Improve flash encryption documentation and add Development & Release modes

This MR improves existing flash encryption document to provide simplified steps Adds two new modes for user: Development & Release Adds a simple example Supports encrypted write through make command
2025-08-09 20:41:14 +00:00 · 2019-01-21 22:14:56 +08:00
parent beaefd3359
commit a68c7c21e1
22 changed files with 924 additions and 247 deletions
--- a/components/esp32/cpu_start.c
+++ b/components/esp32/cpu_start.c
@@ -62,7 +62,7 @@
 #include "esp_core_dump.h"
 #include "esp_app_trace.h"
 #include "esp_private/dbg_stubs.h"
-#include "esp_efuse.h"
+#include "esp_flash_encrypt.h"
 #include "esp32/spiram.h"
 #include "esp_clk_internal.h"
 #include "esp_timer.h"
@@ -202,6 +202,20 @@ void IRAM_ATTR call_start_cpu0()
        abort();
    }
    ESP_EARLY_LOGI(TAG, "Starting app cpu, entry point is %p", call_start_cpu1);
+    
+    esp_flash_enc_mode_t mode;
+    mode = esp_get_flash_encryption_mode();
+    if (mode == ESP_FLASH_ENC_MODE_DEVELOPMENT) {
+#ifdef CONFIG_SECURE_FLASH_ENCRYPTION_MODE_RELEASE
+        ESP_EARLY_LOGE(TAG, "Flash encryption settings error: mode should be RELEASE but is actually DEVELOPMENT");
+        ESP_EARLY_LOGE(TAG, "Mismatch found in security options in menuconfig and efuse settings");
+#else
+        ESP_EARLY_LOGW(TAG, "Flash encryption mode is DEVELOPMENT");
+#endif
+    } else if (mode == ESP_FLASH_ENC_MODE_RELEASE) {
+        ESP_EARLY_LOGI(TAG, "Flash encryption mode is RELEASE");
+    }
+
    //Flush and enable icache for APP CPU
    Cache_Flush(1);
    Cache_Read_Enable(1);