Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

espsecure: read_hsm_config now can prompt for HSM PIN (ESPTOOL-716) #900

Closed

Conversation

rretanubun
Copy link
Contributor

Description of change

If the config file contains credentials = prompt during image signing process, the user will be prompted to type in the HSM PIN. This avoids the need to have the HSM PIN written as plaintext into a config file, which is not a secure practice.

I have tested this change with the following hardware & software combinations:

espsecure using NitroKey HSM2 HW on Linux Ubuntu 22.04

@github-actions github-actions bot changed the title espsecure: read_hsm_config now can prompt for HSM PIN espsecure: read_hsm_config now can prompt for HSM PIN (ESPTOOL-716) Jul 17, 2023
@radimkarnis
Copy link
Collaborator

Hello @rretanubun,
thank you for contributing! We will get to this PR soon. If all goes well and it passes our internal review queue, this will get merged.

Comment on lines 40 to 45
# Check if config.["credentials"] is set to "prompt" and prompt for HSM PIN
credentials_config_val = config.get(section, "credentials")
if credentials_config_val == "prompt":
hsm_pin = getpass("\nPlease enter the PIN of your HSM:\n")
config.set(section, "credentials", hsm_pin)

Copy link
Contributor

@Harshal5 Harshal5 Jul 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alternatively, rather than using the word "prompt" (might be misleading), we can just remove the credentials option from the config file and add a check that if the option is absent, get the credentials using a prompt.

Suggested change
# Check if config.["credentials"] is set to "prompt" and prompt for HSM PIN
credentials_config_val = config.get(section, "credentials")
if credentials_config_val == "prompt":
hsm_pin = getpass("\nPlease enter the PIN of your HSM:\n")
config.set(section, "credentials", hsm_pin)
# If the config file does not contain the "credentials" option, prompt for the HSM PIN
if not config.has_option(section, "credentials"):
hsm_pin = getpass("Please enter the PIN of your HSM:\n")
config.set(section, "credentials", hsm_pin)

Also, you will need to remove the "credentials" options from the default section_options list (line 35)
( section_options = ["pkcs11_lib", "slot", "label"] )

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you also add a note in the documentation regarding these changes?
Something like,

To avoid storing the PIN in plaintext, you could simply remove the `credentials` option from the config file, and during signing using the HSM, you could enter it using the prompt.

would suffice.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Harshal5 : I understand your perspective and it is do-able for sure. I am of the opinion that explicitly stating credentials = prompt in the config file is more intuitive and make the config files (and examples) more clear because there is no presumed default -- every setting is spelled out in the config file itself.

Let me know if you feel strongly about making credentials optional and I can apply the updates as requested.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For documentation update (if we stay with prompt) : This is what I have in mind:

  1. Change the sample to say credentials = prompt and then document
Below is a sample HSM config file (hsm_config.ini) for using [SoftHSMv2](https://github.com/opendnssec/SoftHSMv2) as an external HSM:

>> insert config file with credentials = prompt here as in the current example <<

Using this config file, the script will prompt for the HSM pin to be typed in for operations that need HSM access.
Alternatively the keyword `prompt` can be replaced with the `HSM pin` (e.g. 1234) to avoid being prompted.
Note that this is not a good practice for security and using `prompt` is recommended.

This way the example (which most people will copy-and paste) already sets them up to the safer behavior

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rretanubun There might be a case where the user pin of a token could be the word "prompt" itself (tried using SoftHSM2, it seems possible). In such a situation the user will not be able to get the expected behavior.
Even if say we do not come across such a situation, I think making the credentials field optional would be a better approach rather than deciding on a word (say "prompt") and hardcoding it into the tool.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair point. Code and documentation updated as requested.

@Harshal5
Copy link
Contributor

Hello @rretanubun,

Thank you for the update!
Just a suggestion regarding the changes.

