Add proper bootloader code

components/bootloader/Makefile.projbuild

+# Bootloader component (top-level project parts)
+#
+# The bootloader is not a real component that gets linked into the project.
+# Instead it is an entire standalone project (in subproject/) that gets
+# built in the upper project's build directory. This Makefile.projbuild provides
+# the glue to build the bootloader project from the original project. It
+# basically runs Make in the subproject/ directory but it needs to
+# zero some variables the ESP-IDF project.mk makefile exports first, to not
+# let them interfere.
+#
+BOOTLOADER_COMPONENT_PATH := $(COMPONENT_PATH)
+BOOTLOADER_BUILD_DIR=$(abspath $(BUILD_DIR_BASE)/bootloader)
+BOOTLOADER_BIN=$(BOOTLOADER_BUILD_DIR)/bootloader.bin
+
+# signing key path is resolved relative to the project directory
+CONFIG_SECURE_BOOT_SIGNING_KEY ?=
+SECURE_BOOT_SIGNING_KEY=$(abspath $(call dequote,$(CONFIG_SECURE_BOOT_SIGNING_KEY)))
+export SECURE_BOOT_SIGNING_KEY  # used by bootloader_support component
+
+# Has a matching value in bootloader_support esp_flash_partitions.h
+BOOTLOADER_OFFSET := 0x1000
+
+# Custom recursive make for bootloader sub-project
+#
+# NB: Some variables are cleared in the environment, not
+# overriden, because they need to be re-defined in the child
+# project.
+BOOTLOADER_MAKE= +\
+	PROJECT_PATH= \
+	COMPONENT_DIRS= \
+	$(MAKE) -C $(BOOTLOADER_COMPONENT_PATH)/subproject \
+	V=$(V) \
+	BUILD_DIR_BASE=$(BOOTLOADER_BUILD_DIR) \
+	TEST_COMPONENTS= \
+	TESTS_ALL=
+
+.PHONY: bootloader-clean bootloader-flash bootloader-list-components bootloader $(BOOTLOADER_BIN)
+
+$(BOOTLOADER_BIN): $(SDKCONFIG_MAKEFILE)
+	$(BOOTLOADER_MAKE) $@
+
+clean: bootloader-clean
+
+bootloader-list-components:
+	$(BOOTLOADER_MAKE) list-components
+
+ifndef CONFIG_SECURE_BOOT_ENABLED
+# If secure boot disabled, bootloader flashing is integrated
+# with 'make flash' and no warnings are printed.
+
+bootloader: $(BOOTLOADER_BIN)
+	@echo $(SEPARATOR)
+	@echo "Bootloader built. Default flash command is:"
+	@echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $^"
+
+ESPTOOL_ALL_FLASH_ARGS += $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)
+
+bootloader-flash: $(BOOTLOADER_BIN) $(call prereq_if_explicit,erase_flash)
+	$(ESPTOOLPY_WRITE_FLASH) 0x1000 $^
+
+else ifdef CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH
+
+# One time flashing requires user to run esptool.py command themselves,
+# and warning is printed about inability to reflash.
+#
+# The flashing command is deliberately printed without an auto-reset
+# step, so the device doesn't immediately reset to flash itself.
+
+bootloader: $(BOOTLOADER_BIN)
+	@echo $(SEPARATOR)
+	@echo "Bootloader built. One-time flash command is:"
+	@echo "$(subst hard_reset,no_reset,$(ESPTOOLPY_WRITE_FLASH)) $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)"
+	@echo $(SEPARATOR)
+	@echo "* IMPORTANT: After first boot, BOOTLOADER CANNOT BE RE-FLASHED on same device"
+
+else ifdef CONFIG_SECURE_BOOTLOADER_REFLASHABLE
+# Reflashable secure bootloader
+# generates a digest binary (bootloader + digest)
+
+BOOTLOADER_DIGEST_BIN := $(BOOTLOADER_BUILD_DIR)/bootloader-reflash-digest.bin
+SECURE_BOOTLOADER_KEY := $(BOOTLOADER_BUILD_DIR)/secure-bootloader-key.bin
+
+ifdef CONFIG_SECURE_BOOT_BUILD_SIGNED_BINARIES
+$(SECURE_BOOTLOADER_KEY): $(SECURE_BOOT_SIGNING_KEY)
+	$(ESPSECUREPY) digest_private_key -k $< $@
+else
+$(SECURE_BOOTLOADER_KEY):
+	@echo "No pre-generated key for a reflashable secure bootloader is available, due to signing configuration."
+	@echo "To generate one, you can use this command:"
+	@echo "espsecure.py generate_flash_encryption_key $@"
+	@echo "then re-run make."
+	exit 1
+endif
+
+bootloader: $(BOOTLOADER_DIGEST_BIN)
+	@echo $(SEPARATOR)
+	@echo "Bootloader built and secure digest generated. First time flash command is:"
+	@echo "$(ESPEFUSEPY) burn_key secure_boot $(SECURE_BOOTLOADER_KEY)"
+	@echo "$(ESPTOOLPY_WRITE_FLASH) $(BOOTLOADER_OFFSET) $(BOOTLOADER_BIN)"
+	@echo $(SEPARATOR)
+	@echo "To reflash the bootloader after initial flash:"
+	@echo "$(ESPTOOLPY_WRITE_FLASH) 0x0 $(BOOTLOADER_DIGEST_BIN)"
+	@echo $(SEPARATOR)
+	@echo "* After first boot, only re-flashes of this kind (with same key) will be accepted."
+	@echo "* Not recommended to re-use the same secure boot keyfile on multiple production devices."
+
+$(BOOTLOADER_DIGEST_BIN): $(BOOTLOADER_BIN) $(SECURE_BOOTLOADER_KEY)
+	@echo "DIGEST $(notdir $@)"
+	$(Q) $(ESPSECUREPY) digest_secure_bootloader -k $(SECURE_BOOTLOADER_KEY) -o $@ $<
+
+else # CONFIG_SECURE_BOOT_ENABLED && !CONFIG_SECURE_BOOTLOADER_REFLASHABLE && !CONFIG_SECURE_BOOTLOADER_ONE_TIME_FLASH
+bootloader:
+	@echo "Invalid bootloader target: bad sdkconfig?"
+	@exit 1
+endif
+
+ifndef CONFIG_SECURE_BOOT_ENABLED
+# don't build bootloader by default is secure boot is enabled
+all_binaries: $(BOOTLOADER_BIN)
+endif
+
+bootloader-clean: $(SDKCONFIG_MAKEFILE)
+	$(BOOTLOADER_MAKE) app-clean
+ifdef CONFIG_SECURE_BOOTLOADER_REFLASHABLE
+	rm -f $(SECURE_BOOTLOADER_KEY) $(BOOTLOADER_DIGEST_BIN)
+endif

