|
|
@@ -320,6 +320,11 @@ menu "Security features"
|
|
|
select MBEDTLS_ECDSA_C
|
|
|
depends on SECURE_SIGNED_ON_BOOT || SECURE_SIGNED_ON_UPDATE
|
|
|
|
|
|
+ config SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
|
|
|
+ bool
|
|
|
+ default y
|
|
|
+ depends on IDF_TARGET_ESP32S2
|
|
|
+
|
|
|
|
|
|
config SECURE_SIGNED_APPS_NO_SECURE_BOOT
|
|
|
bool "Require signed app images"
|
|
|
@@ -587,7 +592,7 @@ menu "Security features"
|
|
|
|
|
|
config SECURE_FLASH_ENCRYPTION_MODE_RELEASE
|
|
|
bool "Release"
|
|
|
- select SECURE_ENABLE_SECURE_ROM_DL_MODE
|
|
|
+ select SECURE_ENABLE_SECURE_ROM_DL_MODE if SECURE_TARGET_HAS_SECURE_ROM_DL_MODE
|
|
|
|
|
|
endchoice
|
|
|
|
|
|
@@ -719,7 +724,7 @@ menu "Security features"
|
|
|
|
|
|
config SECURE_ENABLE_SECURE_ROM_DL_MODE
|
|
|
bool "Permanently switch to ROM UART Secure Download mode"
|
|
|
- depends on IDF_TARGET_ESP32S2 && !SECURE_DISABLE_ROM_DL_MODE
|
|
|
+ depends on SECURE_TARGET_HAS_SECURE_ROM_DL_MODE && !SECURE_DISABLE_ROM_DL_MODE
|
|
|
help
|
|
|
If set, during startup the app will burn an eFuse bit to permanently switch the UART ROM
|
|
|
Download Mode into a separate Secure Download mode. This option can only work if
|
Ivan Grokhotkov