@rretanubun rretanubun requested a review from Harshal5 July 19, 2023 18:29
@radimkarnis
Copy link
Collaborator

Thank you @rretanubun, LGTM! Before merging, could you please:

  1. squash the commits
  2. fix the issue detected by the flake8 linter (./espsecure/esp_hsm_sign/__init__.py:40:89: E501 line too long (90 > 88 characters))
  3. change the commit message to follow the conventional commits standard. Something like feat(espsecure): Allow promoting for HSM PIN in read_hsm_config would be nice.

Thank you very much!

If hsm_config does not contain "credentials" the user will be
prompted for the HSM PIN.

This avoids the need to have HSM PINs typed in config files
which is not a good security practice.

ADJUNCT: Updated documentation to reflect new usage
@rretanubun rretanubun force-pushed the espsecure-prompt-for-hsm-pin branch from 5c9ea60 to 70cb931 Compare July 24, 2023 12:12
Jason2866 added a commit to Jason2866/esptool that referenced this pull request Nov 4, 2023
* docs: espsecure remote signing using a HSM broken link fix

* fix(rfc2217_server): Use new reset sequences

* fix(ESP32-S3): Lower CPU freq to improve flasher stub stability

Closes espressif#832

* fix: Unknown chip (ID or magic number) error

* pyinstaller: fix glibc dependency on gnu/linux

pyinstaller package for linux is built within the ubuntu-latest image in
github workflow. This may cause prbolem with glibc symbol versions on
older distributions, where the new symbol versions are not available.
Fix this by building on the older ubuntu version.

Closes espressif#843

Signed-off-by: Frantisek Hrbata <[email protected]>

* tests: Create custom `host_test` marker for tests without real chip connected

Closes espressif#838

* fix(ESP32-S3): Temporarily disable increasing CPU freq

Related to espressif#848

Related to espressif#842

* build: add esp_rfc2217_server to published scripts

Closes espressif#846

* Update version to v4.5.1

* Update version to v4.6-dev

* espefuse: Hide sensitive info by default during burning burn_key and burn_key_digest

Adds --show-sensitive-info flag for two commands:
burn_key and burn_key_digest.

* flasher_stub: pass -mabi=ilp32 to the RISC-V compiler

This is a no-op change for the upstream toolchain (compiled stubs are
binary identical), but is required when building with Debian's
riscv64-unknown-elf-gcc compiler.

* flasher_stub: allow passing extra CFLAGS

The flasher_stub Makefile allows for some system-local configuration,
either through local.mk, or through environment variables.

For example, the compiler prefix can be overridden, by defining e.g.
CROSS_ESPRISCV32. However, passing additional flags to the compiler
isn't possible right now. Add EXTRA_CFLAGS and EXTRA_CFLAGS_ESPRISCV32
to allow for that option.

* flasher_stub: collect all targets at the top, DRY

* flasher_stub: make target selection more modular

Rather than a special "make esp32", create WITHOUT_* variables to
selectively disable chip families. Currently, WITHOUT_ESP8266,
WITHOUT_ESP32_XTENSA and WITHOUT_ESP32_RISCV32 are defined, but the code
can be easily adjusted to allow for all kinds of other
sets/combinations.

* flasher_stub: create %.json targets, make all a proper PHONY

* flasher_stub: drop --embed from wrap_stub.py

Since commit 94f29a5 the flasher stub is not embedded in the Python
source, but rather included as simple json files.

As such, wrap_stub.py --embed was converted to basically just vary the
build dir. Rather than keep this indirection and for better clarity,
remove that piece of code and replace it by a simple "cp" in the
Makefile.

While at it, replace the target name from "embed" to "install", as this
more akin to a "make install" step.

* espefuse: Support burning ECDSA_KEY from pem file

- fix some assert check in test_espefuse.py
- add tests to cover the new functionality

* espefuse(c2): Fix BLOCK_KEY0 view for summary cmd when SB + FE keys are burnt

For C2 secure boot + flash enc block, we saw that in summary cmd
"0's" from secure boot digest part (upper 128 bit) were translated
into "?'s" when the block was read protected.
For C2, we should apply this translation for lower 128 bits only.

