Home Esplora Aiuto
Accedi
RT-Thread-packages
/
esp-idf
mirror da https://github-proxy.rt-thread.io/RT-Thread-packages/esp-idf.git
2
0
Forka 0
File Problemi 0 Wiki
Sfoglia il codice sorgente

secure_boot: Fix warning when UART ROM DL mode is disabled
*Additionally use updated calls to enable rom secure download mode

Aditya Patwardhan 4 anni fa
parent
704994785a
commit
be65338212
6 ha cambiato i file con 68 aggiunte e 12 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 1 1
      components/bootloader_support/src/esp32/secure_boot_secure_features.c
  2. 13 2
      components/bootloader_support/src/esp32c3/secure_boot_secure_features.c
  3. 15 3
      components/bootloader_support/src/esp32h2/secure_boot.c
  4. 13 2
      components/bootloader_support/src/esp32s2/secure_boot_secure_features.c
  5. 13 2
      components/bootloader_support/src/esp32s3/secure_boot_secure_features.c
  6. 13 2
      components/bootloader_support/src/esp8684/secure_boot_secure_features.c

+ 1 - 1
components/bootloader_support/src/esp32/secure_boot_secure_features.c
Vedi File 

@@ -79,7 +79,7 @@ esp_err_t esp_secure_boot_enable_secure_features(void)
 
         return err;
 
     }
 
 #else
 
-    ESP_LOGW(TAG, "Not disabling ROM Download mode - SECURITY COMPROMISED");
 
+    ESP_LOGW(TAG, "UART ROM Download mode kept enabled - SECURITY COMPROMISED");
 
 #endif
 
 
 #ifndef CONFIG_SECURE_BOOT_V2_ALLOW_EFUSE_RD_DIS

+ 13 - 2
components/bootloader_support/src/esp32c3/secure_boot_secure_features.c
Vedi File 

@@ -20,9 +20,20 @@ esp_err_t esp_secure_boot_enable_secure_features(void)
 
 
 #ifdef CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE
 
     ESP_LOGI(TAG, "Enabling Security download mode...");
 
-    esp_efuse_write_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD);
 
+    esp_err_t err = esp_efuse_enable_rom_secure_download_mode();
 
+    if (err != ESP_OK) {
 
+        ESP_LOGE(TAG, "Could not enable Security download mode...");
 
+        return err;
 
+    }
 
+#elif CONFIG_SECURE_DISABLE_ROM_DL_MODE
 
+    ESP_LOGI(TAG, "Disable ROM Download mode...");
 
+    esp_err_t err = esp_efuse_disable_rom_download_mode();
 
+    if (err != ESP_OK) {
 
+        ESP_LOGE(TAG, "Could not disable ROM Download mode...");
 
+        return err;
 
+    }
 
 #else
 
-    ESP_LOGW(TAG, "Not enabling Security download mode - SECURITY COMPROMISED");
 
+    ESP_LOGW(TAG, "UART ROM download mode kept enabled - SECURITY COMPROMISED");
 
 #endif
 
 
 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG

+ 15 - 3
components/bootloader_support/src/esp32h2/secure_boot.c
Vedi File 

@@ -250,11 +250,23 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag
 
 
     esp_efuse_write_field_bit(ESP_EFUSE_DIS_LEGACY_SPI_BOOT);
 
 
+    esp_err_t err = ESP_FAIL;
 
 #ifdef CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE
 
     ESP_LOGI(TAG, "Enabling Security download mode...");
 
-    esp_efuse_write_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD);
 
+    err = esp_efuse_enable_rom_secure_download_mode();
 
+    if (err != ESP_OK) {
 
+        ESP_LOGE(TAG, "Could not enable Security download mode...");
 
+        return err;
 
+    }
 
+#elif CONFIG_SECURE_DISABLE_ROM_DL_MODE
 
+    ESP_LOGI(TAG, "Disable ROM Download mode...");
 
+    err = esp_efuse_disable_rom_download_mode();
 
+    if (err != ESP_OK) {
 
+        ESP_LOGE(TAG, "Could not disable ROM Download mode...");
 
+        return err;
 
+    }
 
 #else
 
-    ESP_LOGW(TAG, "Not enabling Security download mode - SECURITY COMPROMISED");
 
+    ESP_LOGW(TAG, "UART download mode kept enabled - SECURITY COMPROMISED");
 