components/bootloader/component.mk

+# bootloader component is special, as bootloader is also a project.
+#
+# This top-level component is only configuration files for the IDF project.
+#
+# See Makefile.projbuild for the targets which actually build the bootloader.
+COMPONENT_CONFIG_ONLY := 1
+

components/bootloader/subproject/.gitignore

+build
+sdkconfig

components/bootloader/subproject/Makefile

+#
+# This is a project Makefile. It is assumed the directory this Makefile resides in is a
+# project subdirectory.
+#
+ifeq ("$(MAKELEVEL)","0")
+$(error Bootloader makefile expects to be run as part of 'make bootloader' from a top-level project.)
+endif
+
+PROJECT_NAME := bootloader
+
+COMPONENTS := esptool_py bootloader_support log spi_flash micro-ecc soc main
+
+# Clear C and CXX from top level project
+CFLAGS =
+CXXFLAGS =
+
+#We cannot include the esp32 component directly but we need its includes.
+CFLAGS += -I $(IDF_PATH)/components/esp32/include
+
+# The bootloader pseudo-component is also included in this build, for its Kconfig.projbuild to be included.
+#
+# IS_BOOTLOADER_BUILD tells the component Makefile.projbuild to be a no-op
+IS_BOOTLOADER_BUILD := 1
+export IS_BOOTLOADER_BUILD
+
+# BOOTLOADER_BUILD macro is the same, for source file changes
+CFLAGS += -D BOOTLOADER_BUILD=1
+
+# include the top-level "project" include directory, for sdkconfig.h
+CFLAGS += -I$(BUILD_DIR_BASE)/../include
+
+include $(IDF_PATH)/make/project.mk

components/bootloader/subproject/main/Makefile.projbuild

+# Submodules normally added in component.mk, but fully qualified
+# paths can be added at this level (we need binary librtc to be
+# available to link bootloader).
+COMPONENT_SUBMODULES += $(IDF_PATH)/components/esp32/lib

