code-image-backup-public/fastbee
1
0
Fork 0
mirror of https://gitee.com/beecue/fastbee.git synced 2025-12-19 17:35:54 +08:00
Code Issues Packages Projects Releases Wiki Activity

添加智能灯固件代码

Browse Source
This commit is contained in:
kerwincui
2021-07-13 17:14:51 +08:00
parent 332f74dd17
commit ecc0b91b8b
2568 changed files with 229441 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
firmware/esp-idf/wumei-smart-firmware/examples/security/flash_encryption/CMakeLists.txt Normal file
View File

@@ -0,0 +1,6 @@
# The following lines of boilerplate have to be in your project's
# CMakeLists in this exact order for cmake to work correctly
cmake_minimum_required(VERSION 3.5)
include($ENV{IDF_PATH}/tools/cmake/project.cmake)
project(flash_encryption)

9
firmware/esp-idf/wumei-smart-firmware/examples/security/flash_encryption/Makefile Normal file
View File

@@ -0,0 +1,9 @@
#
# This is a project Makefile. It is assumed the directory this Makefile resides in is a
# project subdirectory.
#
PROJECT_NAME := flash-encryption
include $(IDF_PATH)/make/project.mk

116
firmware/esp-idf/wumei-smart-firmware/examples/security/flash_encryption/README.md Normal file
View File

@@ -0,0 +1,116 @@
| Supported Targets | ESP32 |
| ----------------- | ----- |
# Flash Encryption
The example checks if the flash encryption feature is enabled/disabled and if enabled prints the flash encryption mode (DEVELOPMENT / RELEASE) and FLASH_CRYPT_CNT eFuse value.
The example also demonstrates writing and reading encrypted partitions in flash.
## How to use example
### Hardware Required
### Configure the project
```
idf.py menuconfig
```
* Enable the flash encryption mode (Development or Release) under Security Features. Default usage mode is Development (recommended during test and development phase).
Note: After enabling flash encryption, the bootloader size increases, which means that the offset of the partition table must be changed to 0x9000 from 0x8000 to prevent the bootloader from overlapping with the partition table. In this example, the default offset of the partition table is 0x9000.
### Build and Flash
When building the project and flashing it to the board FOR THE FIRST TIME after enabling flash encryption feature in menuconfig, run following command to program ESP32 and monitor the output:
```
idf.py -p PORT flash monitor
```
(To exit the serial monitor, type ``Ctrl-]``.)
See the Getting Started Guide for full steps to configure and use ESP-IDF to build projects.
When reprogramming the device subsequently use following command for encrypted write of new plaintext application:
```
idf.py -p PORT encrypted-app-flash monitor
```
Please note above command programs only the app partition. In order to reprogram all partitions (bootloader, partition table and application) in encrypted form use:
```
idf.py -p PORT encrypted-flash monitor
```
## Example Output
When running the example without enabling flash encryption, the output would be as follows:
```
Example to check Flash Encryption status
This is ESP32 chip with 2 CPU cores, WiFi/BT/BLE, silicon revision 0, 2MB external flash
FLASH_CRYPT_CNT eFuse value is 0
Flash encryption feature is disabled
Erasing partition "storage" (0x1000 bytes)
Writing data with esp_partition_write:
I (378) example: 0x3ffb4dc0 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f |................|
I (378) example: 0x3ffb4dd0 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f |................|
Reading with esp_partition_read:
I (388) example: 0x3ffb4da0 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f |................|
I (398) example: 0x3ffb4db0 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f |................|
Reading with spi_flash_read:
I (408) example: 0x3ffb4da0 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f |................|
I (418) example: 0x3ffb4db0 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f |................|
```
After enabling flash encryption in Development mode, the output shows the process of enabling the flash encryption:
```
I (168) boot: Checking flash encryption...
I (168) flash_encrypt: Generating new flash encryption key...
I (187) flash_encrypt: Read & write protecting new key...
I (187) flash_encrypt: Setting CRYPT_CONFIG efuse to 0xF
W (188) flash_encrypt: Not disabling UART bootloader encryption
I (195) flash_encrypt: Disable UART bootloader decryption...
I (201) flash_encrypt: Disable UART bootloader MMU cache...
I (208) flash_encrypt: Disable JTAG...
I (212) flash_encrypt: Disable ROM BASIC interpreter fallback...
....
....
....
I (13229) flash_encrypt: Flash encryption completed
I (13229) boot: Resetting with flash encryption enabled...
```
Once the flash encryption is enabled the device will reset itself. At this stage the flash contents are in encrypted form. The output would be similar to:
```
Example to check Flash Encryption status
This is ESP32 chip with 2 CPU cores, WiFi/BT/BLE, silicon revision 0, 4MB external flash
FLASH_CRYPT_CNT eFuse value is 1
Flash encryption feature is enabled in DEVELOPMENT mode
Erasing partition "storage" (0x1000 bytes)
Writing data with esp_partition_write:
I (451) example: 0x3ffb4dc0 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f |................|
I (451) example: 0x3ffb4dd0 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f |................|
Reading with esp_partition_read:
I (461) example: 0x3ffb4da0 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f |................|
I (471) example: 0x3ffb4db0 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f |................|
Reading with spi_flash_read:
I (491) example: 0x3ffb4b30 35 9b f2 07 b4 6d 40 89 28 b4 1e 22 98 7b 4a 36 |5....m@.(..".{J6|
I (491) example: 0x3ffb4b40 ba 89 81 67 77 a3 60 5e 0a e7 51 01 b3 58 c2 f6 |...gw.`^..Q..X..|
```
## Troubleshooting
It is also possible to use esptool.py utility to read the eFuse values and check if flash encryption is enabled or not
```
python $IDF_PATH/components/esptool_py/esptool/espefuse.py --port PORT summary
```
If FLASH_CRYPT_CNT eFuse value is non-zero flash encryption is enabled