* fix(ESP32-C6): Fix get_pkg_version and get_{major,minor}_chip_version

* image_info: removed check that reserved bytes in image header are zero

IDF may start using parts of the reserved bytes in the extended header at any time,
which will break chip auto-detect in image_info.

* build: limit max cryptography version to 40

* fix: Set flash parameters even with --flash_size keep

Related to espressif/esp-idf#10788

Related to espressif/esp-idf#10959

* build: add arm and arm64 as build target

Closes espressif#845

* Fix typo in serial protocol docs

Fixes misspelling of `triggered` in serial protocol docs.

Signed-off-by: hasheddan <[email protected]>

* Support more recent reedsolo packages

- https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.6.1 - this seems to be related to licenses only.
- https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.7.0 - this is related to installation.

Closes espressif#872

* build(arm): add pip extra url for github action build

* ci: Fix libffi symlinks for cryptography>=40

* espefuse: Prevent burning XTS_AES and ECDSA keys into BLOCK9 (BLOCK_KEY5)

eFuse module has a hardware bug.
It is related to ESP32-C3, C6, S3, H2 chips:
    - BLOCK9 (BLOCK_KEY5) can not be used by XTS_AES keys.
For H2 chips, the BLOCK9 (BLOCK_KEY5) can not be used by ECDSA keys.
S2 does not have such a hardware bug.

* image_info: Display disabled WP pin as disabled

The image formats know about the special value 0xee used to disable WP.
Display this with image_info.

E.g.:

ESP32-C3 extended image header
==============================
WP pin: 0xee (disabled)

* image_info: Print chip ID's name if known

Example:

Flash pins drive settings: clk_drv: 0x0, q_drv: 0x0, d_drv: 0x0, cs0_drv: 0x0, hd_drv: 0x0, wp_drv: 0x0
Chip ID: 5 (ESP32-C3)
Minimal chip revision: v0.0, (legacy min_rev = 0)
Maximal chip revision: v655.35

An unknown ID will be printed as:

Chip ID: 42 (Unknown ID)

* tests: Make the testsuite Windows compatible

* espefuse: Adds external esp instance

Closes espressif#873

* espefuse: Improve efuse error viewing

* espefuse: Explicit setting of efuse time settings

EFUSE_PWR_ON_NUM in C3 has default value = 0x2880, now = 0x3000

* docs(Boot log): Add all esp targets to cover boot troubleshooting

Closes espressif#732

* fix: USB-JTAG-Serial PID detection error

* esptool: Move bootdesc on the top of the ram segment

* espefuse: Move some vars under init method to speedup tool after adding yaml support

* espefuse: Adds yaml efuse description files for all chip

- esptool: Updates eFuses wafer major&minor versions
- esptool(esp32c6): Adds package versions
- espefuse(esp32c6): Replace PKG_VERSION BLK_VERSION_MINOR BLK_VERSION_MAJOR
- espefuse(esp32c6): Adds adc calib efuses
- espefuse: Adds yaml files for Build with PyInstaller

* efuse(H2): Adds RF Calibration Information

* espsecure: Improve error message for incorrect PEM format

Closes espressif#881

* bugfix(usb_jtag_serial): Autofeed super watchdog (SWD) to avoid resets during flashing

* esptool: Read 64-bit MAC address on C6 and H2

* bugfix: Adjust wrapper scripts to not import themselves

* bugfix(espsecure): Print a clear error message if incompatible OpenSSL backend is used

Closes espressif#878

* fix: inconsistent usage of dirs separator

* feat(esptool): add option to dump whole flash based on detected size

Closes espressif#461

* Update version to v4.6

* Update version to v4.7-dev

* fix(ESP32-S3): Correct RTC WDT registers to fix resets during flashing

* Update version to v4.6.1

* Update version to v4.7-dev

* docs: add explanation for flash_id example to avoid confusion

* docs(boot-log): fix list formatting

* docs: add c2, c6 and h2 as build targets

* fix(compressed upload): Accept short data blocks with only Adler-32 bytes

* fix(CH9102F): Suggest to install new serial drivers if writing to RAM fails

* esptool & espefuse: Fix byte order in MAC (for C6 and H2)