components/bootloader/subproject/main/bootloader_start.c

+// Copyright 2015-2016 Espressif Systems (Shanghai) PTE LTD
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+#include <string.h>
+#include <stdint.h>
+#include <stdbool.h>
+
+#include "esp_log.h"
+#include "rom/gpio.h"
+#include "bootloader_config.h"
+#include "bootloader_init.h"
+#include "bootloader_utility.h"
+#include "bootloader_common.h"
+#include "sdkconfig.h"
+#include "esp_image_format.h"
+
+static const char* TAG = "boot";
+
+static esp_err_t select_image (esp_image_metadata_t *image_data);
+static int selected_boot_partition(const bootloader_state_t *bs);
+/*
+ * We arrive here after the ROM bootloader finished loading this second stage bootloader from flash.
+ * The hardware is mostly uninitialized, flash cache is down and the app CPU is in reset.
+ * We do have a stack, so we can do the initialization in C.
+ */
+void call_start_cpu0()
+{
+    // 1. Hardware initialization
+    if(bootloader_init() != ESP_OK){
+        return;
+    }
+
+    // 2. Select image to boot
+    esp_image_metadata_t image_data;
+    if(select_image(&image_data) != ESP_OK){
+        return;
+    }
+
+    // 3. Loading the selected image
+    bootloader_utility_load_image(&image_data);
+}
+
+// Selects image to boot
+static esp_err_t select_image (esp_image_metadata_t *image_data)
+{
+    // 1. Load partition table
+    bootloader_state_t bs = { 0 };
+    if (!bootloader_utility_load_partition_table(&bs)) {
+        ESP_LOGE(TAG, "load partition table error!");
+        return ESP_FAIL;
+    }
+
+    // 2. Select boot partition
+    int boot_index = selected_boot_partition(&bs);
+    if(boot_index == INVALID_INDEX) {
+        return ESP_FAIL; // Unrecoverable failure (not due to corrupt ota data or bad partition contents)
+    }
+
+    // 3. Load the app image for booting
+    if (!bootloader_utility_load_boot_image(&bs, boot_index, image_data)) {
+        return ESP_FAIL;
+    }
+    return ESP_OK;
+}
+
+/*
+ * Selects a boot partition.
+ * The conditions for switching to another firmware are checked.
+ */
+static int selected_boot_partition(const bootloader_state_t *bs)
+{
+    int boot_index = bootloader_utility_get_selected_boot_partition(bs);
+    if (boot_index == INVALID_INDEX) {
+        return boot_index; // Unrecoverable failure (not due to corrupt ota data or bad partition contents)
+    } else {
+        // Check for reset to the factory firmware or for launch OTA[x] firmware.
+        // Customer implementation.
+        // if (gpio_pin_1 == true && ...){
+        //     boot_index = required_boot_partition;
+        // } ...
+    }
+    return boot_index;
+}

components/bootloader/subproject/main/component.mk

+#
+# Main bootloader Makefile.
+#
+# This is basically the same as a component makefile, but in the case of the bootloader
+# we pull in bootloader-specific linker arguments.
+#
+
+LINKER_SCRIPTS := \
+	esp32.bootloader.ld \
+	$(IDF_PATH)/components/esp32/ld/esp32.rom.ld \
+	$(IDF_PATH)/components/esp32/ld/esp32.rom.spiram_incompatible_fns.ld \
+	$(IDF_PATH)/components/esp32/ld/esp32.peripherals.ld \
+	esp32.bootloader.rom.ld
+
+ifndef CONFIG_SPI_FLASH_ROM_DRIVER_PATCH
+LINKER_SCRIPTS += $(IDF_PATH)/components/esp32/ld/esp32.rom.spiflash.ld
+endif
+
+COMPONENT_ADD_LDFLAGS += -L $(COMPONENT_PATH) $(addprefix -T ,$(LINKER_SCRIPTS))
+
+COMPONENT_ADD_LINKER_DEPS := $(LINKER_SCRIPTS)

