DIS, ADC_VREF
WR_DIS_WR_DIS, EFUSE_BLK0, 1, 1, Write protection for WR_DIS
# WR_DIS_FLASH_CRYPT_CNT, EFUSE_BLK0, 2, 1, Write protection for FLASH_CRYPT_CNT, UART_DOWNLOAD_DIS
WR_DIS_MAC_AND_CHIP_INFO, EFUSE_BLK0, 3, 1, Write protection for MAC, MAC_CRC, CIP_VER_REV1, CHIP_VERSION, CHIP_PACKAGE
WR_DIS_XPD, EFUSE_BLK0, 5, 1, Write protection for XPD_SDIO_FORCE, XPD_SDIO_REG, XPD_SDIO_TIEH
WR_DIS_SPI_PAD, EFUSE_BLK0, 6, 1, Write protection for CHIP_VER_REV2, SPI_PAD_CONFIG
# WR_DIS_BLK1, EFUSE_BLK0, 7, 1, Write protection for WR_DIS_BLK1
# WR_DIS_BLK2, EFUSE_BLK0, 8, 1, Write protection for WR_DIS_BLK2
# WR_DIS_BLK3, EFUSE_BLK0, 9, 1, Write protection for WR_DIS_BLK3, MAC_VERSION
WR_DIS_SCHEME_KEY_CRYPT, EFUSE_BLK0, 10, 1, Write protection for CODING_SCHEME, KEY_STATUS, FLASH_CRYPT_CONFIG, BLK3_PART_RESERVE
WR_DIS_ABS_DONE_0, EFUSE_BLK0, 12, 1, Write protection for ABS_DONE_0
WR_DIS_ABS_DONE_1, EFUSE_BLK0, 13, 1, Write protection for ABS_DONE_1
WR_DIS_JTAG_DISABLE, EFUSE_BLK0, 14, 1, Write protection for JTAG_DISABLE
WR_DIS_CONSOLE_DEBUG_AND_DISABLE_DL_CRYPT, EFUSE_BLK0, 15, 1, Write protection for CONSOLE_DEBUG_DISABLE, DISABLE_DL
Can't render this file because it contains an unexpected character in line 1 and column 53.

View file

@ -0,0 +1,31 @@
/*
* SPDX-FileCopyrightText: 2017-2021 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
#ifdef __cplusplus
extern "C" {
#endif
// md5_digest_table 6db56af37887e1bd4dd25861bbc384d1
// This file was generated from the file esp_efuse_custom_table.csv. DO NOT CHANGE THIS FILE MANUALLY.
// If you want to change some fields, you need to change esp_efuse_custom_table.csv file
// then run `efuse_common_table` or `efuse_custom_table` command it will generate this file.
// To show efuse_table run the command 'show_efuse_table'.
extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_WR_DIS[];
extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_MAC_AND_CHIP_INFO[];
extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_XPD[];
extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SPI_PAD[];
extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_SCHEME_KEY_CRYPT[];
extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_ABS_DONE_0[];
extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_ABS_DONE_1[];
extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_JTAG_DISABLE[];
extern const esp_efuse_desc_t* ESP_EFUSE_WR_DIS_CONSOLE_DEBUG_AND_DISABLE_DL_CRYPT[];
#ifdef __cplusplus
}
#endif

