The ESP32-C3 is an ultra-low-power and highly integrated SoC with a RISC-Vcore and supports 2.4 GHz Wi-Fi and Bluetooth Low Energy.
Address Space- 800 KB of internal memory address space accessed from the instruction bus- 560 KB of internal memory address space accessed from the data bus- 1016 KB of peripheral address space- 8 MB of external memory virtual address space accessed from the instruction bus- 8 MB of external memory virtual address space accessed from the data bus- 480 KB of internal DMA address space
Internal Memory- 384 KB ROM- 400 KB SRAM (16 KB can be configured as Cache)- 8 KB of SRAM in RTC
External Memory- Up to 16 MB of external flash
Peripherals- 35 peripherals
GDMA- 7 modules are capable of DMA operations.
ESP32-C3 Toolchain
A generic RISC-V toolchain can be used to build ESP32-C3 projects. It’s recommended to use the sametoolchain used by NuttX CI. Please refer to the Dockercontainer andcheck for the current compiler version being used. For instance:
################################################################################ Build image for tool required by RISCV builds###############################################################################FROM nuttx-toolchain-base AS nuttx-toolchain-riscv# Download the latest RISCV GCC toolchain prebuilt by xPackRUN mkdir riscv-none-elf-gcc && \curl -s -L "https://github.com/xpack-dev-tools/riscv-none-elf-gcc-xpack/releases/download/v12.3.0-2/xpack-riscv-none-elf-gcc-12.3.0-2-linux-x64.tar.gz" \| tar -C riscv-none-elf-gcc --strip-components 1 -xz
It uses the xPack’s prebuilt toolchain based on GCC 12.3.0.
Installing
First, create a directory to hold the toolchain:
$ mkdir -p /path/to/your/toolchain/riscv-none-elf-gcc
Download and extract toolchain:
$ curl -s -L "https://github.com/xpack-dev-tools/riscv-none-elf-gcc-xpack/releases/download/v12.3.0-2/xpack-riscv-none-elf-gcc-12.3.0-2-linux-x64.tar.gz" \| tar -C /path/to/your/toolchain/riscv-none-elf-gcc --strip-components 1 -xz
Add the toolchain to your PATH:
$ echo "export PATH=/path/to/your/toolchain/riscv-none-elf-gcc/bin:$PATH" >> ~/.bashrc
You can edit your shell’s rc files if you don’t use bash.
Second stage bootloader and partition table
The NuttX port for now relies on IDF’s second stage bootloader to carry on some hardwareinitializations. The binaries for the bootloader and the partition table can be found inthis repository: https://github.com/espressif/esp-nuttx-bootloaderThat repository contains a dummy IDF project that’s used to build the bootloader andpartition table, these are then presented as Github assets and can be downloadedfrom: https://github.com/espressif/esp-nuttx-bootloader/releasesDownload bootloader-esp32c3.bin
and partition-table-esp32c3.bin
and place themin a folder, the path to this folder will be used later to program them. Thiscan be: ../esp-bins
Building and flashing
First make sure that esptool.py
is installed. This tool is used to convertthe ELF to a compatible ESP32 image and to flash the image into the board.It can be installed with: pip install esptool
.
Configure the NuttX project: ./tools/configure.sh esp32c3-devkit:nsh
Run make
to build the project. Note that the conversion mentioned above isincluded in the build process.The esptool.py
command to flash all the binaries is:
esptool.py --chip esp32c3 --port /dev/ttyUSBXX --baud 921600 write_flash 0x0 bootloader.bin 0x8000 partition-table.bin 0x10000 nuttx.bin
However, this is also included in the build process and we can build and flash with:
make flash ESPTOOL_PORT=<port> ESPTOOL_BINDIR=../esp-bins
Where <port>
is typically /dev/ttyUSB0
or similar and ../esp-bins
isthe path to the folder containing the bootloader and the partition tablefor the ESP32-C3 as explained above.Note that this step is required only one time. Once the bootloader and partitiontable are flashed, we don’t need to flash them again. So subsequent buildswould just require: make flash ESPTOOL_PORT=/dev/ttyUSBXX
Debugging with OpenOCD
Download and build OpenOCD from Espressif, that can be found inhttps://github.com/espressif/openocd-esp32
If you have an ESP32-C3 ECO3, no external JTAG is required to debug, the ESP32-C3integrates a USB-to-JTAG adapter.
