Merge branch 'espressif:release/v5.5' into release/v5.5

Author: Jason2866

.gitlab/ci/common.yml

@@ -191,13 +191,21 @@ variables:
   fi
 
   # Custom OpenOCD
-  if [[ ! -z "$OOCD_DISTRO_URL" && "$CI_JOB_STAGE" == "target_test" ]]; then
-    echo "Using custom OpenOCD from ${OOCD_DISTRO_URL}"
-    wget $OOCD_DISTRO_URL
-    ARCH_NAME=$(basename $OOCD_DISTRO_URL)
-    tar -x -f $ARCH_NAME
-    export OPENOCD_SCRIPTS=$PWD/openocd-esp32/share/openocd/scripts
-    export PATH=$PWD/openocd-esp32/bin:$PATH
+  if [[ "$CI_JOB_STAGE" == "target_test" ]]; then
+    machine="$(uname -m)"
+    if [[ "$machine" == "armv7l" ]] ; then
+      OOCD_DISTRO_URL="$OOCD_DISTRO_URL_ARMHF"
+    elif [[ "$machine" == "aarch64" ]] ; then
+      OOCD_DISTRO_URL="$OOCD_DISTRO_URL_ARM64"
+    fi
+    if [[ ! -z "$OOCD_DISTRO_URL" ]]; then
+      echo "Using custom OpenOCD from ${OOCD_DISTRO_URL}"
+      wget $OOCD_DISTRO_URL
+      ARCH_NAME=$(basename $OOCD_DISTRO_URL)
+      tar -x -f $ARCH_NAME
+      export OPENOCD_SCRIPTS=$PWD/openocd-esp32/share/openocd/scripts
+      export PATH=$PWD/openocd-esp32/bin:$PATH
+    fi
   fi
 
   if [[ -n "$CI_PYTHON_TOOL_REPO" ]]; then

.gitlab/ci/pre_check.yml

@@ -165,6 +165,8 @@ pipeline_variables:
       if [ -n "$CI_PYTHON_CONSTRAINT_BRANCH" ]; then
         echo "BUILD_AND_TEST_ALL_APPS=1" >> pipeline.env
       fi
+    - echo "OOCD_DISTRO_URL_ARMHF=$OOCD_DISTRO_URL_ARMHF" >> pipeline.env
+    - echo "OOCD_DISTRO_URL_ARM64=$OOCD_DISTRO_URL_ARM64" >> pipeline.env
     - python tools/ci/ci_process_description.py
     - cat pipeline.env
     - python tools/ci/artifacts_handler.py upload --type modified_files_and_components_report

.gitmodules

@@ -57,6 +57,7 @@
 	sbom-hash = 8f2beb57ddad1f94bed899790b00f46df893ccac
 	sbom-cve-exclude-list = CVE-2024-31755 Resolved in v1.7.18
 	sbom-cve-exclude-list = CVE-2023-26819 Resolved in commit a328d65ad490b64da8c87523cbbfe16050ba5bf6
+	sbom-cve-exclude-list = CVE-2023-53154 Resolved in v1.7.18
 
 [submodule "components/mbedtls/mbedtls"]
 	path = components/mbedtls/mbedtls

components/bootloader/Kconfig.log.settings

@@ -21,6 +21,7 @@ menu "Settings"
         config BOOTLOADER_LOG_MODE_BINARY
             bool "Binary Log Mode"
             select BOOTLOADER_LOG_MODE_BINARY_EN
+            depends on BOOTLOADER_LOG_VERSION_2
             help
                 Enables binary logging with host-side format string expansion. In this mode, the
                 format argument of ESP_LOGx, ESP_EARLY_LOG, and ESP_DRAM_LOG macros is stored in a

components/bootloader_support/bootloader_flash/src/bootloader_flash.c

@@ -136,7 +136,7 @@ esp_err_t bootloader_flash_erase_range(uint32_t start_addr, uint32_t size)
 #if ESP_TEE_BUILD
 #include "esp_fault.h"
 #include "esp_flash_partitions.h"
-#include "esp32c6/rom/spi_flash.h"
+#include "rom/spi_flash.h"
 
 extern bool esp_tee_flash_check_paddr_in_active_tee_part(size_t paddr);
 #endif

components/bootloader_support/bootloader_flash/src/bootloader_flash_config_esp32c5.c

@@ -55,7 +55,8 @@ void IRAM_ATTR bootloader_init_mspi_clock(void)
     // SPLL clock on C5 is 480MHz , and mspi_pll needs 80MHz
     // in this stage, set divider as 6
     _mspi_timing_ll_set_flash_clk_src(0, FLASH_CLK_SRC_SPLL);
-    mspi_ll_fast_set_hs_divider(6);
+    // MSPI0 and MSPI1 share this core clock register, but only setting to MSPI0 register is valid
+    mspi_timing_ll_set_core_clock(MSPI_TIMING_LL_MSPI_ID_0, MSPI_TIMING_LL_CORE_CLOCK_MHZ_DEFAULT);
 }
 
 void IRAM_ATTR bootloader_flash_clock_config(const esp_image_header_t *pfhdr)

components/bootloader_support/bootloader_flash/src/bootloader_flash_config_esp32c61.c