components/bootloader/subproject/main/esp32.bootloader.ld

+/*
+Linker file used to link the bootloader.
+*/
+
+
+/* Simplified memory map for the bootloader
+
+   The main purpose is to make sure the bootloader can load into main memory
+   without overwriting itself.
+*/
+MEMORY
+{
+  /* I/O */
+  dport0_seg (RW) :                 	org = 0x3FF00000, len = 0x10
+  /* IRAM POOL1, used for APP CPU cache. We can abuse it in bootloader because APP CPU is still held in reset, the main app enables APP CPU cache */
+  iram_seg (RWX) :           org = 0x40078000, len = 0x8000
+  /* 64k at the end of DRAM, after ROM bootloader stack */
+  dram_seg (RW) :                  	org = 0x3FFF0000, len = 0x10000
+}
+
+/*  Default entry point:  */
+ENTRY(call_start_cpu0);
+
+
+SECTIONS
+{
+  .iram1.text :
+  {
+    . = ALIGN (16);
+    *(.entry.text)
+    *(.init.literal)
+    *(.init)
+  } > iram_seg
+
+
+  /* Shared RAM */
+  .dram0.bss (NOLOAD) :
+  {
+    . = ALIGN (8);
+    _bss_start = ABSOLUTE(.);
+    *(.dynsbss)
+    *(.sbss)
+    *(.sbss.*)
+    *(.gnu.linkonce.sb.*)
+    *(.scommon)
+    *(.sbss2)
+    *(.sbss2.*)
+    *(.gnu.linkonce.sb2.*)
+    *(.dynbss)
+    *(.bss)
+    *(.bss.*)
+    *(.gnu.linkonce.b.*)
+    *(COMMON)
+    . = ALIGN (8);
+    _bss_end = ABSOLUTE(.);
+  } >dram_seg
+
+  .dram0.data :
+  {
+    _data_start = ABSOLUTE(.);
+    *(.data)
+    *(.data.*)
+    *(.gnu.linkonce.d.*)
+    *(.data1)
+    *(.sdata)
+    *(.sdata.*)
+    *(.gnu.linkonce.s.*)
+    *(.sdata2)
+    *(.sdata2.*)
+    *(.gnu.linkonce.s2.*)
+    *(.jcr)
+    _data_end = ABSOLUTE(.);
+  } >dram_seg
+
+  .dram0.rodata :
+  {
+    _rodata_start = ABSOLUTE(.);
+    *(.rodata)
+    *(.rodata.*)
+    *(.gnu.linkonce.r.*)
+    *(.rodata1)
+    __XT_EXCEPTION_TABLE_ = ABSOLUTE(.);
+    *(.xt_except_table)
+    *(.gcc_except_table)
+    *(.gnu.linkonce.e.*)
+    *(.gnu.version_r)
+    *(.eh_frame)
+    . = (. + 3) & ~ 3;
+    /*  C++ constructor and destructor tables, properly ordered:  */
+    __init_array_start = ABSOLUTE(.);
+    KEEP (*crtbegin.o(.ctors))
+    KEEP (*(EXCLUDE_FILE (*crtend.o) .ctors))
+    KEEP (*(SORT(.ctors.*)))
+    KEEP (*(.ctors))
+    __init_array_end = ABSOLUTE(.);
+    KEEP (*crtbegin.o(.dtors))
+    KEEP (*(EXCLUDE_FILE (*crtend.o) .dtors))
+    KEEP (*(SORT(.dtors.*)))
+    KEEP (*(.dtors))
+    /*  C++ exception handlers table:  */
+    __XT_EXCEPTION_DESCS_ = ABSOLUTE(.);
+    *(.xt_except_desc)
+    *(.gnu.linkonce.h.*)
+    __XT_EXCEPTION_DESCS_END__ = ABSOLUTE(.);
+    *(.xt_except_desc_end)
+    *(.dynamic)
+    *(.gnu.version_d)
+    _rodata_end = ABSOLUTE(.);
+	/* Literals are also RO data. */
+    _lit4_start = ABSOLUTE(.);
+    *(*.lit4)
+    *(.lit4.*)
+    *(.gnu.linkonce.lit4.*)
+    _lit4_end = ABSOLUTE(.);
+    . = ALIGN(4);
+    _heap_start = ABSOLUTE(.);
+  } >dram_seg
+
+  .iram.text :
+  {
+    _stext = .;
+    _text_start = ABSOLUTE(.);
+    *(.literal .text .literal.* .text.* .stub .gnu.warning .gnu.linkonce.literal.* .gnu.linkonce.t.*.literal .gnu.linkonce.t.*)
+    *(.iram1 .iram1.*) /* catch stray IRAM_ATTR */
+    *(.fini.literal)
+    *(.fini)
+    *(.gnu.version)
+    _text_end = ABSOLUTE(.);
+    _etext = .;
+  } > iram_seg
+
+}

components/bootloader/subproject/main/esp32.bootloader.rom.ld

+PROVIDE ( ets_update_cpu_frequency = 0x40008550 ); /* Updates g_ticks_per_us on the current CPU only; not on the other core */