MAC: 60:55:f9:ff:fe:f7:2c:a2 (EUI64, used for IEEE802154)
BASE MAC: 60:55:f9:f7:2c:a2 (used for BT)
MAC_EXT: ff:fe

* Update version to v4.6.2

* Update version to v4.7

* change: Add conventional precommit linter

* ci(pre-commit): Update version of `conventional-precommit-linter`

* feat(get_security_info): Improved the output format and added more
details

* fix(esp32-c2): Enable flashing in secure download mode

Closes espressif#895

* ci: Add DangerJS checks to GL and GH

* feat(esptool): Add PICO package for ESP32S3 and flash/psram efuses

* feat(esptool): Add tests for get_chip_features

* feat(esptool): Add new packages for ESP32C3 and flash efuses

* fix(expand file args): Correctly print the expanded command

* feat(espsecure): Allow prompting for HSM PIN in read_hsm_config

If hsm_config does not contain "credentials" the user will be
prompted for the HSM PIN.

This avoids the need to have HSM PINs typed in config files
which is not a good security practice.

ADJUNCT: Updated documentation to reflect new usage

Closes espressif#900

* fix(dangerGH): Update token permissions - allow Danger to add comments to PR

* fix(elf2image): fix text/rodata mapping overlap issue on uni-idrom bus chips

* fix: assert in esp32 exclusive workaround

* docs: Add other resources page

* fix(autodetection): Remove the ESP32-S2 ROM class from get_security_info autodetection

* change(pre-commit): Bump version conventional-precommit-linter to 1.2.1

* feat(esptool): added target to esp32p4

* feat(espefuse): Add support for esp32p4 chip

* fix: Fix redirection of STDOUT

Closes espressif#904

* fix(danger-github): Fir Danger GitHub token permission

* ci(danger-github): Fix github-action-bot permissions for posting Danger output

* ci: Shared danger to local stage (remove possible double CI pipelines)

* ci: add 'flake8-import-order' as a dependecy to flake8

* fix(bin_image): Check only ELF sections when searching for .flash.appdesc

Closes espressif#917

* feat(efuse): ESP32P4 adds ecdsa_key support

* feat(efuse): Update key purpose table and tests

* feat(esp32-s3): Support >16MB quad flash chips

Adds support for the W25Q256 and GD25Q256 flash chips.

Closes espressif#883

* ci(dev_release): Upload dev releases to PyPI with GH Actions

* ci: fix pipeline for building docs

* feat(merge_bin): add support for uf2 format

* feat(esp32c3): Support ECO6 and ECO7 magic numbers

* ci(gitlab_ci): Change only/except syntax to rules

* fix(flasher_stub): fix usb-serial-jtag enabled non-related intr source

* fix(loader): Could not open serial port message adjusted

* ci(gitlab): Fix deploying docs to production

* ci(github): Fix pyinstaller builds on ubuntu

* docs(basic-commands): added note for PowerShell users for merge_bin command

Closes espressif#923

* feat: Add support for Python 3.12

* feat(loader): Added hints for some serial port issues when rising port error

Closes espressif/esp-idf#12366

* feat: add support for get_security_info on esp32c3 ECO7

* docs(troubleshooting): Explain issues when flashing with USB-Serial/JTAG or USB-OTG

Closes espressif#924

* feat(espefuse): Update the way to complete the operation

* docs(boot_mode_selection): Correct secondary strapping pin boot mode levels

Closes espressif#928

* feat(espefuse): Adds efuse ADC calibration data for ESP32H2

* feat(rfc2217_server): Add hard reset sequence

* feat(elf2image): add ram-only-header argument

The ram-only-header configuration makes only
the RAM segments visible to the ROM bootloader placing
them at the beginning of the file and altering the
segment count from the image header with the quantity
of these segments, and also writing only their
checksum. This segment placement also may not result
as optimal as the standard way regarding the padding
gap use among the flash segments that could result
in a less fragmented binary.