62
firmware/esp-idf/wumei-smart-firmware/examples/security/flash_encryption/example_test.py Normal file
View File

@@ -0,0 +1,62 @@
from __future__ import print_function
import binascii
from io import BytesIO
from collections import namedtuple
import os
import sys
import ttfw_idf
try:
import espsecure
except ImportError:
idf_path = os.getenv("IDF_PATH")
if not idf_path or not os.path.exists(idf_path):
raise
sys.path.insert(0, os.path.join(idf_path, "components", "esptool_py", "esptool"))
import espsecure
# To prepare a test runner for this example:
# 1. Generate zero flash encryption key:
# dd if=/dev/zero of=key.bin bs=1 count=32
# 2.Burn Efuses:
# espefuse.py --do-not-confirm -p $ESPPORT burn_efuse FLASH_CRYPT_CONFIG 0xf
# espefuse.py --do-not-confirm -p $ESPPORT burn_efuse FLASH_CRYPT_CNT 0x1
# espefuse.py --do-not-confirm -p $ESPPORT burn_key flash_encryption key.bin
@ttfw_idf.idf_example_test(env_tag='Example_Flash_Encryption')
def test_examples_security_flash_encryption(env, extra_data):
dut = env.get_dut('flash_encryption', 'examples/security/flash_encryption', dut_class=ttfw_idf.ESP32DUT)
# start test
dut.start_app()
# calculate the expected ciphertext
flash_addr = dut.app.partition_table["storage"]["offset"]
plain_hex_str = '00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f'
plain_data = binascii.unhexlify(plain_hex_str.replace(' ', ''))
# Emulate espsecure encrypt_flash_data command
EncryptFlashDataArgs = namedtuple('EncryptFlashDataArgs', ['output', 'plaintext_file', 'address', 'keyfile', 'flash_crypt_conf'])
args = EncryptFlashDataArgs(BytesIO(), BytesIO(plain_data), flash_addr, BytesIO(b'\x00' * 32), 0xF)
espsecure.encrypt_flash_data(args)
expected_ciphertext = args.output.getvalue()
hex_ciphertext = binascii.hexlify(expected_ciphertext).decode('ascii')
expected_str = (' '.join(hex_ciphertext[i:i + 2] for i in range(0, 16, 2)) + ' ' +
' '.join(hex_ciphertext[i:i + 2] for i in range(16, 32, 2)))
lines = [
'FLASH_CRYPT_CNT eFuse value is 1',
'Flash encryption feature is enabled in DEVELOPMENT mode',
'with esp_partition_write',
plain_hex_str,
'with esp_partition_read',
plain_hex_str,
'with spi_flash_read',
expected_str
]
for line in lines:
dut.expect(line, timeout=2)
if __name__ == '__main__':
test_examples_security_flash_encryption()

