|
|
@@ -287,11 +287,23 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag
|
|
|
esp_efuse_write_field_bit(ESP_EFUSE_DIS_BOOT_REMAP);
|
|
|
esp_efuse_write_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT);
|
|
|
|
|
|
+ esp_err_t err = ESP_FAIL;
|
|
|
#ifdef CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE
|
|
|
ESP_LOGI(TAG, "Enabling Security download mode...");
|
|
|
- esp_efuse_write_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD);
|
|
|
+ err = esp_efuse_enable_rom_secure_download_mode();
|
|
|
+ if (err != ESP_OK) {
|
|
|
+ ESP_LOGE(TAG, "Could not enable Security download mode...");
|
|
|
+ return err;
|
|
|
+ }
|
|
|
+#elif CONFIG_SECURE_DISABLE_ROM_DL_MODE
|
|
|
+ ESP_LOGI(TAG, "Disable ROM Download mode...");
|
|
|
+ err = esp_efuse_disable_rom_download_mode();
|
|
|
+ if (err != ESP_OK) {
|
|
|
+ ESP_LOGE(TAG, "Could not disable ROM Download mode...");
|
|
|
+ return err;
|
|
|
+ }
|
|
|
#else
|
|
|
- ESP_LOGW(TAG, "Not enabling Security download mode - SECURITY COMPROMISED");
|
|
|
+ ESP_LOGW(TAG, "UART ROM Download mode kept enabled - SECURITY COMPROMISED");
|
|
|
#endif
|
|
|
|
|
|
#ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG
|
Mahavir Jain