탐색 도움말
로그인
RT-Thread-packages
/
esp-idf
의 미러 https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
포크 0
파일 이슈 0 위키
소스 검색

bootloader: Fix warnings caused by security features

Closes: https://github.com/espressif/esp-idf/issues/6198
KonstantinKondrashov 5 년 전
부모
0382c2e04e
커밋
a8df2af065
1개의 변경된 파일15개의 추가작업 그리고 5개의 파일을 삭제
분할 보기 변경상태 보기
  1. 15 5
      components/bootloader/Kconfig.projbuild

+ 15 - 5
components/bootloader/Kconfig.projbuild
파일 보기 

@@ -334,6 +334,16 @@ menu "Security features"
 
         select MBEDTLS_ECDSA_C
 
         depends on SECURE_SIGNED_ON_BOOT || SECURE_SIGNED_ON_UPDATE
 
 
+    config SECURE_BOOT_SUPPORTS_RSA
 
+        bool
 
+        default y
 
+        depends on ESP32_REV_MIN_3 || IDF_TARGET_ESP32S2
 
+
 
+    config SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
 
+        bool
 
+        default y
 
+        depends on IDF_TARGET_ESP32S2
 
+
 
 
     config SECURE_SIGNED_APPS_NO_SECURE_BOOT
 
         bool "Require signed app images"
 
@@ -369,7 +379,7 @@ menu "Security features"
 
 
         config SECURE_SIGNED_APPS_RSA_SCHEME
 
             bool "RSA"
 
-            depends on (ESP32_REV_MIN_3 || IDF_TARGET_ESP32S2) && SECURE_BOOT_V2_ENABLED
 
+            depends on SECURE_BOOT_SUPPORTS_RSA && SECURE_BOOT_V2_ENABLED
 
             help
 
                 Appends the RSA-3072 based Signature block to the application.
 
                 Refer to <Secure Boot Version 2 documentation link> before enabling.
 
@@ -433,8 +443,8 @@ menu "Security features"
 
 
         config SECURE_BOOT_V2_ENABLED
 
             bool "Enable Secure Boot version 2"
 
-            depends on ESP32_REV_MIN_3 || IDF_TARGET_ESP32S2
 
-            select SECURE_ENABLE_SECURE_ROM_DL_MODE if IDF_TARGET_ESP32S2 && !SECURE_INSECURE_ALLOW_DL_MODE
 
+            depends on SECURE_BOOT_SUPPORTS_RSA
 
+            select SECURE_ENABLE_SECURE_ROM_DL_MODE if !IDF_TARGET_ESP32 && !SECURE_INSECURE_ALLOW_DL_MODE
 
             select SECURE_DISABLE_ROM_DL_MODE if ESP32_REV_MIN_3 && !SECURE_INSECURE_ALLOW_DL_MODE
 
             help
 
                 Build a bootloader which enables Secure Boot version 2 on first boot.
 
@@ -603,7 +613,7 @@ menu "Security features"
 
 
         config SECURE_FLASH_ENCRYPTION_MODE_RELEASE
 
             bool "Release"
 
-            select SECURE_ENABLE_SECURE_ROM_DL_MODE
 
+            select SECURE_ENABLE_SECURE_ROM_DL_MODE if SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
 
 
     endchoice
 
 
@@ -748,7 +758,7 @@ menu "Security features"
 
 
     config SECURE_ENABLE_SECURE_ROM_DL_MODE
 
         bool "Permanently switch to ROM UART Secure Download mode"
 
-        depends on IDF_TARGET_ESP32S2 && !SECURE_DISABLE_ROM_DL_MODE
 
+        depends on SECURE_TARGET_HAS_SECURE_ROM_DL_MODE && !SECURE_DISABLE_ROM_DL_MODE
 
         help
 
             If set, during startup the app will burn an eFuse bit to permanently switch the UART ROM
 
             Download Mode into a separate Secure Download mode. This option can only work if