Merge branch 'espressif:release/v5.4' into release/v5.4

Author: Jason2866

.gitmodules

@@ -49,15 +49,12 @@
 [submodule "components/json/cJSON"]
 	path = components/json/cJSON
 	url = ../../DaveGamble/cJSON.git
-	sbom-version = 1.7.18
+	sbom-version = 1.7.19
 	sbom-cpe = cpe:2.3:a:cjson_project:cjson:{}:*:*:*:*:*:*:*
 	sbom-supplier = Person: Dave Gamble
 	sbom-url = https://github.com/DaveGamble/cJSON
 	sbom-description = Ultralightweight JSON parser in ANSI C
-	sbom-hash = 8f2beb57ddad1f94bed899790b00f46df893ccac
-	sbom-cve-exclude-list = CVE-2024-31755 Resolved in v1.7.18
-	sbom-cve-exclude-list = CVE-2023-26819 Resolved in commit a328d65ad490b64da8c87523cbbfe16050ba5bf6
-	sbom-cve-exclude-list = CVE-2023-53154 Resolved in v1.7.18
+	sbom-hash = c859b25da02955fef659d658b8f324b5cde87be3
 
 [submodule "components/mbedtls/mbedtls"]
 	path = components/mbedtls/mbedtls

components/bootloader/Kconfig.projbuild

@@ -1107,7 +1107,7 @@ menu "Security features"
     endmenu  # Potentially Insecure
 
     config SECURE_FLASH_ENCRYPT_ONLY_IMAGE_LEN_IN_APP_PART
-        bool "Encrypt only the app image that is present in the partition of type app"
+        bool "Encrypt contents upto app image length in app partition"
         depends on SECURE_FLASH_ENC_ENABLED && !SECURE_FLASH_REQUIRE_ALREADY_ENABLED
         default y
         help

components/bootloader_support/include/esp_secure_boot.h

@@ -236,6 +236,23 @@ typedef struct {
     uint8_t signature[64];
 } esp_secure_boot_sig_block_t;
 
+/** @brief Get the size of the secure boot signature block
+ *
+ * This is the size of the signature block appended to a signed image.
+ *
+ * @return Size of the secure boot signature block in bytes
+ */
+static inline uint32_t esp_secure_boot_sig_block_size(void)
+{
+#if CONFIG_SECURE_SIGNED_APPS_RSA_SCHEME || CONFIG_SECURE_SIGNED_APPS_ECDSA_V2_SCHEME
+    return sizeof(ets_secure_boot_signature_t);
+#elif defined(CONFIG_SECURE_SIGNED_APPS_ECDSA_SCHEME)
+    return sizeof(esp_secure_boot_sig_block_t);
+#else
+    return 0;
+#endif
+}
+
 /** @brief Verify the ECDSA secure boot signature block for Secure Boot V1.
  *
  *  Calculates Deterministic ECDSA w/ SHA256 based on the SHA256 hash of the image. ECDSA signature

components/bootloader_support/src/bootloader_random_esp32p4.c

@@ -12,6 +12,7 @@
 #include "soc/lp_adc_reg.h"
 #include "esp_private/regi2c_ctrl.h"
 #include "esp_rom_regi2c.h"
+#include "soc/lpperi_reg.h"
 
 // TODO IDF-6497: once ADC API is supported, use the API instead of defining functions and constants here
 
@@ -50,6 +51,7 @@ void bootloader_random_enable(void)
     pattern_table sar1_table[4] = {};
     uint32_t pattern_len = 0;
 
+    SET_PERI_REG_MASK(LPPERI_CLK_EN_REG, LPPERI_CK_EN_LP_ADC);
     SET_PERI_REG_MASK(HP_SYS_CLKRST_SOC_CLK_CTRL2_REG, HP_SYS_CLKRST_REG_ADC_APB_CLK_EN);
     SET_PERI_REG_MASK(HP_SYS_CLKRST_PERI_CLK_CTRL23_REG, HP_SYS_CLKRST_REG_ADC_CLK_EN);
 

components/bootloader_support/src/flash_encryption/flash_encrypt.c

@@ -413,6 +413,10 @@ static esp_err_t encrypt_partition(int index, const esp_partition_info_t *partit
         if (should_encrypt) {
             // Encrypt only the app image instead of encrypting the whole partition
             size = image_data.image_len;
+#if CONFIG_SECURE_SIGNED_ON_UPDATE_NO_SECURE_BOOT
+            // If secure update without secure boot, also encrypt the signature block
+            size += esp_secure_boot_sig_block_size();
+#endif
         }
 #endif
     } else if ((partition->type == PART_TYPE_DATA && partition->subtype == PART_SUBTYPE_DATA_OTA)

components/bt/common/ble_log/Kconfig.in

@@ -33,12 +33,32 @@ if BLE_LOG_ENABLED
             try to use the LBM with spin lock protection. So the more LBMs with atomic
             lock protection are created, the more ISRs can nest.
 