2
firmware/esp-idf/wumei-smart-firmware/examples/security/flash_encryption/main/CMakeLists.txt Normal file
View File

@@ -0,0 +1,2 @@
idf_component_register(SRCS "flash_encrypt_main.c"
INCLUDE_DIRS ".")

5
firmware/esp-idf/wumei-smart-firmware/examples/security/flash_encryption/main/component.mk Normal file
View File

@@ -0,0 +1,5 @@
#
# "main" pseudo-component makefile.
#
# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)

106
firmware/esp-idf/wumei-smart-firmware/examples/security/flash_encryption/main/flash_encrypt_main.c Normal file
View File

@@ -0,0 +1,106 @@
/* Flash encryption Example
This example code is in the Public Domain (or CC0 licensed, at your option.)
Unless required by applicable law or agreed to in writing, this
software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
CONDITIONS OF ANY KIND, either express or implied.
*/
#include <stdio.h>
#include "freertos/FreeRTOS.h"
#include "freertos/task.h"
#include "soc/efuse_reg.h"
#include "esp_efuse.h"
#include "esp_system.h"
#include "esp_spi_flash.h"
#include "esp_partition.h"
#include "esp_flash_encrypt.h"
#include "esp_efuse_table.h"
static void example_print_chip_info(void);
static void example_print_flash_encryption_status(void);
static void example_read_write_flash(void);
static const char* TAG = "example";
#if CONFIG_IDF_TARGET_ESP32
#define TARGET_CRYPT_CNT_EFUSE ESP_EFUSE_FLASH_CRYPT_CNT
#define TARGET_CRYPT_CNT_WIDTH 7
#elif CONFIG_IDF_TARGET_ESP32S2
#define TARGET_CRYPT_CNT_EFUSE ESP_EFUSE_SPI_BOOT_CRYPT_CNT
#define TARGET_CRYPT_CNT_WIDTH 3
#endif
void app_main(void)
{
printf("\nExample to check Flash Encryption status\n");
example_print_chip_info();
example_print_flash_encryption_status();
example_read_write_flash();
}
static void example_print_chip_info(void)
{
/* Print chip information */
esp_chip_info_t chip_info;
esp_chip_info(&chip_info);
printf("This is ESP32 chip with %d CPU cores, WiFi%s%s, ",
chip_info.cores,
(chip_info.features & CHIP_FEATURE_BT) ? "/BT" : "",
(chip_info.features & CHIP_FEATURE_BLE) ? "/BLE" : "");
printf("silicon revision %d, ", chip_info.revision);
printf("%dMB %s flash\n", spi_flash_get_chip_size() / (1024 * 1024),
(chip_info.features & CHIP_FEATURE_EMB_FLASH) ? "embedded" : "external");
}
static void example_print_flash_encryption_status(void)
{
uint32_t flash_crypt_cnt = 0;
esp_efuse_read_field_blob(TARGET_CRYPT_CNT_EFUSE, &flash_crypt_cnt, TARGET_CRYPT_CNT_WIDTH);
printf("FLASH_CRYPT_CNT eFuse value is %d\n", flash_crypt_cnt);
esp_flash_enc_mode_t mode = esp_get_flash_encryption_mode();
if (mode == ESP_FLASH_ENC_MODE_DISABLED) {
printf("Flash encryption feature is disabled\n");
} else {
printf("Flash encryption feature is enabled in %s mode\n",
mode == ESP_FLASH_ENC_MODE_DEVELOPMENT ? "DEVELOPMENT" : "RELEASE");
}
}
static void example_read_write_flash(void)
{
const esp_partition_t* partition = esp_partition_find_first(
ESP_PARTITION_TYPE_DATA, ESP_PARTITION_SUBTYPE_ANY, "storage");
assert(partition);
printf("Erasing partition \"%s\" (0x%x bytes)\n", partition->label, partition->size);
ESP_ERROR_CHECK(esp_partition_erase_range(partition, 0, partition->size));
/* Generate the data which will be written */
const size_t data_size = 32;
uint8_t plaintext_data[data_size];
for (uint8_t i = 0; i < data_size; ++i) {
plaintext_data[i] = i;
}
printf("Writing data with esp_partition_write:\n");
ESP_LOG_BUFFER_HEXDUMP(TAG, plaintext_data, data_size, ESP_LOG_INFO);
ESP_ERROR_CHECK(esp_partition_write(partition, 0, plaintext_data, data_size));
uint8_t read_data[data_size];
printf("Reading with esp_partition_read:\n");
ESP_ERROR_CHECK(esp_partition_read(partition, 0, read_data, data_size));
ESP_LOG_BUFFER_HEXDUMP(TAG, read_data, data_size, ESP_LOG_INFO);
printf("Reading with spi_flash_read:\n");
ESP_ERROR_CHECK(spi_flash_read(partition->address, read_data, data_size));
ESP_LOG_BUFFER_HEXDUMP(TAG, read_data, data_size, ESP_LOG_INFO);
}

