To run esp privilege separation, have to update esp-idf to v4.4.2.
This kernel-user application was announced several months ago. Just notice it today. It adds to another new option for WM.
$ cd $IDF_PATH
$ git fetch
$ git checkout v4.4.2
$ git submodule update --init --recursive
$ ./install.sh
$ . ./export.sh
After the update, have to patch esp-idf for esp-privilege-separation.
$ cd $IDF_PATH
$ git apply -v ../esp-privilege-separation/idf-patches/privilege-separation_support_v4.4.2.patch
Then run the blink example inside esp-privilege-separation repo.
$ idf.py set-target esp32c3
$ idf.py menuconfig
$ idf.py build
$ idf.py -p /dev/tty.SLAB_USBtoUART flash monitor
Here is the log.
--- WARNING: Serial ports accessed as /dev/tty.* will hang gdb if launched.
--- Using /dev/cu.usbmodem101 instead...
--- idf_monitor on /dev/cu.usbmodem101 115200 ---
--- Quit: Ctrl+] | Menu: Ctrl+T | Help: Ctrl+T followed by Ctrl+H ---
ESP-ROM:esp32c3-api1-20210207
Build:Feb 7 2021
rst:0x15 (USB_UART_CHIP_RESET),boot:0x8 (SPI_FAST_FLASH_BOOT)
Saved PC:0x4005882a
SPIWP:0xee
mode:DIO, clock div:1
load:0x3fcd6100,len:0x16bc
load:0x403ce000,len:0x930
load:0x403d0000,len:0x2d28
entry 0x403ce000
I (24) boot: ESP-IDF v4.4.2-dirty 2nd stage bootloader
I (24) boot: compile time 09:33:32
I (25) boot: chip revision: 3
I (27) boot.esp32c3: SPI Speed : 80MHz
I (31) boot.esp32c3: SPI Mode : DIO
I (36) boot.esp32c3: SPI Flash Size : 4MB
I (41) boot: Enabling RNG early entropy source...
I (46) boot: Partition Table:
I (50) boot: ## Label Usage Type ST Offset Length
I (57) boot: 0 nvs WiFi data 01 02 00009000 00006000
I (64) boot: 1 phy_init RF data 01 01 0000f000 00001000
I (72) boot: 2 factory factory app 00 00 00010000 00100000
I (79) boot: 3 user_app Unknown app 00 40 00110000 00080000
I (87) boot: End of partition table
I (91) esp_image: segment 0: paddr=00010020 vaddr=3c0b0020 size=2d4f0h (185584) map
I (129) esp_image: segment 1: paddr=0003d518 vaddr=3fc8fe00 size=02b00h ( 11008) load
I (131) esp_image: segment 2: paddr=00040020 vaddr=42000020 size=a1b04h (662276) map
I (238) esp_image: segment 3: paddr=000e1b2c vaddr=3fc92900 size=00068h ( 104) load
I (238) esp_image: segment 4: paddr=000e1b9c vaddr=40380000 size=0fd64h ( 64868) load
I (255) esp_image: segment 5: paddr=000f1908 vaddr=50000010 size=00010h ( 16) load
I (261) boot: Loaded app from partition at offset 0x10000
I (261) boot: Disabling RNG early entropy source...
I (276) cpu_start: Pro cpu up.
I (284) cpu_start: Pro cpu start user code
I (284) cpu_start: cpu freq: 160000000
I (284) cpu_start: Application information:
I (287) cpu_start: Project name: blink
I (292) cpu_start: App version: 2d67bd6
I (297) cpu_start: Compile time: Sep 26 2022 09:33:28
I (303) cpu_start: ELF file SHA256: 730e0f4a5f5b49bc...
I (309) cpu_start: ESP-IDF: v4.4.2-dirty
I (314) heap_init: Initializing. RAM available for dynamic allocation:
I (321) heap_init: At 3FC97120 len 00028EE0 (163 KiB): D/IRAM
I (328) heap_init: At 3FCC0000 len 00006000 (24 KiB): STACK/DRAM
I (334) heap_init: At 3FCDF000 len 00000060 (0 KiB): STACK/DRAM
I (341) heap_init: At 50000020 len 00001FE0 (7 KiB): RTCRAM
I (348) spi_flash: detected chip: generic
I (352) spi_flash: flash io: dio
I (356) sleep: Configure to isolate all GPIO pins in sleep state
I (363) sleep: Enable automatic switching of GPIO sleep configuration
I (370) cpu_start: Starting scheduler.
W (375) ota_utils: User otadata partition not Found
I (375) esp_priv_access_image_utility: Section loading at vaddr:0x3fcc6000 paddr:0x111cac (20)
I (385) esp_priv_access_image_utility: Section loading at vaddr:0x40380000 paddr:0x111cc8 (1924)
I (395) esp_priv_access_image_utility: Mapping segment 0 as DROM
I (405) esp_priv_access_image_utility: Mapping segment 4 as IROM
W (405) ota_utils: User otadata partition not Found
I (415) esp_syscall_spawn_user_task: User entry point: 0x424009a8
I (475) heap_init: Initializing. RAM available for dynamic allocation:
I (475) heap_init: At 3FCC6FC0 len 00018040 (96 KiB): DRAM
I (485) user_console: Registering command: protected-mem-dump
I (485) user_console: Registering command: user-mem-dump
I (445) gpio: GPIO[10]| InputEn: 0| OutputEn: 1| OpenDrain: 0| Pullup: 0| Pulldown: 0| Intr:0
I (455) gpio: GPIO[2]| InputEn: 0| OutputEn: 1| OpenDrain: 0| Pullup: 0| Pulldown: 0| Intr:0
I (465) gpio: GPIO[9]| InputEn: 1| OutputEn: 0| OpenDrain: 0| Pullup: 1| Pulldown: 0| Intr:2
I (525) user_console: Initialising UART on port 0
I (475) uart: queue free spaces: 8
Hello from protected environment
Hello from protected environment
Hello from protected environment
Done