-    config BLE_LOG_LL_ENABLED
-        bool "Enable BLE Log for Link Layer"
+    config BLE_LOG_IS_ESP_CONTROLLER
+        bool "Current BLE Controller is ESP BLE Controller"
         depends on BT_CONTROLLER_ENABLED
+        depends on SOC_ESP_NIMBLE_CONTROLLER
         default y
         select BT_LE_CONTROLLER_LOG_ENABLED
-        select BT_LE_CONTROLLER_LOG_MODE_BLE_LOG
+        select BT_LE_CONTROLLER_LOG_MODE_BLE_LOG_V2
+        select BLE_LOG_LL_ENABLED
+        help
+            Current BLE Controller is ESP BLE Controller
+
+    config BLE_LOG_IS_ESP_LEGACY_CONTROLLER
+        bool "Current BLE Controller is ESP BLE Legacy Controller"
+        depends on BT_CONTROLLER_ENABLED
+        depends on !SOC_ESP_NIMBLE_CONTROLLER
+        depends on BT_CTRL_RUN_IN_FLASH_ONLY
+        default y
+        select BT_CTRL_LE_LOG_EN
+        select BLE_LOG_LL_ENABLED
+        help
+            Current BLE Controller is ESP BLE Legacy Controller
+
+    config BLE_LOG_LL_ENABLED
+        bool "Enable BLE Log for Link Layer"
+        depends on BT_CONTROLLER_ENABLED
+        default n
         help
             Enable BLE Log for Link Layer
 
@@ -96,11 +116,13 @@ if BLE_LOG_ENABLED
 
         config BLE_LOG_PRPH_SPI_MASTER_DMA
             bool "Utilize SPI master DMA driver as transport"
+            depends on SOC_GPSPI_SUPPORTED
             help
                 Utilize SPI master DMA driver as transport
 
         config BLE_LOG_PRPH_UART_DMA
             bool "Utilize UART DMA driver as transport"
+            depends on SOC_UHCI_SUPPORTED
             help
                 Utilize UART DMA driver as transport
     endchoice

components/bt/common/ble_log/src/internal_include/ble_log_lbm.h

@@ -17,7 +17,6 @@
 
 #include "freertos/FreeRTOS.h"
 #include "freertos/semphr.h"
-#include "freertos/portmacro.h"
 
 /* ------------------------- */
 /*     Log Frame Defines     */

components/bt/common/ble_log/src/internal_include/ble_log_util.h

@@ -17,11 +17,11 @@
 #include <string.h>
 
 #include "esp_bit_defs.h"
+#include "freertos/FreeRTOS.h"
 
 #ifndef UNIT_TEST
-#include "freertos/portmacro.h"
 #include "esp_heap_caps.h"
-#include "esp_rom_serial_output.h"
+#include "esp_rom_uart.h"
 #endif /* !UNIT_TEST */
 
 /* MACRO */
@@ -47,18 +47,9 @@
 #define BLE_LOG_MEMSET(ptr, value, len)         memset(ptr, value, len)
 
 /* Critical section wrapper */
-#ifndef CONFIG_BLE_LOG_LL_ENABLED
 extern portMUX_TYPE ble_log_spin_lock;
 #define BLE_LOG_ENTER_CRITICAL()                portENTER_CRITICAL_SAFE(&ble_log_spin_lock);
 #define BLE_LOG_EXIT_CRITICAL()                 portEXIT_CRITICAL_SAFE(&ble_log_spin_lock);
-#else /* CONFIG_BLE_LOG_LL_ENABLED */
-/* Note
- * It's mandatory to use the same spin lock with Link Layer in multi-core system */
-extern uint32_t npl_freertos_hw_enter_critical(void);
-extern void npl_freertos_hw_exit_critical(uint32_t ctx);
-#define BLE_LOG_ENTER_CRITICAL()                npl_freertos_hw_enter_critical()
-#define BLE_LOG_EXIT_CRITICAL()                 npl_freertos_hw_exit_critical(0)
-#endif /* !CONFIG_BLE_LOG_LL_ENABLED */
 
 #define BLE_LOG_ACQUIRE_SPIN_LOCK(spin_lock)    portENTER_CRITICAL_SAFE(spin_lock)
 #define BLE_LOG_RELEASE_SPIN_LOCK(spin_lock)    portEXIT_CRITICAL_SAFE(spin_lock)

components/bt/common/ble_log/src/prph/ble_log_prph_uart_dma.c

@@ -23,7 +23,7 @@
 
 /* MACRO */
 #define BLE_LOG_UART_MAX_TRANSFER_SIZE      (10240)
-#define BLE_LOG_UART_RX_BUF_SIZE            (32)
+#define BLE_LOG_UART_RX_BUF_SIZE            (256)
 #define BLE_LOG_UART_DMA_BURST_SIZE         (32)
 #if BLE_LOG_PRPH_UART_DMA_REDIR
 #define BLE_LOG_UART_REDIR_BUF_SIZE         (512)
@@ -95,8 +95,6 @@ bool ble_log_prph_init(size_t trans_cnt)
         .data_bits = UART_DATA_8_BITS,
         .parity = UART_PARITY_DISABLE,
         .stop_bits = UART_STOP_BITS_1,
-        .flow_ctrl = UART_HW_FLOWCTRL_CTS_RTS,
-        .rx_flow_ctrl_thresh = 122,
     };
     if ((uart_param_config(CONFIG_BLE_LOG_PRPH_UART_DMA_PORT, &uart_config) != ESP_OK) ||
         (uart_set_pin(CONFIG_BLE_LOG_PRPH_UART_DMA_PORT,

components/bt/controller/esp32/bt.c

@@ -48,9 +48,13 @@
 #include "esp_rom_sys.h"
 #include "hli_api.h"
 