5
firmware/esp-idf/wumei-smart-firmware/examples/security/flash_encryption/partitions_example.csv Normal file
View File

@@ -0,0 +1,5 @@
# Name, Type, SubType, Offset, Size, Flags
nvs, data, nvs, , 0x6000,
# Extra partition to demonstrate reading/writing of encrypted flash
storage, data, 0xff, , 0x1000, encrypted
factory, app, factory, , 1M,
1 # Name, Type, SubType, Offset, Size, Flags
2 nvs, data, nvs, , 0x6000,
3 # Extra partition to demonstrate reading/writing of encrypted flash
4 storage, data, 0xff, , 0x1000, encrypted
5 factory, app, factory, , 1M,

12
firmware/esp-idf/wumei-smart-firmware/examples/security/flash_encryption/sdkconfig.ci Normal file
View File

@@ -0,0 +1,12 @@
# Default settings for testing this example in CI.
# This configuration is not secure, don't use it in production!
# See Flash Encryption API Guide for more details.
CONFIG_SECURE_FLASH_ENC_ENABLED=y
CONFIG_SECURE_FLASH_ENCRYPTION_MODE_DEVELOPMENT=y
CONFIG_SECURE_BOOT_ALLOW_ROM_BASIC=y
CONFIG_SECURE_BOOT_ALLOW_JTAG=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_ENC=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_DEC=y
CONFIG_SECURE_FLASH_UART_BOOTLOADER_ALLOW_CACHE=y
CONFIG_SECURE_FLASH_REQUIRE_ALREADY_ENABLED=y

5
firmware/esp-idf/wumei-smart-firmware/examples/security/flash_encryption/sdkconfig.defaults Normal file
View File

@@ -0,0 +1,5 @@
# This example uses an extra partition to demonstrate encrypted/non-encrypted reads/writes.
CONFIG_PARTITION_TABLE_CUSTOM=y
CONFIG_PARTITION_TABLE_CUSTOM_FILENAME="partitions_example.csv"
CONFIG_PARTITION_TABLE_FILENAME="partitions_example.csv"
CONFIG_PARTITION_TABLE_OFFSET=0x9000