alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-16 15:04:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

docs: add ECDSA peripheral chapter for H2/P4

Browse Source 
- Add ECDSA peripheral chapter and instructions to program efuse key block
- Update security guide for ECDSA peripheral mention for device identity
- Link with ESP-TLS guide about using ECDSA peripheral in TLS connection
This commit is contained in:
Mahavir Jain
2023-11-07 18:25:12 +05:30
parent f434d21f4a
commit 2882b6f68b
11 changed files with 116 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
components/efuse/include/esp_efuse.h
View File

@@ -1,5 +1,5 @@
/*
* SPDX-FileCopyrightText: 2017-2022 Espressif Systems (Shanghai) CO LTD
* SPDX-FileCopyrightText: 2017-2023 Espressif Systems (Shanghai) CO LTD
*
* SPDX-License-Identifier: Apache-2.0
*/
@@ -235,7 +235,7 @@ esp_err_t esp_efuse_write_reg(esp_efuse_block_t blk, unsigned int num_reg, uint3
/**
* @brief Return efuse coding scheme for blocks.
*
* Note: The coding scheme is applicable only to 1, 2 and 3 blocks. For 0 block, the coding scheme is always ``NONE``.
* @note The coding scheme is applicable only to 1, 2 and 3 blocks. For 0 block, the coding scheme is always ``NONE``.
*
* @param[in] blk Block number of eFuse.
* @return Return efuse coding scheme for blocks
@@ -708,6 +708,12 @@ esp_err_t esp_efuse_set_write_protect_of_digest_revoke(unsigned num_digest);
*
* The burn of a key, protection bits, and a purpose happens in batch mode.
*
* @note This API also enables the read protection efuse bit for certain key blocks like XTS-AES, HMAC, ECDSA etc.
* This ensures that the key is only accessible to hardware peripheral.
*
* @note For SoC's with capability `SOC_EFUSE_ECDSA_USE_HARDWARE_K` (e.g., ESP32-H2), this API writes an additional
* efuse bit for ECDSA key purpose to enforce hardware TRNG generated k mode in the peripheral.
*
* @param[in] block Block to read purpose for. Must be in range EFUSE_BLK_KEY0 to EFUSE_BLK_KEY_MAX. Key block must be unused (esp_efuse_key_block_unused).
* @param[in] purpose Purpose to set for this key. Purpose must be already unset.
* @param[in] key Pointer to data to write.
@@ -727,6 +733,12 @@ esp_err_t esp_efuse_write_key(esp_efuse_block_t block, esp_efuse_purpose_t purpo
*
* The burn of keys, protection bits, and purposes happens in batch mode.
*
* @note This API also enables the read protection efuse bit for certain key blocks like XTS-AES, HMAC, ECDSA etc.
* This ensures that the key is only accessible to hardware peripheral.
*
* @note For SoC's with capability `SOC_EFUSE_ECDSA_USE_HARDWARE_K` (e.g., ESP32-H2), this API writes an additional
* efuse bit for ECDSA key purpose to enforce hardware TRNG generated k mode in the peripheral.
*
* @param[in] purposes Array of purposes (purpose[number_of_keys]).
* @param[in] keys Array of keys (uint8_t keys[number_of_keys][32]). Each key is 32 bytes long.
* @param[in] number_of_keys The number of keys to write (up to 6 keys).