+#if CONFIG_BLE_LOG_ENABLED
+#include "ble_log.h"
+#else /* !CONFIG_BLE_LOG_ENABLED */
 #if CONFIG_BT_BLE_LOG_SPI_OUT_ENABLED
 #include "ble_log/ble_log_spi_out.h"
 #endif // CONFIG_BT_BLE_LOG_SPI_OUT_ENABLED
+#endif /* CONFIG_BLE_LOG_ENABLED */
 
 #if CONFIG_BT_ENABLED
 
@@ -878,9 +882,22 @@ static int IRAM_ATTR cause_sw_intr_to_core_wrapper(int core_id, int intr_no)
 #if CONFIG_FREERTOS_UNICORE
     cause_sw_intr((void *)intr_no);
 #else /* CONFIG_FREERTOS_UNICORE */
+#if CONFIG_FREERTOS_SMP
+    uint32_t state = portDISABLE_INTERRUPTS();
+#else
+    uint32_t state = portSET_INTERRUPT_MASK_FROM_ISR();
+#endif
     if (xPortGetCoreID() == core_id) {
         cause_sw_intr((void *)intr_no);
+#if CONFIG_FREERTOS_SMP
+        portRESTORE_INTERRUPTS(state);
+    } else {
+        portRESTORE_INTERRUPTS(state);
+#else
+        portCLEAR_INTERRUPT_MASK_FROM_ISR(state);
     } else {
+        portCLEAR_INTERRUPT_MASK_FROM_ISR(state);
+#endif
         err = esp_ipc_call(core_id, cause_sw_intr, (void *)intr_no);
     }
 #endif /* !CONFIG_FREERTOS_UNICORE */
@@ -1501,11 +1518,7 @@ static void hli_queue_setup_pinned_to_core(int core_id)
 #if CONFIG_FREERTOS_UNICORE
     hli_queue_setup_cb(NULL);
 #else /* CONFIG_FREERTOS_UNICORE */
-    if (xPortGetCoreID() == core_id) {
-        hli_queue_setup_cb(NULL);
-    } else {
-        esp_ipc_call(core_id, hli_queue_setup_cb, NULL);
-    }
+    esp_ipc_call_blocking(core_id, hli_queue_setup_cb, NULL);
 #endif /* !CONFIG_FREERTOS_UNICORE */
 }
 #endif /* CONFIG_BTDM_CTRL_HLI */
@@ -1702,13 +1715,21 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg)
     coex_init();
 #endif
 
+#if CONFIG_BLE_LOG_ENABLED
+    if (!ble_log_init()) {
+        ESP_LOGE(BTDM_LOG_TAG, "BLE Log v2 init failed");
+        err = ESP_ERR_NO_MEM;
+        goto error;
+    }
+#else /* !CONFIG_BLE_LOG_ENABLED */
 #if CONFIG_BT_BLE_LOG_SPI_OUT_ENABLED
     if (ble_log_spi_out_init() != 0) {
         ESP_LOGE(BTDM_LOG_TAG, "BLE Log SPI output init failed");
         err = ESP_ERR_NO_MEM;
         goto error;
     }
 #endif // CONFIG_BT_BLE_LOG_SPI_OUT_ENABLED
+#endif /* CONFIG_BLE_LOG_ENABLED */
 
     btdm_cfg_mask = btdm_config_mask_load();
 
@@ -1737,9 +1758,13 @@ esp_err_t esp_bt_controller_init(esp_bt_controller_config_t *cfg)
 
 error:
 
+#if CONFIG_BLE_LOG_ENABLED
+    ble_log_deinit();
+#else /* !CONFIG_BLE_LOG_ENABLED */
 #if CONFIG_BT_BLE_LOG_SPI_OUT_ENABLED
     ble_log_spi_out_deinit();
 #endif // CONFIG_BT_BLE_LOG_SPI_OUT_ENABLED
+#endif /* CONFIG_BLE_LOG_ENABLED */
 
     bt_controller_deinit_internal();
 
@@ -1752,9 +1777,13 @@ esp_err_t esp_bt_controller_deinit(void)
         return ESP_ERR_INVALID_STATE;
     }
 
+#if CONFIG_BLE_LOG_ENABLED
+    ble_log_deinit();
+#else /* !CONFIG_BLE_LOG_ENABLED */
 #if CONFIG_BT_BLE_LOG_SPI_OUT_ENABLED
     ble_log_spi_out_deinit();
 #endif // CONFIG_BT_BLE_LOG_SPI_OUT_ENABLED
+#endif /* CONFIG_BLE_LOG_ENABLED */
 
     btdm_controller_deinit();