The image built must then handle the basic hardware
initialization and the flash mapping for code execution
after ROM bootloader boot it.

Signed-off-by: Marek Matej <[email protected]>
Signed-off-by: Almir Okato <[email protected]>

* feat(esp32p4): Stub flasher support

* refactor(stub_flasher): Cleanup, make adding new targets easier

* feat: add support for intel hex format

---------

Signed-off-by: Frantisek Hrbata <[email protected]>
Signed-off-by: hasheddan <[email protected]>
Signed-off-by: Marek Matej <[email protected]>
Signed-off-by: Almir Okato <[email protected]>
Co-authored-by: harshal.patil <[email protected]>
Co-authored-by: radim.karnis <[email protected]>
Co-authored-by: Frantisek Hrbata <[email protected]>
Co-authored-by: Peter Dragun <[email protected]>
Co-authored-by: KonstantinKondrashov <[email protected]>
Co-authored-by: Faidon Liambotis <[email protected]>
Co-authored-by: XiNGRZ <[email protected]>
Co-authored-by: Marius Vikhammer <[email protected]>
Co-authored-by: hasheddan <[email protected]>
Co-authored-by: Roland Dobai <[email protected]>
Co-authored-by: Trent Piepho <[email protected]>
Co-authored-by: Dean Gardiner <[email protected]>
Co-authored-by: Massimiliano Montagni <[email protected]>
Co-authored-by: Tomas Sebestik <[email protected]>
Co-authored-by: Aditya Patwardhan <[email protected]>
Co-authored-by: Richard Retanubun <[email protected]>
Co-authored-by: wuzhenghui <[email protected]>
Co-authored-by: Armando <[email protected]>
Co-authored-by: Jakub Kocka <[email protected]>
Co-authored-by: 20162026 <[email protected]>
Co-authored-by: Almir Okato <[email protected]>
Jason2866 added a commit to Jason2866/esptool that referenced this pull request Nov 7, 2023
* docs: espsecure remote signing using a HSM broken link fix

* fix(rfc2217_server): Use new reset sequences

* fix(ESP32-S3): Lower CPU freq to improve flasher stub stability

Closes espressif#832

* fix: Unknown chip (ID or magic number) error

* pyinstaller: fix glibc dependency on gnu/linux

pyinstaller package for linux is built within the ubuntu-latest image in
github workflow. This may cause prbolem with glibc symbol versions on
older distributions, where the new symbol versions are not available.
Fix this by building on the older ubuntu version.

Closes espressif#843

Signed-off-by: Frantisek Hrbata <[email protected]>

* tests: Create custom `host_test` marker for tests without real chip connected

Closes espressif#838

* fix(ESP32-S3): Temporarily disable increasing CPU freq

Related to espressif#848

Related to espressif#842

* build: add esp_rfc2217_server to published scripts

Closes espressif#846

* Update version to v4.5.1

* Update version to v4.6-dev

* espefuse: Hide sensitive info by default during burning burn_key and burn_key_digest

Adds --show-sensitive-info flag for two commands:
burn_key and burn_key_digest.

* flasher_stub: pass -mabi=ilp32 to the RISC-V compiler

This is a no-op change for the upstream toolchain (compiled stubs are
binary identical), but is required when building with Debian's
riscv64-unknown-elf-gcc compiler.

* flasher_stub: allow passing extra CFLAGS

The flasher_stub Makefile allows for some system-local configuration,
either through local.mk, or through environment variables.

For example, the compiler prefix can be overridden, by defining e.g.
CROSS_ESPRISCV32. However, passing additional flags to the compiler
isn't possible right now. Add EXTRA_CFLAGS and EXTRA_CFLAGS_ESPRISCV32
to allow for that option.