 #endif
 
 
 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG
 
@@ -272,7 +284,7 @@ esp_err_t esp_secure_boot_v2_permanently_enable(const esp_image_metadata_t *imag
 
 
     esp_efuse_write_field_bit(ESP_EFUSE_SECURE_BOOT_EN);
 
 
-    esp_err_t err = esp_efuse_batch_write_commit();
 
+    err = esp_efuse_batch_write_commit();
 
     if (err != ESP_OK) {
 
         ESP_LOGE(TAG, "Error programming security eFuses (err=0x%x).", err);
 
         return err;

+ 13 - 2
components/bootloader_support/src/esp32s2/secure_boot_secure_features.c
Vedi File 

@@ -21,9 +21,20 @@ esp_err_t esp_secure_boot_enable_secure_features(void)
 
 
 #ifdef CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE
 
     ESP_LOGI(TAG, "Enabling Security download mode...");
 
-    esp_efuse_write_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD);
 
+    esp_err_t err = esp_efuse_enable_rom_secure_download_mode();
 
+    if (err != ESP_OK) {
 
+        ESP_LOGE(TAG, "Could not enable Security download mode...");
 
+        return err;
 
+    }
 
+#elif CONFIG_SECURE_DISABLE_ROM_DL_MODE
 
+    ESP_LOGI(TAG, "Disable ROM Download mode...");
 
+    esp_err_t err = esp_efuse_disable_rom_download_mode();
 
+    if (err != ESP_OK) {
 
+        ESP_LOGE(TAG, "Could not disable ROM Download mode...");
 
+        return err;
 
+    }
 
 #else
 
-    ESP_LOGW(TAG, "Not enabling Security download mode - SECURITY COMPROMISED");
 
+    ESP_LOGW(TAG, "UART ROM download mode kept enabled - SECURITY COMPROMISED");
 
 #endif
 
 
 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG

+ 13 - 2
components/bootloader_support/src/esp32s3/secure_boot_secure_features.c
Vedi File 

@@ -20,9 +20,20 @@ esp_err_t esp_secure_boot_enable_secure_features(void)
 
 
 #ifdef CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE
 
     ESP_LOGI(TAG, "Enabling Security download mode...");
 
-    esp_efuse_write_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD);
 
+    esp_err_t err = esp_efuse_enable_rom_secure_download_mode();
 
+    if (err != ESP_OK) {
 
+        ESP_LOGE(TAG, "Could not enable Security download mode...");
 
+        return err;
 
+    }
 
+#elif CONFIG_SECURE_DISABLE_ROM_DL_MODE
 
+    ESP_LOGI(TAG, "Disable ROM Download mode...");
 
+    esp_err_t err = esp_efuse_disable_rom_download_mode();
 
+    if (err != ESP_OK) {
 
+        ESP_LOGE(TAG, "Could not disable ROM Download mode...");
 
+        return err;
 
+    }
 
 #else
 
-    ESP_LOGW(TAG, "Not enabling Security download mode - SECURITY COMPROMISED");
 
+    ESP_LOGW(TAG, "UART ROM download mode kept enabled - SECURITY COMPROMISED");
 
 #endif
 
 
 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG

+ 13 - 2
components/bootloader_support/src/esp8684/secure_boot_secure_features.c
Vedi File 

@@ -20,9 +20,20 @@ esp_err_t esp_secure_boot_enable_secure_features(void)
 
 
 #ifdef CONFIG_SECURE_ENABLE_SECURE_ROM_DL_MODE
 
     ESP_LOGI(TAG, "Enabling Security download mode...");
 
-    esp_efuse_write_field_bit(ESP_EFUSE_ENABLE_SECURITY_DOWNLOAD);
 
+    esp_err_t err = esp_efuse_enable_rom_secure_download_mode();
 
+    if (err != ESP_OK) {
 
+        ESP_LOGE(TAG, "Could not enable Security download mode...");
 
+        return err;
 
+    }
 
+#elif CONFIG_SECURE_DISABLE_ROM_DL_MODE
 
+    ESP_LOGI(TAG, "Disable ROM Download mode...");
 
+    esp_err_t err = esp_efuse_disable_rom_download_mode();
 
+    if (err != ESP_OK) {
 
+        ESP_LOGE(TAG, "Could not disable ROM Download mode...");
 
+        return err;
 
+    }
 
 #else
 
-    ESP_LOGW(TAG, "Not enabling Security download mode - SECURITY COMPROMISED");
 
+    ESP_LOGW(TAG, "UART ROM download mode kept enabled - SECURITY COMPROMISED");
 
 #endif
 
 
 #ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG