Merge branch 'feat/secure_boot_ecdsa_p384' into 'master'

Support Secure Boot using ECDSA-P384 curve Closes IDF-10016, IDF-10221, and IDF-12990 See merge request espressif/esp-idf!38517
2025-08-23 17:24:44 +00:00 · 2025-07-24 11:59:59 +05:30
parent 1f82b347a6 b615ab5a40
commit 22adc7ed75
42 changed files with 1049 additions and 289 deletions
--- a/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in
+++ b/components/soc/esp32c5/include/soc/Kconfig.soc_caps.in
@@ -1119,6 +1119,10 @@ config SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP
    bool
    default y

+config SOC_ECDSA_SUPPORT_CURVE_P384
+    bool
+    default y
+
 config SOC_SDM_GROUPS
    int
    default 1
--- a/components/soc/esp32c5/include/soc/soc_caps.h
+++ b/components/soc/esp32c5/include/soc/soc_caps.h
@@ -442,6 +442,7 @@
 #define SOC_ECDSA_SUPPORT_EXPORT_PUBKEY     (1)
 #define SOC_ECDSA_SUPPORT_DETERMINISTIC_MODE   (1)
 #define SOC_ECDSA_SUPPORT_HW_DETERMINISTIC_LOOP (1)
+#define SOC_ECDSA_SUPPORT_CURVE_P384        (1)

 /*-------------------------- Sigma Delta Modulator CAPS -----------------*/
 #define SOC_SDM_GROUPS               1U
--- a/components/soc/esp32c5/register/soc/efuse_reg.h
+++ b/components/soc/esp32c5/register/soc/efuse_reg.h
@@ -2430,13 +2430,13 @@ extern "C" {
 #define EFUSE_XTS_DPA_CLK_ENABLE_ERR_M  (EFUSE_XTS_DPA_CLK_ENABLE_ERR_V << EFUSE_XTS_DPA_CLK_ENABLE_ERR_S)
 #define EFUSE_XTS_DPA_CLK_ENABLE_ERR_V  0x00000001U
 #define EFUSE_XTS_DPA_CLK_ENABLE_ERR_S  29
-/** EFUSE_ECDSA_P384_ENABLE_ERR : RO; bitpos: [31]; default: 0;
- *  Represents the programming error of EFUSE_ECDSA_P384_ENABLE
+/** EFUSE_SECURE_BOOT_SHA384_EN_ERR : RO; bitpos: [31]; default: 0;
+ *  Represents the programming error of EFUSE_SECURE_BOOT_SHA384_EN
 */
-#define EFUSE_ECDSA_P384_ENABLE_ERR    (BIT(31))
-#define EFUSE_ECDSA_P384_ENABLE_ERR_M  (EFUSE_ECDSA_P384_ENABLE_ERR_V << EFUSE_ECDSA_P384_ENABLE_ERR_S)
-#define EFUSE_ECDSA_P384_ENABLE_ERR_V  0x00000001U
-#define EFUSE_ECDSA_P384_ENABLE_ERR_S  31
+#define EFUSE_SECURE_BOOT_SHA384_EN_ERR    (BIT(31))
+#define EFUSE_SECURE_BOOT_SHA384_EN_ERR_M  (EFUSE_SECURE_BOOT_SHA384_EN_ERR_V << EFUSE_SECURE_BOOT_SHA384_EN_ERR_S)
+#define EFUSE_SECURE_BOOT_SHA384_EN_ERR_V  0x00000001U
+#define EFUSE_SECURE_BOOT_SHA384_EN_ERR_S  31

 /** EFUSE_RD_REPEAT_DATA_ERR4_REG register
 *  Represents rd_repeat_data_err
--- a/components/soc/esp32c5/register/soc/efuse_struct.h
+++ b/components/soc/esp32c5/register/soc/efuse_struct.h
@@ -1345,10 +1345,10 @@ typedef union {
         */
        uint32_t xts_dpa_clk_enable_err:1;
        uint32_t reserved_30:1;
-        /** ecdsa_p384_enable_err : RO; bitpos: [31]; default: 0;
-         *  Represents the programming error of EFUSE_ECDSA_P384_ENABLE
+        /** secure_boot_sha384_en_err : RO; bitpos: [31]; default: 0;
+         *  Represents the programming error of EFUSE_SECURE_BOOT_SHA384_EN
         */
-        uint32_t ecdsa_p384_enable_err:1;
+        uint32_t secure_boot_sha384_en_err:1;
    };
    uint32_t val;
 } efuse_rd_repeat_data_err3_reg_t;