* flasher_stub: collect all targets at the top, DRY

* flasher_stub: make target selection more modular

Rather than a special "make esp32", create WITHOUT_* variables to
selectively disable chip families. Currently, WITHOUT_ESP8266,
WITHOUT_ESP32_XTENSA and WITHOUT_ESP32_RISCV32 are defined, but the code
can be easily adjusted to allow for all kinds of other
sets/combinations.

* flasher_stub: create %.json targets, make all a proper PHONY

* flasher_stub: drop --embed from wrap_stub.py

Since commit 94f29a5 the flasher stub is not embedded in the Python
source, but rather included as simple json files.

As such, wrap_stub.py --embed was converted to basically just vary the
build dir. Rather than keep this indirection and for better clarity,
remove that piece of code and replace it by a simple "cp" in the
Makefile.

While at it, replace the target name from "embed" to "install", as this
more akin to a "make install" step.

* espefuse: Support burning ECDSA_KEY from pem file

- fix some assert check in test_espefuse.py
- add tests to cover the new functionality

* espefuse(c2): Fix BLOCK_KEY0 view for summary cmd when SB + FE keys are burnt

For C2 secure boot + flash enc block, we saw that in summary cmd
"0's" from secure boot digest part (upper 128 bit) were translated
into "?'s" when the block was read protected.
For C2, we should apply this translation for lower 128 bits only.

* fix(ESP32-C6): Fix get_pkg_version and get_{major,minor}_chip_version

* image_info: removed check that reserved bytes in image header are zero

IDF may start using parts of the reserved bytes in the extended header at any time,
which will break chip auto-detect in image_info.

* build: limit max cryptography version to 40

* fix: Set flash parameters even with --flash_size keep

Related to espressif/esp-idf#10788

Related to espressif/esp-idf#10959

* build: add arm and arm64 as build target

Closes espressif#845

* Fix typo in serial protocol docs

Fixes misspelling of `triggered` in serial protocol docs.

Signed-off-by: hasheddan <[email protected]>

* Support more recent reedsolo packages

- https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.6.1 - this seems to be related to licenses only.
- https://github.com/tomerfiliba-org/reedsolomon/releases/tag/v1.7.0 - this is related to installation.

Closes espressif#872

* build(arm): add pip extra url for github action build

* ci: Fix libffi symlinks for cryptography>=40

* espefuse: Prevent burning XTS_AES and ECDSA keys into BLOCK9 (BLOCK_KEY5)

eFuse module has a hardware bug.
It is related to ESP32-C3, C6, S3, H2 chips:
    - BLOCK9 (BLOCK_KEY5) can not be used by XTS_AES keys.
For H2 chips, the BLOCK9 (BLOCK_KEY5) can not be used by ECDSA keys.
S2 does not have such a hardware bug.

* image_info: Display disabled WP pin as disabled

The image formats know about the special value 0xee used to disable WP.
Display this with image_info.

E.g.:

ESP32-C3 extended image header
==============================
WP pin: 0xee (disabled)

* image_info: Print chip ID's name if known

Example:

Flash pins drive settings: clk_drv: 0x0, q_drv: 0x0, d_drv: 0x0, cs0_drv: 0x0, hd_drv: 0x0, wp_drv: 0x0
Chip ID: 5 (ESP32-C3)
Minimal chip revision: v0.0, (legacy min_rev = 0)
Maximal chip revision: v655.35

An unknown ID will be printed as:

Chip ID: 42 (Unknown ID)

* tests: Make the testsuite Windows compatible

* espefuse: Adds external esp instance

Closes espressif#873

* espefuse: Improve efuse error viewing

* espefuse: Explicit setting of efuse time settings

EFUSE_PWR_ON_NUM in C3 has default value = 0x2880, now = 0x3000

* docs(Boot log): Add all esp targets to cover boot troubleshooting

Closes espressif#732

* fix: USB-JTAG-Serial PID detection error

* esptool: Move bootdesc on the top of the ram segment

* espefuse: Move some vars under init method to speedup tool after adding yaml support