OpenOCD can then be used:
openocd -c 'set ESP_RTOS none' -f board/esp32c3-builtin.cfg
For versions prior to ESP32-C3 ECO3, an external JTAG adapter is needed.It can be connected as follows:
TMS -> GPIO4TDI -> GPIO5TCK -> GPIO6TDO -> GPIO7
Furthermore, an efuse needs to be burnt to be able to debug:
espefuse.py -p <port> burn_efuse DIS_USB_JTAG
OpenOCD can then be used:
openocd -c 'set ESP_RTOS none' -f board/esp32c3-ftdi.cfg
Peripheral Support
The following list indicates the state of peripherals’ support in NuttX:
Peripheral | Support | NOTES |
---|---|---|
ADC | Yes | |
AES | Yes | |
Bluetooth | Yes | |
CDC Console | Yes | Rev.3 |
DMA | Yes | |
eFuse | Yes | |
GPIO | Yes | |
I2C | Yes | |
LED_PWM | Yes | |
RNG | Yes | |
RSA | Yes | |
RTC | Yes | |
SHA | Yes | |
SPI | Yes | |
SPIFLASH | Yes | |
Timers | Yes | |
Touch | Yes | |
UART | Yes | |
Watchdog | Yes | |
Wifi | Yes |
Secure Boot and Flash Encryption
Secure Boot
Secure Boot protects a device from running any unauthorized (i.e., unsigned) code by checking thateach piece of software that is being booted is signed. On an ESP32-C3, these pieces of software includethe second stage bootloader and each application binary. Note that the first stage bootloader does notrequire signing as it is ROM code thus cannot be changed. This is achieved using specific hardware inconjunction with MCUboot (read more about MCUboot here).
The Secure Boot process on the ESP32-C3 involves the following steps performed:
The first stage bootloader verifies the second stage bootloader’s RSA-PSS signature. If the verification is successful,the first stage bootloader loads and executes the second stage bootloader.
When the second stage bootloader loads a particular application image, the application’s signature (RSA, ECDSA or ED25519) is verifiedby MCUboot.If the verification is successful, the application image is executed.
Warning
Once enabled, Secure Boot will not boot a modified bootloader. The bootloader will only boot anapplication firmware image if it has a verified digital signature. There are implications for reflashingupdated images once Secure Boot is enabled. You can find more information about the ESP32-C3’s Secure boothere.
Note
As the bootloader image is built on top of the Hardware Abstraction Layer componentof ESP-IDF, theAPI port by Espressif will be usedby MCUboot rather than the original NuttX port.
Flash Encryption
Flash encryption is intended for encrypting the contents of the ESP32-C3’s off-chip flash memory. Once this feature is enabled,firmware is flashed as plaintext, and then the data is encrypted in place on the first boot. As a result, physical readoutof flash will not be sufficient to recover most flash contents.
Warning
After enabling Flash Encryption, an encryption key is generated internally by the device andcannot be accessed by the user for re-encrypting data and re-flashing the system, hence it will be permanently encrypted.Re-flashing an encrypted system is complicated and not always possible. You can find more information about the ESP32-C3’s Flash Encryptionhere.
Prerequisites
First of all, we need to install imgtool
(a MCUboot utility application to manipulate binaryimages) and esptool
(the ESP32-C3 toolkit):
$ pip install imgtool esptool
We also need to make sure that the python modules are added to PATH
:
$ echo "PATH=$PATH:/home/$USER/.local/bin" >> ~/.bashrc
Now, we will create a folder to store the generated keys (such as ~/signing_keys
):
$ mkdir ~/signing_keys && cd ~/signing_keys
With all set up, we can now generate keys to sign the bootloader and application binary images,respectively, of the compiled project:
$ espsecure.py generate_signing_key --version 2 bootloader_signing_key.pem$ imgtool keygen --key app_signing_key.pem --type rsa-3072
Important
The contents of the key files must be stored securely and kept secret.
Enabling Secure Boot and Flash Encryption
To enable Secure Boot for the current project, go to the project’s NuttX directory, execute make menuconfig
and the following steps:
Enable experimental features in Build Setup ‣ Show experimental options;
Enable MCUboot in Application Configuration ‣ Bootloader Utilities ‣ MCUboot;
Change image type to
MCUboot-bootable format
in System Type ‣ Application Image Configuration ‣ Application Image Format;Enable building MCUboot from the source code by selecting
Build binaries from source
;in System Type ‣ Application Image Configuration ‣ Source for bootloader binaries;Enable Secure Boot in System Type ‣ Application Image Configuration ‣ Enable hardware Secure Boot in bootloader;
If you want to protect the SPI Bus against data sniffing, you can enable Flash Encryption inSystem Type ‣ Application Image Configuration ‣ Enable Flash Encryption on boot.
Now you can design an update and confirm agent to your application. Check the MCUboot design guide and theMCUboot Espressif port documentation formore information on how to apply MCUboot. Also check some notes about the NuttX MCUboot port,the MCUboot porting guide and someexamples of MCUboot applied in Nuttx applications.
After you developed an application which implements all desired functions, you need to flash it into the primary image slotof the device (it will automatically be in the confirmed state, you can learn more about imageconfirmation here).To flash to the primary image slot, select Application image primary slot
inSystem Type ‣ Application Image Configuration ‣ Target slot for image flashingand compile it using make -j ESPSEC_KEYDIR=~/signing_keys
.
When creating update images, make sure to change System Type ‣ Application Image Configuration ‣ Target slot for image flashingto Application image secondary slot
.
Important
When deploying your application, make sure to disable UART Download Mode by selecting Permanently disabled
inSystem Type ‣ Application Image Configuration ‣ UART ROM download modeand change usage mode to Release
in System Type –> Application Image Configuration –> Enable usage mode.After disabling UART Download Mode you will not be able to flash other images through UART.
Supported Boards
- esp32c3-devkit-rust-1
- ESP32-C3 DevKit