alex/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2025-08-18 23:54:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

flash encryption: add flash encryption support for ESP32-S3

Browse Source
This commit is contained in:
Marius Vikhammer
2021-07-12 12:45:35 +08:00
parent 5270d8216b
commit b8a322195e
5 changed files with 137 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
components/bootloader_support/src/esp32s3/flash_encryption_secure_features.c
View File

@@ -34,6 +34,7 @@ esp_err_t esp_flash_encryption_enable_secure_features(void)
#ifndef CONFIG_SECURE_BOOT_ALLOW_JTAG
ESP_LOGI(TAG, "Disable JTAG...");
esp_efuse_write_field_bit(ESP_EFUSE_HARD_DIS_JTAG);
esp_efuse_write_field_bit(ESP_EFUSE_DIS_USB_JTAG);
#else
ESP_LOGW(TAG, "Not disabling JTAG - SECURITY COMPROMISED");
#endif

8
components/bootloader_support/src/flash_encrypt.c
View File

@@ -82,7 +82,7 @@ esp_flash_enc_mode_t esp_get_flash_encryption_mode(void)
bool flash_crypt_cnt_wr_dis = false;
#if CONFIG_IDF_TARGET_ESP32
uint8_t dis_dl_enc = 0, dis_dl_dec = 0, dis_dl_cache = 0;
#elif CONFIG_IDF_TARGET_ESP32S2
#elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
uint8_t dis_dl_enc = 0;
uint8_t dis_dl_icache = 0;
uint8_t dis_dl_dcache = 0;
@@ -115,7 +115,7 @@ esp_flash_enc_mode_t esp_get_flash_encryption_mode(void)
if ( dis_dl_cache && dis_dl_enc && dis_dl_dec ) {
mode = ESP_FLASH_ENC_MODE_RELEASE;
}
#elif CONFIG_IDF_TARGET_ESP32S2
#elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
dis_dl_enc = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
dis_dl_icache = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
dis_dl_dcache = esp_efuse_read_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE);
@@ -163,11 +163,11 @@ void esp_flash_encryption_set_release_mode(void)
esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_CACHE);
esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_ENCRYPT);
esp_efuse_write_field_bit(ESP_EFUSE_DISABLE_DL_DECRYPT);
#elif CONFIG_IDF_TARGET_ESP32S2
#elif CONFIG_IDF_TARGET_ESP32S2 || CONFIG_IDF_TARGET_ESP32S3
esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_DCACHE);
#elif CONFIG_IDF_TARGET_ESP32C3
#elif CONFIG_IDF_TARGET_ESP32C3 || CONFIG_IDF_TARGET_ESP32H2
esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_MANUAL_ENCRYPT);
esp_efuse_write_field_bit(ESP_EFUSE_DIS_DOWNLOAD_ICACHE);
#else