espressif: add downgrade prevention feature Signed-off-by: Almir Okato <almir.okato@espressif.com>

commit: 84da51b646ed4ca13729ac79edc27fe8e0f973bd [log] [tgz]
author: Almir Okato <almir.okato@espressif.com> Fri Nov 25 01:25:41 2022 -0300
committer: Gustavo Henrique Nihei <38959758+gustavonihei@users.noreply.github.com> Mon Dec 19 11:02:55 2022 -0300
tree: 346846f1bbf74cd235cbe96e2691aeb44b072e99
parent: 421730e846259afcb54fcca3f8f6fcf8eb26c3be [diff]
diff --git a/boot/espressif/port/esp32/bootloader.conf b/boot/espressif/port/esp32/bootloader.conf
index 67a4d14..8f555ec 100644
--- a/boot/espressif/port/esp32/bootloader.conf
+++ b/boot/espressif/port/esp32/bootloader.conf

@@ -12,6 +12,12 @@
 CONFIG_ESP_SCRATCH_OFFSET=0x210000
 CONFIG_ESP_SCRATCH_SIZE=0x40000
 
+# When enabled, prevents updating image to an older version
+# CONFIG_ESP_DOWNGRADE_PREVENTION=y
+# This option makes downgrade prevention rely also on security
+# counter (defined using imgtool) instead of only image version
+# CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=y
+
 # Enables the MCUboot Serial Recovery, that allows the use of
 # MCUMGR to upload a firmware through the serial port
 # CONFIG_ESP_MCUBOOT_SERIAL=y

diff --git a/boot/espressif/port/esp32c3/bootloader.conf b/boot/espressif/port/esp32c3/bootloader.conf
index 1abbd1d..88954ee 100644
--- a/boot/espressif/port/esp32c3/bootloader.conf
+++ b/boot/espressif/port/esp32c3/bootloader.conf

@@ -12,6 +12,12 @@
 CONFIG_ESP_SCRATCH_OFFSET=0x210000
 CONFIG_ESP_SCRATCH_SIZE=0x40000
 
+# When enabled, prevents updating image to an older version
+# CONFIG_ESP_DOWNGRADE_PREVENTION=y
+# This option makes downgrade prevention rely also on security
+# counter (defined using imgtool) instead of only image version
+# CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=y
+
 # Enables the MCUboot Serial Recovery, that allows the use of
 # MCUMGR to upload a firmware through the serial port
 # CONFIG_ESP_MCUBOOT_SERIAL=y

diff --git a/boot/espressif/port/esp32s2/bootloader.conf b/boot/espressif/port/esp32s2/bootloader.conf
index de969f4..485ba77 100644
--- a/boot/espressif/port/esp32s2/bootloader.conf
+++ b/boot/espressif/port/esp32s2/bootloader.conf

@@ -12,6 +12,12 @@
 CONFIG_ESP_SCRATCH_OFFSET=0x210000
 CONFIG_ESP_SCRATCH_SIZE=0x40000
 
+# When enabled, prevents updating image to an older version
+# CONFIG_ESP_DOWNGRADE_PREVENTION=y
+# This option makes downgrade prevention rely also on security
+# counter (defined using imgtool) instead of only image version
+# CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=y
+
 # Enables the MCUboot Serial Recovery, that allows the use of
 # MCUMGR to upload a firmware through the serial port
 # CONFIG_ESP_MCUBOOT_SERIAL=y

diff --git a/boot/espressif/port/esp32s3/bootloader.conf b/boot/espressif/port/esp32s3/bootloader.conf
index 630091d..138737d 100644
--- a/boot/espressif/port/esp32s3/bootloader.conf
+++ b/boot/espressif/port/esp32s3/bootloader.conf

@@ -12,6 +12,12 @@
 CONFIG_ESP_SCRATCH_OFFSET=0x210000
 CONFIG_ESP_SCRATCH_SIZE=0x40000
 
+# When enabled, prevents updating image to an older version
+# CONFIG_ESP_DOWNGRADE_PREVENTION=y
+# This option makes downgrade prevention rely also on security
+# counter (defined using imgtool) instead of only image version
+# CONFIG_ESP_DOWNGRADE_PREVENTION_SECURITY_COUNTER=y
+
 # Enables multi image, if it is not defined, it is assumed
 # only one updatable image
 # CONFIG_ESP_IMAGE_NUMBER=2
commit	84da51b646ed4ca13729ac79edc27fe8e0f973bd	[log] [tgz]
author	Almir Okato <almir.okato@espressif.com>	Fri Nov 25 01:25:41 2022 -0300
committer	Gustavo Henrique Nihei <38959758+gustavonihei@users.noreply.github.com>	Mon Dec 19 11:02:55 2022 -0300
tree	346846f1bbf74cd235cbe96e2691aeb44b072e99
parent	421730e846259afcb54fcca3f8f6fcf8eb26c3be [diff]