Use a non-deprecated bootloader support API in the mock build test.
Keep the test focused on validating the generated bootloader support mock.
Co-authored-by: Cursor <cursoragent@cursor.com>
Remove ~50 duplicate local definitions of ALIGN_UP/ALIGN_DOWN/ALIGN_UP_BY/
ALIGN_DOWN_BY across the codebase and replace them with canonical
ESP_ALIGN_UP/ESP_ALIGN_DOWN from esp_macros.h.
These tests enable features they do not use -- the VFS console, Wi-Fi task core pinning, and
the DS peripheral -- which shift memory layout, interrupt allocation, and peripheral access
enough to fail them. Override the unused options in each test's sdkconfig and ignore the
resulting unknown-symbol build warnings.
The spiram-xip IROM/DROM alignment tests assumed the XIP region always
leaves an alignment gap before the next MMU page: they executed into the
gap and expected an instruction access fault followed by a register dump.
When the section ends exactly on an MMU page boundary there is no gap - the
device prints "<IROM/DROM> alignment gap not added into heap" and returns,
the framework restarts cleanly (esp_restart_noos, no panic), and the test
timed out waiting for a register dump.
fix(mmap): fixed mmap read data wrong when flash being erased/written and cache not disabled
Closes IDFGH-14084
See merge request espressif/esp-idf!29804
Add KASAN support for detecting heap memory safety bugs (buffer
overflows, underflows, use-after-free) at runtime using compiler
instrumentation and shadow memory. Gated behind
CONFIG_IDF_EXPERIMENTAL_FEATURES, with touch points kept to esp_system
and heap so other components stay untouched.
- Core runtime (esp_system/kasan.c, esp_kasan.h): nibble-based shadow
memory in DRAM, poison/unpoison, per-access validation, and __asan_*
stubs; hot-path stubs in IRAM so they stay valid with the flash cache
off. Shadow init runs before heap bring-up.
- Heap integration (heap/heap_kasan*.c): alloc/free hooks add redzones,
a quarantine FIFO, and shadow updates.
- Panic handling: disable checks once at the panic handler entry so
backtrace and stack dumps can read redzones without nested reports.
- Build system: -fsanitize=kernel-address for app code, with HAL, SoC,
esp_rom, SPI flash, esp_hw_support, bootloader_support, FreeRTOS, and
heap internals excluded from instrumentation.
- Test app (tools/test_apps/system/kasan_test): Unity tests for
overflow, underflow, use-after-free, and all sized __asan_* stubs,
with halt and no-halt configurations.
- Docs: document KASAN in the heap memory debugging guide (EN and CN).
Before:
The cache won't be disabled when XIP on psram. But during flash
erasing/programming, read data will be courrupt.
When XIP in psram is enabled, the image is not mapped to the cache so
usually there will be no flash access. The only way to read from flash
is via the driver or use mmap. The driver has protection during erasing,
while th mmap region not.
Now:
Mmap APIs provide a flag to make mmap->unmap region mutually exclusive
to flash erase/programming when XIP from psram. SPI Flash write APIs
will benefit from this. When the flag is used, no concurrent access to
mapped region will happen while writing; otherwise the cache will be
disable to avoid data corruption.
Most ESP-IDF APIs calls mmap with this flag. As for users calling
mmap-like APIs directly, they can choose whether to enable this by a
flag.
Closes https://github.com/espressif/esp-idf/issues/14897
ECDSA based Secure Boot V2 is not functional for certain input vectors on
ESP32-C5/C61/H2/P4 and on the preview targets ESP32-H4/H21. RSA based Secure
Boot V2 is the recommended scheme where the SoC supports it. This issue will be
fixed in a future hardware ECO revision; more details will be shared through the
hardware errata document.
A new hidden Kconfig option SECURE_BOOT_V2_ECDSA_INSECURE marks the affected
mass-production SoCs (ESP32-C5/C61/H2/P4). On these SoCs, when hardware Secure
Boot V2 is enabled, the ECDSA (V2) signing scheme is no longer offered by
default; it must be turned on explicitly via SECURE_BOOT_V2_FORCE_ENABLE_ECDSA
under "Allow potentially insecure options" (CONFIG_SECURE_BOOT_INSECURE). App
signing without hardware Secure Boot is not affected. Note that ESP32-C61 has no
RSA based Secure Boot V2, so it has no Secure Boot scheme enabled by default.