* espefuse: Adds yaml efuse description files for all chip

- esptool: Updates eFuses wafer major&minor versions
- esptool(esp32c6): Adds package versions
- espefuse(esp32c6): Replace PKG_VERSION BLK_VERSION_MINOR BLK_VERSION_MAJOR
- espefuse(esp32c6): Adds adc calib efuses
- espefuse: Adds yaml files for Build with PyInstaller

* efuse(H2): Adds RF Calibration Information

* espsecure: Improve error message for incorrect PEM format

Closes espressif#881

* bugfix(usb_jtag_serial): Autofeed super watchdog (SWD) to avoid resets during flashing

* esptool: Read 64-bit MAC address on C6 and H2

* bugfix: Adjust wrapper scripts to not import themselves

* bugfix(espsecure): Print a clear error message if incompatible OpenSSL backend is used

Closes espressif#878

* fix: inconsistent usage of dirs separator

* feat(esptool): add option to dump whole flash based on detected size

Closes espressif#461

* Update version to v4.6

* Update version to v4.7-dev

* fix(ESP32-S3): Correct RTC WDT registers to fix resets during flashing

* Update version to v4.6.1

* Update version to v4.7-dev

* docs: add explanation for flash_id example to avoid confusion

* docs(boot-log): fix list formatting

* docs: add c2, c6 and h2 as build targets

* fix(compressed upload): Accept short data blocks with only Adler-32 bytes

* fix(CH9102F): Suggest to install new serial drivers if writing to RAM fails

* esptool & espefuse: Fix byte order in MAC (for C6 and H2)

MAC: 60:55:f9:ff:fe:f7:2c:a2 (EUI64, used for IEEE802154)
BASE MAC: 60:55:f9:f7:2c:a2 (used for BT)
MAC_EXT: ff:fe

* Update version to v4.6.2

* Update version to v4.7

* change: Add conventional precommit linter

* ci(pre-commit): Update version of `conventional-precommit-linter`

* feat(get_security_info): Improved the output format and added more
details

* fix(esp32-c2): Enable flashing in secure download mode

Closes espressif#895

* ci: Add DangerJS checks to GL and GH

* feat(esptool): Add PICO package for ESP32S3 and flash/psram efuses

* feat(esptool): Add tests for get_chip_features

* feat(esptool): Add new packages for ESP32C3 and flash efuses

* fix(expand file args): Correctly print the expanded command

* feat(espsecure): Allow prompting for HSM PIN in read_hsm_config

If hsm_config does not contain "credentials" the user will be
prompted for the HSM PIN.

This avoids the need to have HSM PINs typed in config files
which is not a good security practice.

ADJUNCT: Updated documentation to reflect new usage

Closes espressif#900

* fix(dangerGH): Update token permissions - allow Danger to add comments to PR

* fix(elf2image): fix text/rodata mapping overlap issue on uni-idrom bus chips

* fix: assert in esp32 exclusive workaround

* docs: Add other resources page

* fix(autodetection): Remove the ESP32-S2 ROM class from get_security_info autodetection

* change(pre-commit): Bump version conventional-precommit-linter to 1.2.1

* feat(esptool): added target to esp32p4

* feat(espefuse): Add support for esp32p4 chip

* fix: Fix redirection of STDOUT

Closes espressif#904

* fix(danger-github): Fir Danger GitHub token permission

* ci(danger-github): Fix github-action-bot permissions for posting Danger output

* ci: Shared danger to local stage (remove possible double CI pipelines)

* ci: add 'flake8-import-order' as a dependecy to flake8

* fix(bin_image): Check only ELF sections when searching for .flash.appdesc

Closes espressif#917

* feat(efuse): ESP32P4 adds ecdsa_key support

* feat(efuse): Update key purpose table and tests

* feat(esp32-s3): Support >16MB quad flash chips

Adds support for the W25Q256 and GD25Q256 flash chips.

