- The API esp_flash_encryption_set_release_mode() by defualt programs
the XTS-AES pseudo round level efuse to level low but did not considered
any existing value that would have been programmed in the efuse bit.
For bin log, reserve the first 4 bytes as zero for variables that are pointed to NULL
and should not be printed in the log. So the esp-idf-monitor will skip printing
those variables.
For secure update without secure boot case, the encryption length for
app image must consider signature block length as well. This was
correctly handled for secure boot case but not for secure update without
secure boot.
This commit refactors the flash target creation. Now bootloader and
partition table components add dependencies to the flash target directly
from their component CMakeLists.txt files instead of it being done in
the esptool_py component. The commit also removes the redundant
__esptool_py_setup_main_flash_target() function.
The bootloader build script incorrectly used the `DEPENDS` keyword with the
`add_custom_command(TARGET ...)` signature. This is unsupported, causes
warnings with modern CMake versions enforcing the CMP0175 policy.
This commit also updates the POST_BUILD messages generated during the
bootloader build to depend on more precise CMake targets rather than
depending on the generic bootloader.elf target.
This commit refactors the esptool_py component to provide utility
functions for binary file generation targets instead of creating the
targets. Binary generation targets are now moved to the respective
projects.
The following changes were done in this commit:
- Added __idf_build_binary() function to esptool_py to create the binary
file generation target.
- Added __idf_build_secure_binary() as the secure boot equivalent of the
above function.
- Top level project build now creates its own binary targets in
idf_build_executable() in build.cmake.
- Bootloader and esp_tee subprojects create their binary file generation
targets in their respective CMakeLists.txt files.
- All post-build targets such as the app_size_check target are now
created by the respective projects and not esptool_py.
- General clean-up of the esptool_py cmake files.
- Secure boot V2 verification failed when multiple keys are used to sign the bootloader
and the application is signed with a key other than the first key that is used to
sign the bootloader.
- The issue was introduced as a regression from the commit `ff16ce43`.
- Added a QEMU test for recreating the issue.
- Made SECURE_BOOT_FLASH_BOOTLOADER_DEFAULT independent of SECURE_BOOT_BUILD_SIGNED_BINARIES.
feat(bootloader_support): enabled RSA based secure boot scheme for ESP32C5 ECO1
Closes IDF-10453 and IDF-11441
See merge request espressif/esp-idf!35104
This commit enabled RSA based secure boot scheme for ESP32C5 ECO1 module.
This update also adds a check to ensure the selected secure boot scheme is
valid for ECO0 modules.