@@ -52,7 +52,8 @@ void IRAM_ATTR bootloader_init_mspi_clock(void)
     // SPLL clock on C61 is 480MHz , and mspi_pll needs 80MHz
     // in this stage, set divider as 6
     _mspi_timing_ll_set_flash_clk_src(0, FLASH_CLK_SRC_DEFAULT);
-    mspi_ll_fast_set_hs_divider(6);
+    // MSPI0 and MSPI1 share this core clock register, but only setting to MSPI0 register is valid
+    mspi_timing_ll_set_core_clock(MSPI_TIMING_LL_MSPI_ID_0, MSPI_TIMING_LL_CORE_CLOCK_MHZ_DEFAULT);
 }
 
 void IRAM_ATTR bootloader_flash_clock_config(const esp_image_header_t *pfhdr)

components/bootloader_support/src/bootloader_common_loader.c

@@ -28,6 +28,7 @@
 
 #define ESP_PARTITION_HASH_LEN 32 /* SHA-256 digest length */
 #define IS_FIELD_SET(rev_full) (((rev_full) != 65535) && ((rev_full) != 0))
+#define ALIGN_UP(num, align) (((num) + ((align) - 1)) & ~((align) - 1))
 
 static const char* TAG = "boot_comm";
 
@@ -264,7 +265,10 @@ rtc_retain_mem_t* bootloader_common_get_rtc_retain_mem(void)
 #if ESP_ROM_HAS_LP_ROM
     #define RTC_RETAIN_MEM_ADDR (SOC_RTC_DRAM_LOW)
 #else
-    #define RTC_RETAIN_MEM_ADDR (SOC_RTC_DRAM_HIGH - sizeof(rtc_retain_mem_t))
+    /* Since the structure containing the retain_mem_t is aligned on 8 by the linker, make sure we align this
+     * structure size here too */
+    #define RETAIN_MEM_SIZE     ALIGN_UP(sizeof(rtc_retain_mem_t), 8)
+    #define RTC_RETAIN_MEM_ADDR (SOC_RTC_DRAM_HIGH - RETAIN_MEM_SIZE)
 #endif //ESP_ROM_HAS_LP_ROM
     static rtc_retain_mem_t *const s_bootloader_retain_mem = (rtc_retain_mem_t *)RTC_RETAIN_MEM_ADDR;
     return s_bootloader_retain_mem;

components/bootloader_support/src/esp32h2/secure_boot_secure_features.c

@@ -1,10 +1,11 @@
 /*
- * SPDX-FileCopyrightText: 2022 Espressif Systems (Shanghai) CO LTD
+ * SPDX-FileCopyrightText: 2022-2025 Espressif Systems (Shanghai) CO LTD
  *
  * SPDX-License-Identifier: Apache-2.0
  */
 
 #include <strings.h>
+#include "hal/ecdsa_ll.h"
 #include "esp_flash_encrypt.h"
 #include "esp_secure_boot.h"
 #include "esp_efuse.h"
@@ -36,6 +37,12 @@ esp_err_t esp_secure_boot_enable_secure_features(void)
     ESP_LOGW(TAG, "UART ROM Download mode kept enabled - SECURITY COMPROMISED");
 #endif
 
+#ifdef SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
+    if (ecdsa_ll_is_configurable_curve_supported()) {
+        esp_efuse_write_field_bit(ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE);
+    }
+#endif
+
 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG
     ESP_LOGI(TAG, "Disable hardware & software JTAG...");
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_PAD_JTAG);

components/bootloader_support/src/secure_boot.c

@@ -12,6 +12,10 @@
 #include "esp_secure_boot.h"
 #include "hal/efuse_hal.h"
 
+#ifdef SOC_ECDSA_SUPPORTED
+#include "hal/ecdsa_ll.h"
+#endif
+
 #ifndef BOOTLOADER_BUILD
 static __attribute__((unused)) const char *TAG = "secure_boot";
 
@@ -341,15 +345,17 @@ bool esp_secure_boot_cfg_verify_release_mode(void)
     }
 
 #ifdef SOC_ECDSA_P192_CURVE_DEFAULT_DISABLED
-    secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE);
-    if (!secure) {
-        uint8_t current_curve;
-        esp_err_t err = esp_efuse_read_field_blob(ESP_EFUSE_ECDSA_CURVE_MODE, &current_curve, ESP_EFUSE_ECDSA_CURVE_MODE[0]->bit_count);
-        if (err == ESP_OK) {
-            if (current_curve != ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P256_BIT_LOCKED) {
-                // If not P256 mode
-                result &= secure;
-                ESP_LOGW(TAG, "Not write disabled ECDSA curve mode (set WR_DIS_ECDSA_CURVE_MODE->1)");
+    if (ecdsa_ll_is_configurable_curve_supported()) {
+        secure = esp_efuse_read_field_bit(ESP_EFUSE_WR_DIS_ECDSA_CURVE_MODE);
+        if (!secure) {
+            uint8_t current_curve;
+            esp_err_t err = esp_efuse_read_field_blob(ESP_EFUSE_ECDSA_CURVE_MODE, &current_curve, ESP_EFUSE_ECDSA_CURVE_MODE[0]->bit_count);
+            if (err == ESP_OK) {
+                if (current_curve != ESP_EFUSE_ECDSA_CURVE_MODE_ALLOW_ONLY_P256_BIT_LOCKED) {
+                    // If not P256 mode
+                    result &= secure;
+                    ESP_LOGW(TAG, "Not write disabled ECDSA curve mode (set WR_DIS_ECDSA_CURVE_MODE->1)");
+                }
             }
         }
     }