The preview targets ESP32-H4 and ESP32-H21 mark ECDSA Secure Boot V2 as not
supported in their SoC capabilities instead of using the option above. As
ESP32-H4 has no other Secure Boot V2 scheme, Secure Boot is disabled entirely on
it; ESP32-H21 retains RSA based Secure Boot V2.
The security documentation keeps the ECDSA Secure Boot V2 content visible and
adds a warning describing the limitation (including that ECDSA Secure Boot V2 on
ESP32-C61 is not recommended for production). CI apps that exercise ECDSA Secure
Boot V2 on the affected SoCs set CONFIG_SECURE_BOOT_V2_FORCE_ENABLE_ECDSA
accordingly.
feat(freertos): added option for automatically placing task stacks in PSRAM
Closes IDF-15538, IDF-15539, and IDF-15540
See merge request espressif/esp-idf!48953
Refactor the esp_err_to_name() system to decouple esp_common from
higher-level components. Instead of a monolithic generated table,
each component registers its error codes into a dedicated linker
section (.esp_err_msg_table) via idf_define_esp_err_codes() in its
CMakeLists.txt.
New files:
- tools/err_codes_extract.py: extract ESP_ERR_* defines from headers to CSV
- tools/err_codes_to_c.py: generate C source placing entries into linker section
- tools/err_codes_to_rst.py: generate RST documentation from error codes
- tools/cmake/err_codes.cmake: CMake module providing idf_define_esp_err_codes()
- components/esp_common/include/esp_err_codes.h: esp_err_msg_t typedef
- components/esp_common/src/esp_err_to_name_new.c: new lookup using link-time array
- tools/test_apps/build_system/err_codes_check/: CI test app
Changes:
- Remove all optional component dependencies from esp_common/CMakeLists.txt
- Add .esp_err_msg_table section to all 5 linker scripts
- Register error codes in 18 components via idf_define_esp_err_codes()
- Add new scripts to .gitlab/ci/rules.yml build_check patterns
- use new scripts to generate doc and add CI validation
- Update esp_err.rst to add description of composable code registration
The CMakeLists injects CONFIG_ESP_REV_MIN_FULL and CONFIG_XTAL_FREQ on
the command line because those symbols live in esp_common's Kconfig,
which is outside the G0 closure and is not loaded during a restricted
COMPONENTS build. When every discovered component's Kconfig is processed
(IDF_BUILD_V2) the symbols are already defined via their Kconfig
defaults, and the additional -D would conflict with the existing
definition.
Gate the injection so it only runs when the Kconfig is not processed.
g1_components builds a minimal COMPONENTS list. When every component's
Kconfig is processed, components/vfs/Kconfig sets VFS_SUPPORT_IO=y by
default, and the conditional requires in esp_stdio and esp_libc pull
vfs, esp_driver_uart, and their transitive deps into the closure.
Add an sdkconfig.defaults that forces the symbol off so the dependency
graph stays restricted to the components actually under test.
expected_dep_violations only listed the edges visible when
idf_component_optional_requires was a no-op for the dependency graph.
Under build system v2's DEFERRED mode the call propagates the resolved
dependency back into PRIV_REQUIRES, and the graph also captures
esp_common -> {efuse, bootloader_support, app_update} and esp_system ->
esp_app_format.
Add those entries so the script does not flag them when IDF_BUILD_V2
is set.
main/{esp32s2,esp32c3,esp32s3}/test_panic.c uses WDT registers from
esp_hal_wdt. Declare it explicitly so the build works under cmakev2's
strict component isolation.
test(ci): re-enable ESP32-H4 in core system test apps
Closes IDF-15602, IDF-15604, IDF-15605, IDF-15606, and IDF-15612
See merge request espressif/esp-idf!48454