fix(hal): Make the ECDSA countermeasure dynamically applicable

This commit makes the ECDSA countermeasure dynamically applicable across different revisions of the ESP32H2 SoC.
2025-09-08 00:13:20 +00:00 · 2024-12-10 17:57:26 +05:30
parent 6875cbf022
commit bef2a72ecb
6 changed files with 24 additions and 11 deletions
--- a/components/esp_security/src/init.c
+++ b/components/esp_security/src/init.c
@@ -12,6 +12,8 @@
 #include "esp_efuse_table.h"
 #include "esp_security_priv.h"
 #include "esp_err.h"
+#include "hal/efuse_hal.h"
+
 #if SOC_KEY_MANAGER_ECDSA_KEY_DEPLOY || SOC_KEY_MANAGER_FE_KEY_DEPLOY
 #include "hal/key_mgr_ll.h"
 #endif
@@ -41,7 +43,13 @@ ESP_SYSTEM_INIT_FN(esp_security_init, SECONDARY, BIT(0), 103)
 #endif

 #if CONFIG_ESP_CRYPTO_FORCE_ECC_CONSTANT_TIME_POINT_MUL
-    if (!esp_efuse_read_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME)) {
+    bool force_constant_time = true;
+#if CONFIG_IDF_TARGET_ESP32H2
+    if (!ESP_CHIP_REV_ABOVE(efuse_hal_chip_revision(), 102)) {
+        force_constant_time = false;
+    }
+#endif
+    if (!esp_efuse_read_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME) && force_constant_time) {
        ESP_EARLY_LOGD(TAG, "Forcefully enabling ECC constant time operations");
        esp_err_t err = esp_efuse_write_field_bit(ESP_EFUSE_ECC_FORCE_CONST_TIME);
        if (err != ESP_OK) {