78
efuse/main/main.c Normal file
View file

@ -0,0 +1,78 @@
#include <stdio.h>
#include "sdkconfig.h"
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "esp_system.h"
#include "esp_spi_flash.h"
#include "esp_efuse.h"
#include "esp_efuse_table.h"
#include "esp_efuse_custom_table.h"
void print_state() {
esp_chip_info_t chip_info;
esp_chip_info(&chip_info);
uint8_t mac_address[6];
esp_err_t res = esp_efuse_mac_get_default(mac_address);
if (res != ESP_OK) {
printf("Error while reading MAC address: %d\n", res);
return;
}
bool secure_boot_v1_enabled = esp_efuse_read_field_bit(ESP_EFUSE_ABS_DONE_0);
bool secure_boot_v2_enabled = esp_efuse_read_field_bit(ESP_EFUSE_ABS_DONE_1);
bool jtag_disabled = esp_efuse_read_field_bit(ESP_EFUSE_DISABLE_JTAG);
bool rom_basic_disabled = esp_efuse_read_field_bit(ESP_EFUSE_CONSOLE_DEBUG_DISABLE);
bool uart_download_disabled = esp_efuse_read_field_bit(ESP_EFUSE_UART_DOWNLOAD_DIS);
bool wp_efuse_rd_disable = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_EFUSE_RD_DISABLE);
bool wp_wr_dis = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_WR_DIS);
bool wp_flash_crypt_cnt = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_FLASH_CRYPT_CNT);
bool wp_mac_chip_info = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_MAC_AND_CHIP_INFO);
bool wp_xpd = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_XPD);
bool wp_spi_pad = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_SPI_PAD);
bool wp_blk1 = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_BLK1);
bool wp_blk2 = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_BLK2);
bool wp_blk3 = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_BLK3);
bool wp_scheme_key_crypt = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_SCHEME_KEY_CRYPT);
bool wp_abs_done_0 = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_ABS_DONE_0);
bool wp_abs_done_1 = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_ABS_DONE_1);
bool wp_jtag_disable = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_JTAG_DISABLE);
bool wp_basic_console_dl_crypt = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_CONSOLE_DEBUG_AND_DISABLE_DL_CRYPT);
bool rd_blk1 = esp_efuse_read_field_bit(ESP_EFUSE_RD_DIS_BLK1);
bool rd_blk2 = esp_efuse_read_field_bit(ESP_EFUSE_RD_DIS_BLK2);
bool rd_blk3 = esp_efuse_read_field_bit(ESP_EFUSE_RD_DIS_BLK3);
printf("This is %s chip with %d CPU core(s), WiFi%s%s, ",
CONFIG_IDF_TARGET,
chip_info.cores,
(chip_info.features & CHIP_FEATURE_BT) ? "/BT" : "",
(chip_info.features & CHIP_FEATURE_BLE) ? "/BLE" : "");
printf("silicon revision %d, ", chip_info.revision);
printf("%dMB %s flash\n", spi_flash_get_chip_size() / (1024 * 1024), (chip_info.features & CHIP_FEATURE_EMB_FLASH) ? "embedded" : "external");
printf("Minimum free heap size: %d bytes\n", esp_get_minimum_free_heap_size());
printf("MAC address: %02x:%02x:%02x:%02x:%02x:%02x\n", mac_address[0], mac_address[1], mac_address[2], mac_address[3], mac_address[4], mac_address[5]);
printf("Secure boot v1 enabled: %s\n", secure_boot_v1_enabled ? "yes" : "no");
printf("Secure boot v2 enabled: %s\n", secure_boot_v2_enabled ? "yes" : "no");
printf("JTAG disabled: %s\n", jtag_disabled ? "yes" : "no");
printf("ROM BASIC disabled: %s\n", rom_basic_disabled ? "yes" : "no");
printf("UART DL mode disabled: %s\n", uart_download_disabled ? "yes" : "no");
printf("Write protect for EFUSE READ DISABLE %s\n", wp_efuse_rd_disable ? "yes" : "no");
printf("Write protect for EFUSE WRITE DISABLE %s\n", wp_wr_dis ? "yes" : "no");
printf("Write protect for FLASH_CRYPT_CNT: %s\n", wp_flash_crypt_cnt ? "yes" : "no");
printf("Write protect for MAC & chip info: %s\n", wp_mac_chip_info ? "yes" : "no");
printf("Write protect XPD settings: %s\n", wp_xpd ? "yes" : "no");
printf("Write protect SPI settings: %s\n", wp_spi_pad ? "yes" : "no");
printf("Write protect for EFUSE block 1: %s\n", wp_blk1 ? "yes" : "no");
printf("Write protect for EFUSE block 2: %s\n", wp_blk2 ? "yes" : "no");
printf("Write protect for EFUSE block 3: %s\n", wp_blk3 ? "yes" : "no");
printf("Write protect for coding scheme, key status & crypto config: %s\n", wp_scheme_key_crypt ? "yes" : "no");
printf("Write protect for secure boot V1 enable: %s\n", wp_abs_done_0 ? "yes" : "no");
printf("Write protect for secure boot V2 enable: %s\n", wp_abs_done_1 ? "yes" : "no");
printf("Write protect for JTAG disable: %s\n", wp_jtag_disable ? "yes" : "no");
printf("Write protect for BASIC console disable & DL crypt: %s\n", wp_basic_console_dl_crypt ? "yes" : "no");
printf("Read disabled for EFUSE block 1: %s\n", rd_blk1 ? "yes" : "no");
printf("Read disabled for EFUSE block 2: %s\n", rd_blk2 ? "yes" : "no");
printf("Read disabled for EFUSE block 3: %s\n", rd_blk3 ? "yes" : "no");
fflush(stdout);
}
void app_main(void) {
print_state();
}

7
efuse/partitions.csv Normal file
View file

@ -0,0 +1,7 @@
# Name, Type, SubType, Offset, Size, Flags
nvs, data, nvs, 0x9000, 0x4000
otadata, data, ota, 0xd000, 0x2000
phy_init, data, phy, 0xf000, 0x1000
ota_0, 0, ota_0, 0x10000, 1856K
ota_1, 0, ota_1, , 1856K
locfd, data, fat, , 12608K
1 # Name, Type, SubType, Offset, Size, Flags
2 nvs, data, nvs, 0x9000, 0x4000
3 otadata, data, ota, 0xd000, 0x2000
4 phy_init, data, phy, 0xf000, 0x1000
5 ota_0, 0, ota_0, 0x10000, 1856K
6 ota_1, 0, ota_1, , 1856K
7 locfd, data, fat, , 12608K

1581
efuse/sdkconfig Normal file

File diff suppressed because it is too large Load diff

19
flash_efuse.sh Executable file
View file

@ -0,0 +1,19 @@
#!/usr/bin/bash
set -e
cd esp-idf
source ./export.sh
cd ../
cd efuse
if [ "$#" -eq 1 ]; then
idf.py flash -p $1
else
if [ "$#" -ne 0 ]; then
echo "Illegal number of parameters"
else
idf.py flash
fi
fi