Closes espressif#883

* ci(dev_release): Upload dev releases to PyPI with GH Actions

* ci: fix pipeline for building docs

* feat(merge_bin): add support for uf2 format

* feat(esp32c3): Support ECO6 and ECO7 magic numbers

* ci(gitlab_ci): Change only/except syntax to rules

* fix(flasher_stub): fix usb-serial-jtag enabled non-related intr source

* fix(loader): Could not open serial port message adjusted

* ci(gitlab): Fix deploying docs to production

* ci(github): Fix pyinstaller builds on ubuntu

* docs(basic-commands): added note for PowerShell users for merge_bin command

Closes espressif#923

* feat: Add support for Python 3.12

* feat(loader): Added hints for some serial port issues when rising port error

Closes espressif/esp-idf#12366

* feat: add support for get_security_info on esp32c3 ECO7

* docs(troubleshooting): Explain issues when flashing with USB-Serial/JTAG or USB-OTG

Closes espressif#924

* feat(espefuse): Update the way to complete the operation

* docs(boot_mode_selection): Correct secondary strapping pin boot mode levels

Closes espressif#928

* feat(espefuse): Adds efuse ADC calibration data for ESP32H2

* feat(rfc2217_server): Add hard reset sequence

* feat(elf2image): add ram-only-header argument

The ram-only-header configuration makes only
the RAM segments visible to the ROM bootloader placing
them at the beginning of the file and altering the
segment count from the image header with the quantity
of these segments, and also writing only their
checksum. This segment placement also may not result
as optimal as the standard way regarding the padding
gap use among the flash segments that could result
in a less fragmented binary.

The image built must then handle the basic hardware
initialization and the flash mapping for code execution
after ROM bootloader boot it.

Signed-off-by: Marek Matej <[email protected]>
Signed-off-by: Almir Okato <[email protected]>

* feat(esp32p4): Stub flasher support

* refactor(stub_flasher): Cleanup, make adding new targets easier

* feat: add support for intel hex format

* feat(xip_psram): support xip psram feature on esp32p4

Expanded IROM / DROM range to include psram space as well

* Delete docs directory

* Delete .gitlab-ci.yml

* Delete .pre-commit-config.yaml

* Delete MANIFEST.in

* Update build_esptool.yml

* Delete .github/workflows/test_esptool.yml

---------

Signed-off-by: Frantisek Hrbata <[email protected]>
Signed-off-by: hasheddan <[email protected]>
Signed-off-by: Marek Matej <[email protected]>
Signed-off-by: Almir Okato <[email protected]>
Co-authored-by: harshal.patil <[email protected]>
Co-authored-by: radim.karnis <[email protected]>
Co-authored-by: Frantisek Hrbata <[email protected]>
Co-authored-by: Peter Dragun <[email protected]>
Co-authored-by: KonstantinKondrashov <[email protected]>
Co-authored-by: Faidon Liambotis <[email protected]>
Co-authored-by: XiNGRZ <[email protected]>
Co-authored-by: Marius Vikhammer <[email protected]>
Co-authored-by: hasheddan <[email protected]>
Co-authored-by: Roland Dobai <[email protected]>
Co-authored-by: Trent Piepho <[email protected]>
Co-authored-by: Dean Gardiner <[email protected]>
Co-authored-by: Massimiliano Montagni <[email protected]>
Co-authored-by: Tomas Sebestik <[email protected]>
Co-authored-by: Aditya Patwardhan <[email protected]>
Co-authored-by: Richard Retanubun <[email protected]>
Co-authored-by: wuzhenghui <[email protected]>
Co-authored-by: Armando <[email protected]>
Co-authored-by: Jakub Kocka <[email protected]>
Co-authored-by: 20162026 <[email protected]>
Co-authored-by: Almir Okato <[email protected]>
peterdragun pushed a commit to peterdragun/esptool that referenced this pull request Jul 16, 2024
If hsm_config does not contain "credentials" the user will be
prompted for the HSM PIN.

This avoids the need to have HSM PINs typed in config files
which is not a good security practice.

ADJUNCT: Updated documentation to reflect new usage

Closes espressif#900
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants