alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-14 22:16:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(bootloader): self encryption workflow in bootloader not working on C5

Browse Source 
Added explicit wait for key manager state to be idle before configuring
the register for flash encryption key usage from efuse. This now ensures
that flash contents are encrypted using efuse programmed key.

Also refactored code a bit to move into target specific directory.
This commit is contained in:
Mahavir Jain
2024-09-18 17:00:54 +05:30
parent 216e653de4
commit 336f938110
4 changed files with 68 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

37
components/bootloader_support/src/flash_encryption/flash_encrypt.c
View File

@@ -15,17 +15,7 @@
#include "esp_efuse_table.h"
#include "esp_log.h"
#include "hal/wdt_hal.h"
// Need to remove check and merge accordingly for ESP32C5 once key manager support added in IDF-8621
#if SOC_KEY_MANAGER_FE_KEY_DEPLOY || CONFIG_IDF_TARGET_ESP32C5
#if CONFIG_IDF_TARGET_ESP32C5
#include "soc/keymng_reg.h"
#include "soc/pcr_reg.h"
#else /* CONFIG_IDF_TARGET_ESP32C5 */
#include "hal/key_mgr_ll.h"
#include "hal/mspi_timing_tuning_ll.h"
#endif /* !CONFIG_IDF_TARGET_ESP32C5 */
#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY */
#include "sdkconfig.h"
#ifdef CONFIG_SOC_EFUSE_CONSISTS_OF_ONE_KEY_BLOCK
#include "soc/sensitive_reg.h"
@@ -221,26 +211,6 @@ static esp_err_t check_and_generate_encryption_keys(void)
}
ESP_LOGI(TAG, "Using pre-loaded flash encryption key in efuse");
}
// Need to remove check for ESP32C5 and merge accordingly once key manager support added in IDF-8621
#if SOC_KEY_MANAGER_FE_KEY_DEPLOY || CONFIG_IDF_TARGET_ESP32C5
#if CONFIG_IDF_TARGET_ESP32C5
REG_SET_FIELD(KEYMNG_STATIC_REG, KEYMNG_USE_EFUSE_KEY, 2);
REG_SET_BIT(PCR_MSPI_CLK_CONF_REG, PCR_MSPI_AXI_RST_EN);
REG_CLR_BIT(PCR_MSPI_CLK_CONF_REG, PCR_MSPI_AXI_RST_EN);
#else /* CONFIG_IDF_TARGET_ESP32C5 */
// Enable and reset key manager
// To suppress build errors about spinlock's __DECLARE_RCC_ATOMIC_ENV
int __DECLARE_RCC_ATOMIC_ENV __attribute__ ((unused));
key_mgr_ll_enable_bus_clock(true);
key_mgr_ll_enable_peripheral_clock(true);
key_mgr_ll_reset_register();
while (key_mgr_ll_get_state() != ESP_KEY_MGR_STATE_IDLE) {
};
// Force Key Manager to use eFuse key for XTS-AES operation
key_mgr_ll_set_key_usage(ESP_KEY_MGR_XTS_AES_128_KEY, ESP_KEY_MGR_USE_EFUSE_KEY);
_mspi_timing_ll_reset_mspi();
#endif /* !CONFIG_IDF_TARGET_ESP32C5 */
#endif /* SOC_KEY_MANAGER_FE_KEY_DEPLOY */
return ESP_OK;
}
@@ -288,6 +258,11 @@ esp_err_t esp_flash_encrypt_contents(void)
REG_WRITE(SENSITIVE_XTS_AES_KEY_UPDATE_REG, 1);
#endif
// TODO: Remove C5 target config after key manager LL support- see IDF-8621
#if CONFIG_SOC_KEY_MANAGER_FE_KEY_DEPLOY || CONFIG_IDF_TARGET_ESP32C5
esp_flash_encryption_enable_key_mgr();
#endif
err = encrypt_bootloader();
if (err != ESP_OK) {
return err;